.NET Tutorials, Forums, Interview Questions And Answers
Welcome :Guest
Sign In
Win Surprise Gifts!!!

Top 5 Contributors of the Month
Gaurav Pal
Post New Web Links

troubleshooting client certificate authentication issues

Posted By:      Posted Date: October 14, 2010    Points: 0   Category :WCF


i am using self created certs for client authentication. for one of the cert it works fine but ith another cert it does work. i get an error, can't rer connect to server.

is there any way/tool to troubleshoot cert issue?



View Complete Post

More Related Resource Links

SharePoint - Report Server - Client Certificate authentication

Hi,I have a SharePoint site collection which requires client certificates. On the server I have configured Reporting Services in integration mode.I can call reports on other site collections which don't require client certificates but not on the site which does. On the site which requires client certificates the pages fail with the following error message:'An unexpected error occurred while connecting to the report server. Verify that the report server is available and configured for SharePoint integrated mode. --> The request failed with HTTP status 403: forbidden'The error message indicates that SharePoint doesn't call the web service with a client certificate. Does anyone know how I can configure SharePoint to use a client certificate?Any help is greatly appreciated.Adam

WCF Service to WSE Client - Certificate authentication over SSL

I am trying to access a WCF service with a WSE 3.0 client over SSL using certificate authentication.  I can do it over an unsecured channel using a customBinding on the service side using the MutualCertificate authentication mode and the turnkey policy assertion mutualCertificate11Security on the client side.  This breaks when I move it to a production environment accessible only by SSL and either (1) change nothing in the server config file--connection gets refused because it is not https--or by (2) changing the server custom binding to CertificateOverTransport--client errors with this:  System.InvalidOperationException: Security requirements are not satisfied because the security header is not present in the incoming message.

My question is simply, how do I access a WCF service over SSL using certificate authentication?


how to catch certificate authentication and authorization errors in client


How can i know at client side that my request to wcf service(with certificate authentication over nettcp) has failed because of authentication or authorization.

i think authentication can fail if the certificate is not a valid certificate(ie date has expired). For authorization i have implemented ServcieAuthorizationmanger and returning true/false. how wcf will transfer this to authrization error.



SharePoint 2010 & Client Certificate Authentication



we have upgraded our WSS 3.2 installation to Sharepoint Foundation 2010 and have trouble with authentication over client certificates (works perfect with WSS 3.2).

You can reproduce this with a fresh install of SharePoint Foundation 2010 on Windows Server 2008 R2. Create an application and set in IIS authentication to Client Certificates. Then create a site with one document library and upload at least two documents. Then check all items in list view and try to delete this documents over delete-button in ribbon (not over context menu). At this point i get a javascript error:

Message: Object expected
Line: 2
Char: 20732
Code: 0
URI: https://XXXX/_layouts/inplview.js?rev=AohvE9XEf%2FI78tuaw1TGAA%3D%3D

I found following HTTP 500 error in IIS-Log:

2010-05-21 13:20:01 POST /_vti_bin/client.svc/ProcessQuery - 443 XXXX\XXX 192.168.XXX.XXX Mozilla/4.0+(compatible;+MSIE+8.0;+Windows+NT+6.1;+WOW64;+Trident/4.0;+SLCC2;+.NET+CLR+2.0.50727;+.NET+CLR+3.5.30729;+.NET+CLR+3.0.30729;+InfoPath.2;+.NET4.0C;+.NET4.0E) 500 0 0 188

If i switch authentication in IIS to Windows Authentication i get no error (HTTP Status Code = 200).

Web Security: Part 2: Introducing the Web Application Manager, Client Authentication Options, and Pr


This article, the second of two parts, continues coverage of Web security for Windows. It introduces the Web Application Manager in IIS that allows Web processes to be isolated, decreasing the security risk associated with running in a logon session. The article then picks up where Part One left off-it discusses authentication methods such as basic authentication, digest authentication, integrated Windows authentication, and anonymous logons, and the benefits and drawbacks of each.

Keith Brown

MSDN Magazine July 2000

Looking for a simple Service and Console Client REST sample implementing BASIC authentication


Does anyone know of a C# code sample demonstrating WCF REST services and console test client with OperationContracts (GET and POST) implementing mutiple paramaters using BASIC authentication? Also, perhaps, using Fiddler as a test client as well? I have searched high and low for something like this, but have not had any success.

