.NET Tutorials, Forums, Interview Questions And Answers
Welcome :Guest
Sign In
Win Surprise Gifts!!!

Top 5 Contributors of the Month
Gaurav Pal
Post New Web Links

How to sign a message using 2 client's X509 certificates?

Posted By:      Posted Date: September 17, 2010    Points: 0   Category :WCF
Hi,   We have a requirement to sign each WCF message using two X509 certficiates: - company certificate - user certificate I have found out that I could achieve this using Supporting Credentials, but I am not sure how to set the certificates on the client's side. All examples that I found were using different types of credentials and were using these properties: - proxy.ClientCredentials.ClientCertificate - proxy.ClientCredentials.UserName.UserName   Any insight would be greatly appreciated.

View Complete Post

More Related Resource Links

Sign outgoing body from client with custom endpoing behavior defined in code

I'm trying to sign (and sign only) the body of every outgoing message that uses this custom endpoint behavior.  When I first created this it was for signing a custom SOAP header.  We are moving away from that and going to just sign the body.  We have some applications that have 10+ web service references.  We don't want to touch the reference.cs for anything.  Below is the code I had before for signing the custom soap header.  I'm trying to modify it to just sign the body.  My modified code is below, and the error I get. Private Class CustomHeaderBehavior Implements ServiceModel.Description.IEndpointBehavior Public Sub New() End Sub Private Sub AddBindingParameters( _ ByVal endpoint As ServiceModel.Description.ServiceEndpoint, _ ByVal bindingParameters As ServiceModel.Channels.BindingParameterCollection) _ Implements ServiceModel.Description.IEndpointBehavior.AddBindingParameters Dim body As New Xml.XmlQualifiedName("Body", "http://schemas.xmlsoap.org/soap/envelope/") Dim BodyMsgPartSpec As New ServiceModel.Security.MessagePartSpecification() BodyMsgPartSpec.IsBodyIncluded = True Dim requirements As ServiceModel.Security.ChannelProtectionRequirements = bindingParameters.Remove(Of ServiceModel.Security.ChannelProtectionRequirements)() requirements

WCF Message Security using Certificates

I am new to wfc programming and trying to understand security aspects ('message' using certificates). I am using windows 7 and visual studio 2010. I have a few questions about how I have implemented wfc. I have a win forms app that will talk over the web to a wfc service. I need to make sure the message is encrypted enroute. This is an admin application and will be used only by me. I created certificates on my Dev machine and edited the web.config and app.config. This works. The problem is when I right click the service reference and select update service refernce, the app.config is overwritten. The identity element is removed and behior ref is removed  and now the app will not connect to the service any more. I am including my web.config and app.config (before and after updating svc ref) below. Please advice me on what I am doing wrong. Also please let me know if this is the right way to do it. While creating the certificates I wasnt prompted for any passwords, not sure why. Can I use this type of certificate eventually when I go live ? what are the risk if this is not advisable ? Thanks in advance for you help. certificate creation and installation //server makecert.exe -sr CurrentUser -ss My -a sha1 -n CN=TradeService -sky exchange -pe certmgr.exe -add -r CurrentUser -s My -c -n TradeService -r CurrentUser -s TrustedPeople    //client makecert.exe -sr Cu

How can a C# client app list the authorized CA certificates sent by a web server over an SSL connect

Hello, I am currently writting a C# client application that must access a web page over SSL authentication, having the Client authentication required. I know that the SSL protocol defines that the web server sends the list of authorized Certification Authority that the web server can trust for the SLL session to be successful. My client application has to filter a X509Certificate collection in order to popup a Certificate Selection dialog box to the user. I fould like to only display certificates that the web server would accept. I already have filtered the certificates according to the "Client Authentication" Enhanced Key Usage and other stuf. I know how to set the client certificate to be used for SLL conection, but I just would like to access the CA cert list provided by the server.   Could someone help me ? Thanks a lot !

