.NET Tutorials, Forums, Interview Questions And Answers
Welcome :Guest
Sign In
Win Surprise Gifts!!!

Top 5 Contributors of the Month
david stephan
Gaurav Pal
Post New Web Links

Help with ServiceLibrary x.509 Certificate

Posted By:      Posted Date: October 10, 2010    Points: 0   Category :WCF

I finally want to add some security to my WCF service, but I'm having trouble creating/installing/binding the cert... pretty much everything. Does anyone have a good tutorial to get me going?

Also i really don't want to have all my clients install a certificate on their end. Unless its automated in code somehow because i dont want all my clients to go in there mmc and install it.

Is certificate security the best way for me to go? If not let me know

View Complete Post

More Related Resource Links

Certificate API question - Private Key.

I am trying to follow http://msdn.microsoft.com/en-us/library/system.security.cryptography.x509certificates.x509certificate2.aspx but I am finding that the Private Key property of the certificate is always null. I created the certificate with makecert -pe -n "CN=BuySeasonsThirdParty" -r -b 08/26/2010 -e 08/26/2011 -sky exchange Amazon.cer. Then installing it on the local user store using: X509Store store = new X509Store(storeName, StoreLocation.CurrentUser); and using the same API to get the certificate from the store. The certificate that I retrieve from the store is non-null it is just the PrivateKey is null. So I can encrypt using something like: ((RSACryptoServiceProvider)cert.PublicKey.Key).Encrypt(Encoding.Unicode.GetBytes(text), true)   But since the Private Key property is NULL I cannot decrypt. Any ideas? Kevin

sslstream client certificate validation error

Hi,I have taken server and client program from MSDN2 for sslstream. in that code client certifiacte authetication is made false  i want to enable that and do the code i have done some modification to the code but is giving error "RemoteCertificateNotAvailable" and i think that its not getting the client certificate at server side.So please can any one help me to do client server program using sslstream in which client certificate also needs to be validated.I am attaching my modified code of MSDN2Server sideusing System;using System.Collections;using System.Net;using System.Net.Sockets;using System.Net.Security;using System.Security.Authentication;using System.Text;using System.Security.Cryptography.X509Certificates;using System.IO;namespace Examples.System.Net{    public sealed class SslTcpServer     {        static X509Certificate serverCertificate = null;        // The certificate parameter specifies the name of the file         // containing the machine certificate.        // The following method is invoked by the RemoteCertificateValidationDelegate.        public static bool ValidateClientCertificate(              object sender,              X509Certificate certificate,              X509Chain chain,              SslPolicyErrors sslPolicyErrors)        {            SslPolicyErrors errors = sslPolicyErrors;            if (errors != SslPolicyErrors.None)            {

Certificate Signing Request Tool

Hi All, Currently there is a requirement in our application for creating a SSL Certificate Signing Request (CSR) message. Is it possible to develop one on .Net Framework 3.5 Some of the websites lilke Verisign do not mention any such procedure where they say that a custom tool is available apart from OpenSSL but they basically have provided a list all the webservers where their Digital Certificates are compatible and the instructions which say how the CSR's can be generated on these web servers.  I understand that the CSR contain the Web Server's public key, organization information and a unique match for server's private key. The certificates issued by the Certifying Authority  is used for Cient/Server authentication over TCP/IP. Look forward for some replies Thanks

SSL Using Server Created Certificate

We need to secure a SQL server using an SSL certificate and I understand there are a couple of ways of doing it.  One of which is having SQL Server generate a self-signed certificate which exposes the man-in-the-middle attack vulernability.  Thus we want to avoid this approach.  My question is, can we just allow the Windows Server 2003 we are running to be configured to be a Ceriifcate Authority and ust it create an SSL certificate.  Is that just a secure as getting an SSL certificate from a third party company such as Verisign?  If it is better to go with a third party company, how do you get a certificate from them when it is not going to be used for a website? Thanks NickNick's Programming Tips

connect client certificate to an account in a membership database

Hello I have created a web service that authenticates with username and password, works fine.Basically this one, http://msdn.microsoft.com/en-us/library/ff649647.aspxNow I also want to connect to this web service using client certificates, works finehttp://msdn.microsoft.com/en-us/library/cc948997.aspx But I would like to when authenticated via client certificates, connect that certificate to a user in the membership database.So that I can use Roles.IsUserInRole(...) and such.I thought that, well if I implement a Custom certificate Validatorhttp://msdn.microsoft.com/en-us/library/ms733806.aspxthen I could check for example subject and map that against a created username in the membership database.But in the class X509CertificateValidatorpublic override void Validate(X509Certificate2 certificate)I don't have the same ability as when the user is authenticatedlike  void OnAuthenticateRequest(object source, EventArgs eventArgs)HttpApplication app = (HttpApplication)source;Basically how can I do this app.Context.User = new GenericPrincipal(new GenericIdentity(username, "Membership Provider"),roles);withinpublic override void Validate(X509Certificate2 certificate)and if that is not possible, can this be solved differently?Bottom line, how do I connect a client certificate to a user account in the membership database. Is there a MSDN article

RSACryptoServiceProvider + smart card with X509 certificate = Bad Key.

