none
Ignore SSL certificate within web service client RRS feed

  • Question

  • Hi all,

    I'm writing a C# web service client application to access a web service provided by a JBOSS server over HTTPS. The certificate the server uses is not from a well-known organization (self-signed) so my client seems to have issues authenticating. I get the following error:

    Error while performing the web service call : An error occurred while making the HTTP request to https://192.168.227.227:8080/axis/services/TheWebService. This could be due to the fact that the server certificate is not configured properly with HTTP.SYS in the HTTPS case. This could also be caused by a mismatch of the security binding between the client and the server.

    Here is my code in the client:

    TheWebService.TheWebServicePortTypeClient client = new TheWebService.TheWebServicePortTypeClient("TheWebServiceSOAP12port_https");
                //client.
                client.ClientCredentials.UserName.UserName = "TEST\\Administrator";
                client.ClientCredentials.UserName.Password = "whatever";
                client.sendMessage("", "192.168.227.236", "user1", "", 0L, 0L, "");

    And here is my application.exe.config file:

    <?xml version="1.0" encoding="utf-8" ?>
    <configuration>
      <system.serviceModel>
        <bindings>
          <basicHttpBinding>
            <binding name="TheWebServiceSOAP11Binding" closeTimeout="00:01:00"
              openTimeout="00:01:00" receiveTimeout="00:10:00" sendTimeout="00:01:00"
              allowCookies="false" bypassProxyOnLocal="false" hostNameComparisonMode="StrongWildcard"
              maxBufferSize="65536" maxBufferPoolSize="524288" maxReceivedMessageSize="65536"
              messageEncoding="Text" textEncoding="utf-8" transferMode="Buffered"
              useDefaultWebProxy="true">
              <readerQuotas maxDepth="32" maxStringContentLength="8192" maxArrayLength="16384"
                maxBytesPerRead="4096" maxNameTableCharCount="16384" />
              <security mode="Transport">
                <transport clientCredentialType="None" proxyCredentialType="None"
                  realm="" />
                <message clientCredentialType="UserName" algorithmSuite="Default" />
              </security>
            </binding>
            <binding name="TheWebServiceSOAP11Binding1" closeTimeout="00:01:00"
              openTimeout="00:01:00" receiveTimeout="00:10:00" sendTimeout="00:01:00"
              allowCookies="false" bypassProxyOnLocal="false" hostNameComparisonMode="StrongWildcard"
              maxBufferSize="65536" maxBufferPoolSize="524288" maxReceivedMessageSize="65536"
              messageEncoding="Text" textEncoding="utf-8" transferMode="Buffered"
              useDefaultWebProxy="true">
              <readerQuotas maxDepth="32" maxStringContentLength="8192" maxArrayLength="16384"
                maxBytesPerRead="4096" maxNameTableCharCount="16384" />
              <security mode="None">
                <transport clientCredentialType="None" proxyCredentialType="None"
                  realm="" />
                <message clientCredentialType="UserName" algorithmSuite="Default" />
              </security>
            </binding>
          </basicHttpBinding>
          <customBinding>
            <binding name="TheWebServiceSOAP12Binding">
              <textMessageEncoding maxReadPoolSize="64" maxWritePoolSize="16"
                messageVersion="Soap12" writeEncoding="utf-8">
                <readerQuotas maxDepth="32" maxStringContentLength="8192" maxArrayLength="16384"
                  maxBytesPerRead="4096" maxNameTableCharCount="16384" />
              </textMessageEncoding>
              <httpsTransport manualAddressing="false" maxBufferPoolSize="524288"
                maxReceivedMessageSize="65536" allowCookies="false" authenticationScheme="Anonymous"
                bypassProxyOnLocal="false" decompressionEnabled="true" hostNameComparisonMode="StrongWildcard"
                keepAliveEnabled="true" maxBufferSize="65536" proxyAuthenticationScheme="Anonymous"
                realm="" transferMode="Buffered" unsafeConnectionNtlmAuthentication="false"
                useDefaultWebProxy="true" requireClientCertificate="false" />
            </binding>
          </customBinding>
        </bindings>
        <client>
          <endpoint address="https://192.168.227.227:8080/axis/services/TheWebService"
            binding="basicHttpBinding" bindingConfiguration="TheWebServiceSOAP11Binding"
            contract="TheWebService.TheWebServicePortType"
            name="TheWebServiceSOAP11port_https" />
          <endpoint address="http://192.168.227.227:8080/axis/services/TheWebService"
            binding="basicHttpBinding" bindingConfiguration="TheWebServiceSOAP11Binding1"
            contract="TheWebService.TheWebServicePortType"
            name="TheWebServiceSOAP11port_http1" />
          <endpoint address="https://192.168.227.227:8080/axis/services/TheWebService"
            binding="customBinding" bindingConfiguration="TheWebServiceSOAP12Binding"
            contract="TheWebService.TheWebServicePortType"
            name="TheWebServiceSOAP12port_https" />
          <endpoint address="http://192.168.227.227:8080/axis/services/TheWebService"
            binding="customBinding" bindingConfiguration="TheWebServiceSOAP12Binding"
            contract="TheWebService.TheWebServicePortType"
            name="TheWebServiceSOAP12port_http1" />
        </client>
      </system.serviceModel>
    </configuration>