x509 - Client Certificate infrastructure for Asp.Net question

I dont have a lot of background with SSL and X509 configuration and support with my Asp.Net application, so I was wondering if someone can explain or point me in the right direction to MSDN or any other article or posting explaining if it's possible to do what I am looking to support in my environment.I have IIS 6.0 with SSL (Verisign cert) as well as "Require client certificates" working against a local installation of Microsoft Certificate Services, https://<domain>/certsrv, where users can request and install client certs (both xp clients for basic mode, and Vista/7 for advance mode).Here's what I am up against:I have a segment of users coming from a virtualized server environment where this environment does not store personal settings for more than 48 hours. It's not an internet cafe, but rather an actual business where their IT staff uses server images to reimage each virtual server in the farm every 48hrs. Thus losing all users data in the "Current Users" Certificate Stores.The IT staff give users a network folder share to store any personal items (docs, spreadsheets, links, etc.). The servers consist of Windows Server 2003, and will be migrating to Windows Server 2008 in the next 6-9 months.These users have rights in Internet Explorer to navigate to my certsrv site and use activex to to request and install certificates then clode and

WCF and certificates : "The client certificate is not provided."

Hi,I'm having a hard time to get certificates working with my WCF application and I keep getting the error: "The client certificate is not provided. Specify a client certificate in ClientCredentials."I am using a free trial certificate by Verisign and I have done the following things on a local XP Pro machine:VeriSign Trial Secure Server CA - G2 certificate is installed in the Personal => CerficatesVeriSign Trial Secure Server Root CA - G2 certificate is installed in the Trusted Root Certification Authorities => CertificatesI am using the following kind of binding configuration settings: *** Client web.config ******<binding name="CertificateBinding" maxReceivedMessageSize="4194304">          <security mode="Message">            <message clientCredentialType="Certificate" />          </security>        </binding><endpoint address="http://localhost/MyWcfApplication/Service1.svc"        binding="wsHttpBinding" bindingConfiguration="CertificateBinding"        contract="ServiceReference1.IService1" name=&qu

Communicating with webservices using client certificates

We are facing an issue with our .NET (2.0) application consuming a Java web service that requires client certificates. Context     Java web service running on JBoss              requires a client certificate signed by internal CA (child of internal Root CA)              has a server certificate signed by the same internal CA for authenticating itself to a consumer       .NET 2.0 Windows Application (running on an XP workstation) consuming the above Java web service               XP workstation has a client certificate (signed by internal CA) is installed in the local machine personal store             XP workstation has the internal CA and internal Root CA installed in the local machine, trusted root certification authorities hive             Visual Studio 2005 debugger shows that the client certificate is successfully retrieved from the personal store and being attached to the web service proxy             however, exception is thrown at the point of invoking the web service method             exception is: The request was aborted: Could not create SSL/TLS secure channel.                  Appears from the trace log that the initial retrieval of client certificate from the local machine personal store is successful - ---------------------------------------------------------- System.Net Information: 0 : [7480] SecureChannel#16263241 - Attempting to restart the session using th

ASP.net UPS void wsdl error message 'exception has been raised as a result of client data'


exception has been raised as a result of client data. at System.Web.Services.Protocols.SoapHttpClientProtocol.ReadResponse(SoapClientMessage message, WebResponse response, Stream responseStream, Boolean asyncCall) at System.Web.Services.Protocols.SoapHttpClientProtocol

Void shipment erro message; I can't determine how to resolve error.  at ***

The following is the code for ups void shipment wsdl...

protected void wsdlRate()


RateWSs.RateRequest rateReq = new RateRequest();RateWSs.UPSSecurity rateSecurity = new RateWSs.UPSSecurity(); RateWSs.UPSSecurityServiceAccessToken rateToken = new RateWSs.UPSSecurityServiceAccessToken

Event receiver validation client message


Is thera a way to display a client message if validation sets. (java script or inline validation error message)

properties.Status = SPEventReceiverStatus.CancelWithError;

properties.Cancel =



properties.ErrorMessage =


Sign outgoing client request SOAP body with WSE 3.0



We currently have the code in WCF to sign the outgoing client requests' SOAP Body, however we need the same code for use with WSE 3.0.  I can't find any examples of this.  

Is it possible?  If so, does anyone have an example?