sslstream client certificate validation error

Hi,I have taken server and client program from MSDN2 for sslstream. in that code client certifiacte authetication is made false  i want to enable that and do the code i have done some modification to the code but is giving error "RemoteCertificateNotAvailable" and i think that its not getting the client certificate at server side.So please can any one help me to do client server program using sslstream in which client certificate also needs to be validated.I am attaching my modified code of MSDN2Server sideusing System;using System.Collections;using System.Net;using System.Net.Sockets;using System.Net.Security;using System.Security.Authentication;using System.Text;using System.Security.Cryptography.X509Certificates;using System.IO;namespace Examples.System.Net{    public sealed class SslTcpServer     {        static X509Certificate serverCertificate = null;        // The certificate parameter specifies the name of the file         // containing the machine certificate.        // The following method is invoked by the RemoteCertificateValidationDelegate.        public static bool ValidateClientCertificate(              object sender,              X509Certificate certificate,              X509Chain chain,              SslPolicyErrors sslPolicyErrors)        {            SslPolicyErrors errors = sslPolicyErrors;            if (errors != SslPolicyErrors.None)            {

authentication issues using exchange web service within sql CLR functions

Hi Hope this is the right forum for this question, we have a VB assembly we have written to perform simple email functions via calls to EWS. We use a high level user who has rights to impersonate the normal exchange users, and this usually works OK, but what we are seeing is that occasional email messages are being created in the wrong user's draft folders. We belive this is because the impersonating account information is getting overwritten within our code when multiple users access the functions at the same time Example call to the WS is... <Microsoft.SqlServer.Server.SqlProcedure()> _ Public Shared Sub InsertEmail( _ ByVal Impersonate As String, _ ByVal Subject As String, _ ByVal Body As String, _ ByVal ToAddress As String, _ ByVal CCAddress As String, _ ByVal BCCAddress As String, _ ByVal HTMLEmail As Boolean, _ <Out()> ByRef ItemID As String, _ <Out()> ByRef ChangeKey As String) 'ByVal CCAddress As String, _ 'ByVal BCCAdddress As String, _ Using esb As Helper = New Helper(Impersonate) ' Create the CreateItem request. Dim createEmailRequest As New ews.CreateItemType() ' Specifiy how the e-mail will be handled. createEmailRequest.MessageDisposition = ews.MessageDispositionType.SaveOnly createEmailRequest.MessageDispositionSpecified

connect client certificate to an account in a membership database

Hello I have created a web service that authenticates with username and password, works fine.Basically this one, http://msdn.microsoft.com/en-us/library/ff649647.aspxNow I also want to connect to this web service using client certificates, works finehttp://msdn.microsoft.com/en-us/library/cc948997.aspx But I would like to when authenticated via client certificates, connect that certificate to a user in the membership database.So that I can use Roles.IsUserInRole(...) and such.I thought that, well if I implement a Custom certificate Validatorhttp://msdn.microsoft.com/en-us/library/ms733806.aspxthen I could check for example subject and map that against a created username in the membership database.But in the class X509CertificateValidatorpublic override void Validate(X509Certificate2 certificate)I don't have the same ability as when the user is authenticatedlike  void OnAuthenticateRequest(object source, EventArgs eventArgs)HttpApplication app = (HttpApplication)source;Basically how can I do this app.Context.User = new GenericPrincipal(new GenericIdentity(username, "Membership Provider"),roles);withinpublic override void Validate(X509Certificate2 certificate)and if that is not possible, can this be solved differently?Bottom line, how do I connect a client certificate to a user account in the membership database. Is there a MSDN article

Troubleshooting IIS 7 network performance issues and TCP Chimney Offload, Receive Side Scaling, and

There is a lot of posts on http://forums.iis.net related to network performance.  Actually, there was two today!.  The problems can be different, but the common thread seems to be network performance.  Windows Server 2008 (and R2) enabled a new network feature by default which has been referred to as "Scalable Networking Pak".  Some people refer to the feature as TCP Chimney Offload.  Either way, in my experience this feature causes more issues than it solves.  If you are having a network related issue or performance, this is a easy setting to check and verify if disabling portions or all of them can resolve the issue.   KB article on TCP Chimney Offloadhttp://technet.microsoft.com/en-us/network/dd277645.aspx KB Article how to show your settings and disablehttp://support.microsoft.com/kb/951037 I strongly encourage test these changes in a non-production environment before making changes to your production systems! Enjoy, Steve SchofieldMicrosoft MVP - IIS

Getting client information from X.509 certificate in C# code

I have a WCF service which accepts X.509 certificate signed incoming messages. As per my understanding the client will send the message with signature encrypted using his private key and web services will decrypt the signature with client's public key. This ensures that the sender of the message is holder of the private key and that he is certified by the server trusted CA as "He is what he claims to be". It's being a highly secure application I need to give access to only certain clients regardless of whether they are trusted or not. (This is to take care of good turned bad scenario :-)) How do I achieve this? Is there any way to get the client information as subject name etc from his certificate in C# code? Is there any example of this usage? Thanks in advance,Jeet.    