Hello! I'm trying the interop with Java. The task: create  SHA1withRSA signature of the document hash with .NET CLR. The singer key is an X509 certificate from external CA, and this signer certificate is on the smart card. 1. First solution: the .NET CLR SignedCms class passes the document hash to the Windows CryptoApi (and to the smart card), and the result is a PKCS#7 message with the signature. This solution works well with smart card, but the requirement is only the "SHA1withRSA" signature of document hash, the PKCS#7  message will be created at Java side. 2. Second attempt, create only "SHA1withRSA" signature:             // choosing certificate from smart card             X509Certificate2 card = GetCertificate();             // this fails when certificate is on the smart card:             RSACryptoServiceProvider rsa = (RSACryptoServiceProvider)card.PrivateKey;             // only the signed hash needed             byte[] signedHashValue1 = rsa.SignData(documentHash, new SHA1Managed()); The problem: the car

Getting client information from X.509 certificate in C# code

I have a WCF service which accepts X.509 certificate signed incoming messages. As per my understanding the client will send the message with signature encrypted using his private key and web services will decrypt the signature with client's public key. This ensures that the sender of the message is holder of the private key and that he is certified by the server trusted CA as "He is what he claims to be". It's being a highly secure application I need to give access to only certain clients regardless of whether they are trusted or not. (This is to take care of good turned bad scenario :-)) How do I achieve this? Is there any way to get the client information as subject name etc from his certificate in C# code? Is there any example of this usage? Thanks in advance,Jeet.    

WPF Security + Certificate HELP - xbap

Hello everyone,   I got a problem with my current XBAP application. Everyone had no problem running my application until on person had the following error: <!-- [if gte mso 10]> <mce:style> * An exception occurred while determining trust. Following failure messages were detected:                         + User has refused to grant required permissions to the application.   Then I researched and found out I needed to set up a certificate and have them put it IE. However now the people that once had no problem need to install the certificate.   I was wondering how to revert the project so EVERYONE can run my application WithOut a certificate.   *This application requires full trust.   Can anyone please help me?  

Reading Certificate information in Windows Service

Hi, I have created windows service application, While starting the service i try to get the user certificate information using follwoing code. It is return nothing. but when i try to call the same set of code using windows application it returns the certificate. Can you provide any suggestion on why Windows service call not returning the certificate information. How we can get the certificate information in windows service application.     Dim matchedCertificate As X509Certificate2 = Nothing     Dim store As New X509Store(searchConfig.StoreName, searchConfig.StoreLocationEnumValue) store.Open(   OpenFlags.ReadOnly Or OpenFlags.OpenExistingOnly)     Dim matchedCertificates As X509Certificate2Collection = CType(store.Certificates, X509Certificate2Collection)     Dim findValue As Object     ' Apply all search criterias     For Each searchCriteria As SearchCriteria In searchConfig.SearchCriteria     ' Resolve tokens in findValue findValue = ResolveTokens(searchCriteria.FindValue) matchedCertificates =   DirectCast(matchedCertificates.Find(searchCriteria.FindTypeEnumValue, findValue, False), X509Certificate2Collection)       Trace.WriteLine(String.Format("Found {0} certs with search criteria {1}={2}", matchedCertificates.Count, s

WCF Service Unable to Access Personal Certificate Store Unless Service Account is Logged In

I created a WCF service that has a method which makes a call to a SOAP web service over the internet. In order to make a call to the SOAP web service, it requires that an X.509 certificate be sent with the HttpWebRequest. The X.509 certificates are loaded in the Personal and Trusted Certificate store of the account which the service is running under. When the service account is logged into the server, everything works just fine. However, when the service account is not physically logged onto the server, it has problems loading up the X.509 certificate and fails authentication when trying to make the HttpWebRequest. I am new to WCF services so I don't even know where to start looking. Can anyone please help? Thanks in advance.

C# Client App connecting to WSS3.0 with X.509 certificate

I have been unable to find much information on using smart cards and X.509 certificates when connecting to WSS 3.0.  I am able to build a Web Service Reference in VS 2010 just fine.  I get prompted for my cert, I select it, enter my pin and all is well.  But I am failing to handle it properly in my app.  I created a test method that creates the new WSS List object.  I assign System.Net.Credentials.DefaultCredentials to the Credentials. I then call GetListCollection.  I am never prompted for my cert, and I get a 500 error back from the server.  Everything works fine in IE and adding the reference so I think I missed a step, but I cannot figure out what that would be. I running the app with an account that has no relationship to the authentication domain WSS is part of, so I expected to be prompted for the cert when I tried to connect. Does anyone know how to do this, or offer up some guidance.  Thanks, LD

Authentication: Is UserNamePassword authentication possible without X.509 certificate?

