Certificate does not works when deploy the store app package by powershell

Question

 I request a remote Odata service with a PFX certificate as authentication in windows universal app, it works well, but after I create a package by visual studio 2013, and deploy the app with Powershell, then run the app, access web service failed, seems the certificate not works.

Any help is highly appreciated.

My code below:

string certRawData = StringEncryptionHelper.Decrypt(ConfigurationLoader.ApplicationSettings.CertificateData.RawData);
string certPassword = StringEncryptionHelper.Decrypt(ConfigurationLoader.ApplicationSettings.CertificateData.Password);

await CertificateEnrollmentManager.ImportPfxDataAsync(certRawData,
    certPassword,
    ExportOption.Exportable,
    KeyProtectionLevel.NoConsent,
    InstallOptions.None,
    ConfigurationLoader.ApplicationSettings.CertificateData.FriendlyName);

CertificateQuery certQuery = new CertificateQuery { FriendlyName = ConfigurationLoader.ApplicationSettings.CertificateData.FriendlyName };
IReadOnlyList<Windows.Security.Cryptography.Certificates.Certificate> certs = await CertificateStores.FindAllAsync(certQuery);

certificate = certs.FirstOrDefault();
var protolFilter = new HttpBaseProtocolFilter { ClientCertificate = certificate };
var client = new HttpClient(protolFilter);
HttpResponseMessage result = await client.GetAsync(requestUri);

Answer 1

Can you let us know how the server responds?  What is the HTTP status code?

---

Matt Small - Microsoft Escalation Engineer - Forum Moderator
If my reply answers your question, please mark this post as answered.

NOTE: If I ask for code, please provide something that I can drop directly into a project and run (including XAML), or an actual application project. I'm trying to help a lot of people, so I don't have time to figure out weird snippets with undefined objects and unknown namespaces.

Answer 2

Thanks Matt's reply.

The server responses 404: resource not found. In general, if we does not specify certificate or select a wrong certificate, the server will return 404, I can validate this behavior by IE browser.

So I suppose that certificate doesn't works in our app that deployed.

Answer 3

That does not match up to what I would expect.  403 is the standard response when the certificate isn't correct for accessing a site. 404 is trying to access a resource that doesn't exist. I think you are trying to reach a website which is unreachable from the computer where you've deployed the app.

---

Matt Small - Microsoft Escalation Engineer - Forum Moderator
If my reply answers your question, please mark this post as answered.

NOTE: If I ask for code, please provide something that I can drop directly into a project and run (including XAML), or an actual application project. I'm trying to help a lot of people, so I don't have time to figure out weird snippets with undefined objects and unknown namespaces.

Answer 4

Thanks Matt's again.

Yes, 403 is the standard response when the certificate isn't correct. But in our service project, exists 2 kinds resource, e.g. A and B. If access A without cert, return 200, if access B without cert, return 404. it's a confused design, but they did.

So I can make sure my issue is caused by certificate.

Answer 5

I would suggest that you open a support case for this issue for best assistance.

---

Matt Small - Microsoft Escalation Engineer - Forum Moderator
If my reply answers your question, please mark this post as answered.

NOTE: If I ask for code, please provide something that I can drop directly into a project and run (including XAML), or an actual application project. I'm trying to help a lot of people, so I don't have time to figure out weird snippets with undefined objects and unknown namespaces.