Client object model Authentication.

  Sorry for my bad english. With WPF, I can get authentication using below code             ClientContext clientContext = new ClientContext("URL");             clientContext.AuthenticationMode = ClientAuthenticationMode.Default;             NetworkCredential credential = new NetworkCredential("ID", "PASSWORD", "URL");             clientContext.Credentials = credential; But with silverlight, I can't find AuthenticationMode property with ClientContext.   I want to get authentication using client object model with silverlight. Can anybody help me?   thanks!!   

C# Client App connecting to WSS3.0 with X.509 certificate

I have been unable to find much information on using smart cards and X.509 certificates when connecting to WSS 3.0.  I am able to build a Web Service Reference in VS 2010 just fine.  I get prompted for my cert, I select it, enter my pin and all is well.  But I am failing to handle it properly in my app.  I created a test method that creates the new WSS List object.  I assign System.Net.Credentials.DefaultCredentials to the Credentials. I then call GetListCollection.  I am never prompted for my cert, and I get a 500 error back from the server.  Everything works fine in IE and adding the reference so I think I missed a step, but I cannot figure out what that would be. I running the app with an account that has no relationship to the authentication domain WSS is part of, so I expected to be prompted for the cert when I tried to connect. Does anyone know how to do this, or offer up some guidance.  Thanks, LD

Authentication: Is UserNamePassword authentication possible without X.509 certificate?

Hi ever body I want to authenticate my client at my WCF service with username/password credentials. Is it possible to do this without a X.509 certificate (without any certificate at all)? Thanks  

Client/Server Authentication

Dear All,   I have a client/server socket application that enables file transfer between the client and the server, however, i want the client to be authenticated with the server before a file is transferred. the client should prompt for a user name and password which is used for authentication with the server. The server should be configured with user name/password pairs so that it is able to authenticate client. I have been searching for related work for quite sometime now but haven't come across anything close to this yet. Please i want any1 to help me settle this issues, i would appreciate if i am directed to an article or any other resources that is helpful, or pasting sample code/ uploading sample application would be of greatest help..Thank you all in advance. Regards, Mbgreat.

x509 - Client Certificate infrastructure for Asp.Net question

I dont have a lot of background with SSL and X509 configuration and support with my Asp.Net application, so I was wondering if someone can explain or point me in the right direction to MSDN or any other article or posting explaining if it's possible to do what I am looking to support in my environment.I have IIS 6.0 with SSL (Verisign cert) as well as "Require client certificates" working against a local installation of Microsoft Certificate Services, https://<domain>/certsrv, where users can request and install client certs (both xp clients for basic mode, and Vista/7 for advance mode).Here's what I am up against:I have a segment of users coming from a virtualized server environment where this environment does not store personal settings for more than 48 hours. It's not an internet cafe, but rather an actual business where their IT staff uses server images to reimage each virtual server in the farm every 48hrs. Thus losing all users data in the "Current Users" Certificate Stores.The IT staff give users a network folder share to store any personal items (docs, spreadsheets, links, etc.). The servers consist of Windows Server 2003, and will be migrating to Windows Server 2008 in the next 6-9 months.These users have rights in Internet Explorer to navigate to my certsrv site and use activex to to request and install certificates then clode and

The HTTP request is unauthorized with client authentication scheme 'Anonymous'

I am trying to do a soap request from a WebCTRL server. I went to add a service reference, entered the URL to my wsdl and (after prompting me for a username and password) it added the reference and I can create an instance of the service object and makes calls against it.   Dim eval As New WebCTRL_Eval.EvalClient eval.Open() Debug.Print(eval.getValue("#reception_40/lstat"))   I get this back from the server, on open and getvalue.   The HTTP request is unauthorized with client authentication scheme 'Anonymous'. The authentication header received from the server was 'Basic realm="SOAP Access"'.   I understand that it is the HTTP authentication that I need to setup or configure, but just dont understand how to do it.   I have tried eval.ClientCredentials.UserName.UserName = "myusername" eval.ClientCredentials.UserName.Password = "mypassword"   How do I change the client authentication scheme and provide my credentials to it?   Here is what is on my app.config file.   <system.serviceModel>  <bindings>   <wsHttpBinding>    <binding name="EvalSoapBinding"     bypassProxyOnLocal="false"     transactionFlow="false"     hostNameComparisonMode="StrongWildcard"     maxBufferPoolSize="524288"     maxReceivedMessageSize="65536"     messageEncoding="Text"
ASP.NetWindows Application  .NET Framework  C#  VB.Net  ADO.Net  
Sql Server  SharePoint  Silverlight  Others  All   

Hall of Fame    Twitter   Terms of Service    Privacy Policy    Contact Us    Archives   Tell A Friend