Thank you,

Client side prompting message at runtime


Hi guys,

i am working in a web form (VB.NET ) in which for certain transaction i need the user OK to continue or not.

all what i found is about adding onClick event handler for buttons, but in my case there is no button to click , it's a process in which i retrieved data from database and if that data met specific conditions then a message of OK Cancel should appear to the user prompting him if he would like to continue in that transaction .

any help!

Create Email Message and Send to Client For Review before Sending


Please read this post carefully. I am not looking to actually send an email using ASP.NET. 

I am looking for a means by which ASP.NET can create an Outlook MailItem and stream it to the client machine for the user to review prior to sending. I know that its possible to create files such as Word docs and Excel spreadsheets an then stream them, but I don't know how to do it with ASP.NET.

How to properly create SOAP Request that has x509 signed message body and unsigned usernameToken




I'm trying to  create a .NET client that will consume AXIS WS.

Request should be signed (using x509 Signature) and after this usernametoken profile 1.0 should be attached.

Using SOAP-UI I can create Outgoing Security Policy with few steps described below:

1) Define keystore

2) Add WSS Signature entry and mark key identifier type as X509 Certificate or Binary Security Token

3) Add WSS Username entry

The order is important.

I cannot recreate SOAP request that would generate valid response.

I got "The signature or decryption was invalid" most of the time.

Here is valid SOAP Request from SOAP-UI:


 <soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:user="http://users.api.swd.zbp.pl"

using a x509 certificate to sign XML using SignedXml class


Hi All,

I am trying to sign an XML file. The code is basically exactly the same as the MSDN sample: http://msdn.microsoft.com/en-us/library/ms229745.aspx

I set the XmlResolver to null:

var settings = new XmlReaderSettings()
          ValidationType = ValidationType.None,
          ProhibitDtd = false,
          IgnoreWhitespace = true,
          XmlResolver = null

This exception is thrown when i call: signedXml.ComputeSignature();

when I do, I receive the following exception:

-  $exception {"An error has occurred while opening external DTD 'http://www.apple.com/DTDs/PropertyList-1.0.dtd': Request for the permi

WCF service with multiple client certificates




How can I specify multiple client certificates for my service? I have a service with nettcpbinding hosted in IIS, which  will be consumed by multiple clients. Each client will be having its own certificate. I want that service should have a list of certificates of clients which are allowed to call it, for others it should fail. 


Service behavior configuration only allows one client certificate value, how can I specify multiple client certificates. My present service web.config is



wcf client authentication with certificates



For client authentication do i need to install the client certificate on server? Or on server i can just keep the thumprit string and and in my custom X509CertificateValidator, i can just check if the incoming certificate thumbprint is same as configured on server.



Certificates: Cannot find the certificate and private key for decryption Error when sign

Note: from stackoverflow: I think is better for system administrators.

I work in company with many servers and Pcs for developers. Servers are win2003, PC developers Windows XP.

In a server Win2003 named preiis01, in preproduction environment, other people in company install a client certificate using any other user (domainCompany\adminsystems) for logging in server preiis01.

Anyone admin uses the user "domainCompany\adminsystems" for log in server preiis01 (using Terminal Server, Remote Desktop for Windows XP).

the admin user is domainCompany\adminsystems", which installs certificate.

Admin user install it like this:

Session login like "domainCompany\adminsystems"
Certificate is PFX file. Do Install PFX and using Wizard. The key private not check for export.
Input the password and install.

There is an application Web which AppPool Identity is: NETWORK SERVICE account.

web server is IIS 6.0.

in preiis01,

That admin user executes mmc -> Snap in -> Certificates for Local Machine. In no

Custom Message Logging Listener logKnownPii=true (Getting client IP)



I have implemented a custom trace listener for WCF message logging. this listener writes stuff to SQL and sends emails on errors. all is good so far.

now i wanted to log also the client IP that called my service from my trace listener. i know about the logKnownPii attribute. i set it to true on both my machine.config and web.config. but it seems to have no affect at all. my relevant configuration is as follows:




ASP.NetWindows Application  .NET Framework  C#  VB.Net  ADO.Net  
Sql Server  SharePoint  Silverlight  Others  All   

Hall of Fame    Twitter   Terms of Service    Privacy Policy    Contact Us    Archives   Tell A Friend