Skip to main content

Connecting to SOAP service with certificate authentication

I have rarely worked with certificate based authentication, so when I got this neat little SOAP service with certificate authentication in my hands I gladly accepted the challenge. All I got was the URL to the service with a certificate and the password. I also got an example written in PHP:

$client = new SoapClient("https://url.to.service/", array(
        'local_cert' => 'client_certificate.pem', 'passphrase' => 'PASSPHRASE',
        'cache_wsdl' => WSDL_CACHE_NONE
));

This of course looks very easy, but we all know that it's not really that easy if I want to use .NET and WCF. First of all the PEM-certificate cannot natively be used in .NET. Second of all I don't have the WSDL for the service. Here are the steps I had to go through to be able to successfully connect to the SOAP service.

 Convert the certificate
The certificate I received was a PEM certificate which included both the private and public key. .NET does not natively support the PEM format, so I had to convert the certificate to a type that is usable in my application. For this purpose I used Win32OpenSSL and the command is really straight forward:

openssl pkcs12 -export -in client_certificate.pem -out client_certificate.pfx

I was prompted for the current password and then prompted to enter a password for the new certificate. This results in a PFX certificate ready to use in .NET and that is compatible with the SOAP service.

Connecting to the service
By installing the PFX-certificate in the certificate store on my computer I am able to connect to the service URL. This also means that I can use the Add service reference Wizard in Visual Studio to generate the service client classes. However, I don't want to make the users install the certificate on their computers, but instead include the certificate in the application that will consume the service.

Another issue is that the SSL-certificate is not issued by a trusted source. This means that a secure connection cannot be established. An ugly but surely effective hack is to override the ServerCertificateValidationCallback and simply returning true for all certificates on validation. Note that this override is effective for the entire application!

ServicePointManager.ServerCertificateValidationCallback = (sender, certificate, chain, errors) => true;

When that little obstacle is overcome, it is actually a very straight path to connect to the service. First we will have to add the certificate to the solution and set it as Embedded Resource. The next step is to read the resource and add the certificate to the service binding.

var resource = typeof(MyService).Assembly.GetManifestResourceStream("client_certificate.pfx");
using(var stream = new MemoryStream())
{
    resource.CopyTo(stream);
    _certificate = new X509Certificate2(stream.ToArray(), "PASSWORD");
}

When connecting all we need to do is create a BasicHttpBinding and setting the ClientCredentialType to Certificate. We also have to add the certificate to the ClientCertificate property on the service.

public void Connect()
{
    var binding = new BasicHttpBinding(BasicHttpSecurityMode.Transport);
    binding.Security.Transport.ClientCredentialType = HttpClientCredentialType.Certificate;

    var endpointAddress = new EndpointAddress("https://url.to.service/");

    _service = new ServiceClient(binding, endpointAddress);
    _service.ClientCredentials.ClientCertificate.Certificate = _certificate;
    _service.Open();
}

That is about everything that needs to be done. With the certificate added to the project and to the binding the authentication is handled with the certificate and the supplied password. The service works great on any computer without having to install the certificate or entering any credentials. Of course this is not the most secure solution out there, but it sure gets the job done!
Labels:

Comments

Post a Comment

Popular posts from this blog

The Cornball goes to Brunch with Chaplin

Lately I've been working pretty hard on different projects but not really stumbling upon anything blogworthy. The most recent project is quite interesting though, a single page, touch friendly, web application using the latest and greatest technologies. We've ended up with using Brunch with Chaplin , which is a very neat way of setting up a Backbone based single page web project with Brunch and Chaplin . Aside from this, I have my own little project that has lived on for almost 15 years already, The Cornball . From being a plain Windows application written i C an Win32 API, it has been ported to .NET using WPF, and is currently a Silverlight application hosted on Windows Azure. I could not find a better time to reanimate this project and create a new web based version, touch friendly, super optimized, awesome in any way. So I did... So please follow my journey at Github . It's going to take a while, I assure you, but I already have some ground work done. Meanwhile,...
3 comments
Read more

Using ASP.NET MVC with MEF

I wrote this post almost a year ago, but never published it for some reason. Anyway, here is a little MVC/MEF magic. By default a controller in MVC must have a parameterless constructor. When using MEF a good practice is to inject the services via constructor parameters. These two in combination obviously creates an issue where the following scenario will not work out of the box, since there is no parameterless constructor for  MVC  to use. Note that the PartCreationPolicy is set to NonShared since a new controller have to be initialized for each request. [Export] [PartCreationPolicy(CreationPolicy.NonShared)] public class HomeController : Controller {     private readonly IServiceClient _service;     [ImportingConstructor]     public HomeController(IServiceClient service)     {         _service = service;     }     public ActionResult Index()     {         ...
2 comments
Read more

Bindable RichTextBox with HTML conversion in WPF

In WPF , the RichTextBox  control is not really like other controls. Due to its flexible nature, there is no built in way of binding a property to the content. In this case, I wanted a simple  RichTextBox  control with a binding to an HTML formatted string to be able to use the built-in formatting features of the  RichTextBox  and allow users to create simple HTML formatted content. First, doing the conversion on-the-fly proved to have major performance issues, so I ended up binding the content to a XAML string. The XAML to HTML conversion can be performed at any time. I created a UserControl with a bindable Text-property. The view contains a  RichTextBox  control. <RichTextBox x:Name="richTextBox" TextChanged="OnRichTextBoxChanged"> The source code for the user control contains the Text property and the methods to handle the binding. public static readonly DependencyProperty TextProperty = DependencyProperty.Register( "Te...
Post a Comment
Read more