Solved

How to configure C# NET console app to send  a client cert to external web service

Posted on 2011-02-25
10
1,421 Views
Last Modified: 2012-08-14
I am working on a C# console application that makes a call to an external web service to retrieve data. However for identification in production , I cannot send user id and password instead I have to send the client certificate which was provided to me by the external vendor (Mutual SSL Authentication).

Right now I have the console application running with simple user id and password to TEST my business logic, now I have to replace id/password with the client certificate.This is where I am stuck, I have no clue on how to proceed from here.I am currently testing it on my laptop and will eventually deploy the application on production Windows 2008 server.

Do I embed the certificate "somehow" within the C# CONSOLE application code, I am not that good with certificates. I am sorry I need STEP BY STEP instructions(with code samples is even better). PLEASE any help is appreciated as I have a deadline to meet.
0
Comment
Question by:vemi007
  • 4
  • 2
  • 2
  • +1
10 Comments
 
LVL 9

Expert Comment

by:rawinnlnx9
ID: 34984931
This does a good job of explaining how to do it.

http://www.codeproject.com/KB/XML/BeginnerWebService.aspx
0
 

Author Comment

by:vemi007
ID: 34985032
I already build the client to consume the web service as explained above. BUT i wrote code to consume web service using id and password. I need assistance and help with using a client certificate instead of id/password in the code. Your link does not show me anything related to using client certificate within my C# code.
0
 

Author Comment

by:vemi007
ID: 35002704
can anyone please respond to my Q above ?
0
Courses: Start Training Online With Pros, Today

Brush up on the basics or master the advanced techniques required to earn essential industry certifications, with Courses. Enroll in a course and start learning today. Training topics range from Android App Dev to the Xen Virtualization Platform.

 
LVL 17

Accepted Solution

by:
Jesse Houwing earned 400 total points
ID: 35006606
If you're using WCF for your webservices (you really should), then it's all configurable from the .config file. See also:

How to: Use Certificate Authentication and Transport Security in WCF Calling from Windows Forms
http://msdn.microsoft.com/en-us/library/ff650785.aspx

Alternative walkthrough:
http://blogs.ugidotnet.org/cfolini/archive/2008/01/04/90561.aspx

0
 
LVL 22

Expert Comment

by:pivar
ID: 35006627
Hi,

Attached you'll find code doing this.

The certificate is added on server with Microsoft cert tool. You can find the thumbprint (which is only one way to identify the cert) in the details dialog in the tool.

The GetCertificate method are checking the LocalMachine and CurrentUser (if needed) stores.


/peter

private X509Certificate2 GetCertificate(string thumbprint) {
		X509Store store = new X509Store(StoreName.My, StoreLocation.LocalMachine);
		store.Open(OpenFlags.ReadOnly | OpenFlags.OpenExistingOnly);
		X509Certificate2Collection coll = store.Certificates.Find(X509FindType.FindByThumbprint, thumbprint, true);
		X509Certificate2 x509 = coll.Count == 0 ? null : coll[0];

		if (x509 == null)	{
			store = new X509Store(StoreName.My, StoreLocation.CurrentUser);
			store.Open(OpenFlags.ReadOnly | OpenFlags.OpenExistingOnly);
			coll = store.Certificates.Find(X509FindType.FindByThumbprint, thumbprint, true);
			x509 = coll.Count == 0 ? null : coll[0];
		}
		return x509;
    }

    protected void CallWS() {
        WSService ws = new WS.WSWSService();
		X509Certificate2 x509 = GetCertificate(Settings.GetCertThumbMissiveWS());
		if (x509 == null) {
		// Cert not found
		  return;
		}

		ws.Credentials = CredentialCache.DefaultCredentials;
		ws.ClientCertificates.Add(x509);
		ws.Call();

Open in new window

0
 

Author Comment

by:vemi007
ID: 35010483
ToAoM: Thanks for the info .. looks like based on the info in your links , no programming is necessary to use the client certificate with the call, it just needs to be in "app.config".

pivar:
Your code is to add the certificate runtime and you have it programmed within the code. I do have a Q you said for the GetCertificate method I should pass the "thumbprint" as string, in your code below when you  make the call to the method you are passing the value from "Settings" (Settings.GetCertThumbMissiveWS()), so was wondering how you added the method (GetCertThumbMissiveWS()) to the settings in the project ?
0
 
LVL 17

Expert Comment

by:Jesse Houwing
ID: 35010599
Yes, that is correct. You should be able to configure all from the app.config if you're using a WCF service reference.

Pivars example applies to classic style webservices, but can also be applied to WCF if wanted. In my opinion configuring it all in the app.config is desirable.
0
 
LVL 22

Expert Comment

by:pivar
ID: 35010940
No Settings is my own config class. Which maps to a xml file.
Not the .net. Sorry for the confusion.
0
 

Author Closing Comment

by:vemi007
ID: 35011921
Thanks for your assistance.
0

Featured Post

Courses: Start Training Online With Pros, Today

Brush up on the basics or master the advanced techniques required to earn essential industry certifications, with Courses. Enroll in a course and start learning today. Training topics range from Android App Dev to the Xen Virtualization Platform.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Calculating holidays and working days is a function that is often needed yet it is not one found within the Framework. This article presents one approach to building a working-day calculator for use in .NET.
SSL stands for “Secure Sockets Layer” and an SSL certificate is a critical component to keeping your website safe, secured, and compliant. Any ecommerce website must have an SSL certificate to ensure the safe handling of sensitive information like…
Migrating to Microsoft Office 365 is becoming increasingly popular for organizations both large and small. If you have made the leap to Microsoft’s cloud platform, you know that you will need to create a corporate email signature for your Office 365…
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …

813 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now