    Easiest solution would be to have the client ignore the server certificate (I don't care about that at this stage) - but I tried inserting this code into my client but it doesn't seem to be called at all and has zero effect (same error message):

     ServicePointManager.ServerCertificateValidationCallback += 
            new RemoteCertificateValidationCallback(ValidateCertificate);
     public static bool ValidateCertificate(object sender, X509Certificate cert, X509Chain chain, SslPolicyErrors sslPolicyErrors)
        {
          return true;
        }

    Thanks a lot in advance!

    Kurt

     

     

    Friday, December 10, 2010 9:56 AM

Answers

  • what's surprising is that you set the client username credentials in code but the binding configuration does not require these at all.

    can you turn on Fiddler and WCF log on the client and see if something is actually sent?

    when you access the endpoint (and also its wsdl url) from IE do you also get an error?

    try to make a dummy call using Webclient and see if you get this error or another.

    http://webservices20.blogspot.com/
    WCF Security, Interoperability And Performance Blog
    • Marked as answer by kurttheman Friday, December 10, 2010 4:40 PM
    Friday, December 10, 2010 10:04 AM

All replies

  • what's surprising is that you set the client username credentials in code but the binding configuration does not require these at all.

    can you turn on Fiddler and WCF log on the client and see if something is actually sent?

    when you access the endpoint (and also its wsdl url) from IE do you also get an error?

    try to make a dummy call using Webclient and see if you get this error or another.

    http://webservices20.blogspot.com/
    WCF Security, Interoperability And Performance Blog
    • Marked as answer by kurttheman Friday, December 10, 2010 4:40 PM
    Friday, December 10, 2010 10:04 AM
  • Hi,

    the web service does require authentication using credentials - not sure, maybe I also need to change something in the binding configuration for that?

    I'm pretty new to web services so I need to work my way through on how to use Fiddler on HTTPS, the WCF log and the webclient tool - I will report back on that later.

    Yes, the browser also gives me

    a) a certificate warning which I need to manually ignore

    b) a request to provide user credentials

    after that, I can successfully see the wsdl code.

    I actually build my code on one machine but test it (deploy it) on another server. I just tried to run the code on my machine in debugging and it gave me a "TypeInitializationException" saying: The type initializer for 'System.Net.ServicePointManager' threw an exception. This is for the following code section:

    ServicePointManager.ServerCertificateValidationCallback += 
            new RemoteCertificateValidationCallback(ValidateCertificate);

    This could actually be the reason why the callback doesn't work? any idea what I'm doing wrong here?

    Thanks

    Kurt

    Friday, December 10, 2010 10:43 AM
  • Using Fiddler I could see that my web service client tried to connect to the wrong port (8080 instead of 8443). After changing this in the config, I got the error message that I was using authentication scheme "Anonymous" but the server was expecting "Basic" and a realm "The Web Service".
    After adjusting these settings I got the error that the HTTP version is not supported by the server (505).
    So I changed keepAlive to "false" in the config. Now I am stuck at this point with the following error message:


    The HTTP request is unauthorized with client authentication scheme 'Basic'. The authentication header received from the server was 'Basic realm="The Web Service"'.