Hi ever body I want to authenticate my client at my WCF service with username/password credentials. Is it possible to do this without a X.509 certificate (without any certificate at all)? Thanks  

SharePoint - Report Server - Client Certificate authentication

Hi,I have a SharePoint site collection which requires client certificates. On the server I have configured Reporting Services in integration mode.I can call reports on other site collections which don't require client certificates but not on the site which does. On the site which requires client certificates the pages fail with the following error message:'An unexpected error occurred while connecting to the report server. Verify that the report server is available and configured for SharePoint integrated mode. --> The request failed with HTTP status 403: forbidden'The error message indicates that SharePoint doesn't call the web service with a client certificate. Does anyone know how I can configure SharePoint to use a client certificate?Any help is greatly appreciated.Adam

The remote certificate is invalid according to the validation procedure.

when sending email the' asp.net 2.0 i get the above error msg The remote certificate is invalid according to the validation procedure. how to rectify this error msg    soemetmes i get this error msg also Mailbox unavailable. The server response was:: bosauthsmtp15: Host .................... :No unauthenticated relaying permitted

WCF with wsHttpBinding and x509 Certificate - can I use VB/C# to connect with PHP?

We connect to a web service hosted by another company.  We send a customer's basic info to the service, and replies with rates/prices for that customer. I am a PHP guy -- started out playing with basic HTML, then delved into PHP about 8 years ago, and my entire web app is PHP with javascrtipt/ajax mixed in as needed.  I'm a learn-as-I-go guy. For the last two years, the service has been an aspx web service, which was easy -- just connect with PHP's SoapClient.  Now, the company hosting the service has changed it to WCF, and the binding is wsHttpBinding, and authentication is done via x509 certification. I've determined that PHP's SoapClient can't handle wsHttpBinding.  So my first roadblack - how the heck do I connect to this service?  I went as far as to install MS Visual Web Developer 2010 Express, and then I used svcutil.exe to create .config and .cs files for the service.  But understand, I've never written anything in C# or VB.  I've done a few little VBScripts in the past, and I can handle javascript... but I'm looking at these .config and .cs files and thinking, now what the heck do I do with these?? Basically, I just want to connect to this service using PHP and javascript.  But since it seems that's impossible (correct?), is there a way I can invoke a VB/C# operation from within my PHP script?  For ins

SQL Server not starting - FallBack certificate initialization failed

I can not start my SqlServer 2008 Express. The problem seemed to start when I changed my "Built In account, Log in as" from Local Service to Local System. If I try to change back to Local Service I get the messagebox with WMI Provider Error, "Cannot find object or property. [0x80092004]". Getting a bit confused, but read http://support.microsoft.com/kb/900497    mentioned about  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft SQL Server\MSSQL.1\MSSQLServer\SuperSocketNetLib, Value name: Certificate, Type: REG_SZ not having a valid value then 2005 would not starte - my value is blank. Changing it to 0 did not work.How can I import a valid certificate using SQL Server Configuration Manager. And how do you turn off Forced Encryption? Not sure if this would fix it, but couldn't hurt.====================================== 2009-03-08 01:39:06.01 Server      Error: 17190, Severity: 16, State: 1.2009-03-08 01:39:06.01 Server      FallBack certificate initialization failed with error code: 1.2009-03-08 01:39:06.01 Server      Unable to initialize SSL encryption because a valid certificate could not be found, and it is not possible to create a self-signed certificate.2009-03-08 01:39:06.01 Server      Error: 17182, Severity: 16, State: 1.2009-03-08 01:39:06.01 Server      TDSSNIClient initialization failed with error 0x80092004, status code 0x80. Reason: Unable to i

Export Encrypted Certificate

Hi, I have successfully created the neccessary encryption certifaicates/keys/master key on a local sql server instance. I would like now to export that same settings to a new client instance so that we can do the following: Make sure that only licensed users are able to log in to the system. So the way I thought I could do this was to create a master encrypted value on our main server and then export this certificate to the client db. Then I would store encrypted values (from our main server) in the client user table. Upon logging into the app the application would attempt to decrypt these values using the orginal installed certificate, upon successful decryot to a value that the application will recognise the user will then be able to log in. Is this sort of thing possible using sql server. I have succesfully restored the certificate onto a new instance but upon running the decrypt it does not recognise the encrytpted value. Any help/suggestions/links would be most most welcome/ Thanks in advance
ASP.NetWindows Application  .NET Framework  C#  VB.Net  ADO.Net  
Sql Server  SharePoint  Silverlight  Others  All   

Hall of Fame    Twitter   Terms of Service    Privacy Policy    Contact Us    Archives   Tell A Friend