Skip to main content

Connecting to SOAP service with certificate authentication

I have rarely worked with certificate based authentication, so when I got this neat little SOAP service with certificate authentication in my hands I gladly accepted the challenge. All I got was the URL to the service with a certificate and the password. I also got an example written in PHP:

$client = new SoapClient("https://url.to.service/", array(
        'local_cert' => 'client_certificate.pem', 'passphrase' => 'PASSPHRASE',
        'cache_wsdl' => WSDL_CACHE_NONE
));

This of course looks very easy, but we all know that it's not really that easy if I want to use .NET and WCF. First of all the PEM-certificate cannot natively be used in .NET. Second of all I don't have the WSDL for the service. Here are the steps I had to go through to be able to successfully connect to the SOAP service.

Convert the certificate
The certificate I received was a PEM certificate which included both the private and public key. .NET does not natively support the PEM format, so I had to convert the certificate to a type that is usable in my application. For this purpose I used Win32OpenSSL and the command is really straight forward:

openssl pkcs12 -export -in client_certificate.pem -out client_certificate.pfx

I was prompted for the current password and then prompted to enter a password for the new certificate. This results in a PFX certificate ready to use in .NET and that is compatible with the SOAP service.

Connecting to the service
By installing the PFX-certificate in the certificate store on my computer I am able to connect to the service URL. This also means that I can use the Add service reference Wizard in Visual Studio to generate the service client classes. However, I don't want to make the users install the certificate on their computers, but instead include the certificate in the application that will consume the service.

Another issue is that the SSL-certificate is not issued by a trusted source. This means that a secure connection cannot be established. An ugly but surely effective hack is to override the ServerCertificateValidationCallback and simply returning true for all certificates on validation. Note that this override is effective for the entire application!

ServicePointManager.ServerCertificateValidationCallback = (sender, certificate, chain, errors) => true;

When that little obstacle is overcome, it is actually a very straight path to connect to the service. First we will have to add the certificate to the solution and set it as Embedded Resource. The next step is to read the resource and add the certificate to the service binding.

var resource = typeof(MyService).Assembly.GetManifestResourceStream("client_certificate.pfx");
using(var stream = new MemoryStream())
{
    resource.CopyTo(stream);
    _certificate = new X509Certificate2(stream.ToArray(), "PASSWORD");
}

When connecting all we need to do is create a BasicHttpBinding and setting the ClientCredentialType to Certificate. We also have to add the certificate to the ClientCertificate property on the service.

public void Connect()
{
    var binding = new BasicHttpBinding(BasicHttpSecurityMode.Transport);
    binding.Security.Transport.ClientCredentialType = HttpClientCredentialType.Certificate;

    var endpointAddress = new EndpointAddress("https://url.to.service/");

    _service = new ServiceClient(binding, endpointAddress);
    _service.ClientCredentials.ClientCertificate.Certificate = _certificate;
    _service.Open();
}

That is about everything that needs to be done. With the certificate added to the project and to the binding the authentication is handled with the certificate and the supplied password. The service works great on any computer without having to install the certificate or entering any credentials. Of course this is not the most secure solution out there, but it sure gets the job done!

Comments

Popular posts from this blog

Moving to the cloud - part 1

I cannot with words describe the hype around the cloud today, and of course I had to join the croud. I have transferred all my applications, files and services to the cloud. I thought I would share some of the experiences and difficulties I have hit during my jourey. These are the steps I have performed in order to complete my move to the cloud: Most of my files are safely stored with  Dropbox . E-mail accounts for stodell.se  were moved from service provider to  Google Apps . The Cornball was moved from service provider to  Windows Azure och SQL Azure . This blog was moved from Wordpress at a service provider to  Google's Blogger . Even though  Loopia has been a great service provider during many years I have now been able to cancel all my services except the domain hosting with them. The replacement being free services and the Azure capacity that is included in the MSDN subscription.

Binding a HTML-formatted string to a WPF WebBrowser control

Sometimes there is a need to display a HTML formatted string in a WPF application. There are a couple of ways to do this, but the most stright forward is to use a WebBrowser control and the NavigateToString method. This approach has one big flaw, you cannot use binding to a string out of the box, but I found a great solution through Stack Overflow which adds a bindable property to the  WebBrowser  control using  NavigateToString . The following class is all that is needed to add that behavior. A new depencency property named Html is introduced to the  WebBrowser  and the proper change action is performed in the OnHtmlChanged method. public class BrowserBehavior { public static readonly DependencyProperty HtmlProperty = DependencyProperty.RegisterAttached( "Html", typeof(string), typeof(BrowserBehavior), new FrameworkPropertyMetadata(OnHtmlChanged)); [AttachedPropertyBrowsableForType(typeof(WebBrowser))] public static string GetHtml(WebBrowser bro

Getting started with Silverlight

In my work with the Cornball as my first Silverlight project I have had to solve a huge amount of problems which turned out to be quite a high threshold before I could get started with the development for real. Not the least in the difference between a WinForms application and a Silverlight application. In this post I will mention a couple of the things i encountered. Splash Screen/Preloader The builtin preloader in Silverlight does not look too bad, but it is definately more fun to create a custom preloader to fit with the rest of the application. I choose to create a very simple but functional preloader. First I had to include all the images as resources in the application for the preloader to actually have a purpose. By adding the images to the project and select Resource as Build Action the images will be included in the XAP-file. To show the images in the application, something of the following will do. XAML <Image Name="Card" Source="/SilverlightApplicatio