    But as far as I understand my config, that's exactly what I configured here:
    <?xml version="1.0" encoding="utf-8" ?>
    <configuration>
        <system.serviceModel>
            <bindings>
                <basicHttpBinding>
                    <binding name="TheWebServiceSOAP11Binding" closeTimeout="00:01:00"
                        openTimeout="00:01:00" receiveTimeout="00:10:00" sendTimeout="00:01:00"
                        allowCookies="false" bypassProxyOnLocal="false" hostNameComparisonMode="StrongWildcard"
                        maxBufferSize="65536" maxBufferPoolSize="524288" maxReceivedMessageSize="65536"
                        messageEncoding="Text" textEncoding="utf-8" transferMode="Buffered"
                        useDefaultWebProxy="true">
                        <readerQuotas maxDepth="32" maxStringContentLength="8192" maxArrayLength="16384"
                            maxBytesPerRead="4096" maxNameTableCharCount="16384" />
                        <security mode="Transport">
                            <transport clientCredentialType="None" proxyCredentialType="None"
                                realm="" />
                            <message clientCredentialType="UserName" algorithmSuite="Default" />
                        </security>
                    </binding>
                    <binding name="TheWebServiceSOAP11Binding1" closeTimeout="00:01:00"
                        openTimeout="00:01:00" receiveTimeout="00:10:00" sendTimeout="00:01:00"
                        allowCookies="false" bypassProxyOnLocal="false" hostNameComparisonMode="StrongWildcard"
                        maxBufferSize="65536" maxBufferPoolSize="524288" maxReceivedMessageSize="65536"
                        messageEncoding="Text" textEncoding="utf-8" transferMode="Buffered"
                        useDefaultWebProxy="true">
                        <readerQuotas maxDepth="32" maxStringContentLength="8192" maxArrayLength="16384"
                            maxBytesPerRead="4096" maxNameTableCharCount="16384" />
                        <security mode="None">
                            <transport clientCredentialType="None" proxyCredentialType="None"
                                realm="" />
                            <message clientCredentialType="UserName" algorithmSuite="Default" />
                        </security>
                    </binding>
                </basicHttpBinding>
                <customBinding>
                    <binding name="TheWebServiceSOAP12Binding">
                        <textMessageEncoding maxReadPoolSize="64" maxWritePoolSize="16"
                            messageVersion="Soap12" writeEncoding="utf-8">
                            <readerQuotas maxDepth="32" maxStringContentLength="8192" maxArrayLength="16384"
                                maxBytesPerRead="4096" maxNameTableCharCount="16384" />
                        </textMessageEncoding>
                        <httpsTransport manualAddressing="false" maxBufferPoolSize="524288"
                            maxReceivedMessageSize="65536" allowCookies="false" authenticationScheme="Basic"
                            bypassProxyOnLocal="false" decompressionEnabled="true" hostNameComparisonMode="StrongWildcard"
                            keepAliveEnabled="false" maxBufferSize="65536" proxyAuthenticationScheme="Anonymous"
                            realm="The Web Service" transferMode="Buffered" unsafeConnectionNtlmAuthentication="false"
                            useDefaultWebProxy="true" requireClientCertificate="false" />
                    </binding>
                </customBinding>
            </bindings>
            <client>
                <endpoint address="https://192.168.227.227:8443/axis/services/TheWebService"
                    binding="basicHttpBinding" bindingConfiguration="TheWebServiceSOAP11Binding"
                    contract="TheWebService.TheWebServicePortType"
                    name="TheWebServiceSOAP11port_https" />
                <endpoint address="http://192.168.227.227:8080/axis/services/TheWebService"
                    binding="basicHttpBinding" bindingConfiguration="TheWebServiceSOAP11Binding1"
                    contract="TheWebService.TheWebServicePortType"
                    name="TheWebServiceSOAP11port_http1" />
                <endpoint address="https://192.168.227.227:8443/axis/services/TheWebService"
                    binding="customBinding" bindingConfiguration="TheWebServiceSOAP12Binding"
                    contract="TheWebService.TheWebServicePortType"
                    name="TheWebServiceSOAP12port_https" />
                <endpoint address="http://192.168.227.227:8080/axis/services/TheWebService"
                    binding="customBinding" bindingConfiguration="TheWebServiceSOAP12Binding"
                    contract="TheWebService.TheWebServicePortType"
                    name="TheWebServiceSOAP12port_http1" />
            </client>
        </system.serviceModel>
    </configuration>

    In my code I use the following client configuration:
    TheWebService.TheWebServicePortTypeClient client = new TheWebService.TheWebServicePortTypeClient("TheWebServiceSOAP12port_https");

    Any idea what might still be wrong here?

    Thanks in advance
    Kurt

    Friday, December 10, 2010 2:45 PM
  • Hi,

    I got it working - the final issue was a wrong password - I changed it before I posted my code to the forum and forgot to revert the change - stupid me ;)

    Still the error message is very confusing: it should say something like "unknown user/pass" or similar but it gives my "authentication scheme 'Basic' ...."

    I will mark Yaron's reply as answer as it helped me find the solution - Thanks!

     

    Kurt

    Friday, December 10, 2010 4:40 PM