Could not establish secure channel for SSL/TLS with authority when calling third party web service along with certificate
Question
My project used visual studio 2010 and is a web application project with c#. I add web referrence for the web service.
I'm having could not establish secure channel for SSL/TLS with authority when i try to access third party web service with certificate in my UAT server. The certificate was expired. I've already add the trust root cert and personal cert for local computer and current user. It works when i call with web service application but not with web application
Below code I used to add the certificate when calling web service and bypass the certificate error.
AServiceReference.AServiceClient client = new AServiceReference.AServiceClient();
X509Certificate2 cert = new X509Certificate2("CERTIFICATE","PASSWORD");
client.ClientCredentials.ClientCertificate.Certificate = cert;
System.Net.ServicePointManager.ServerCertificateValidationCallback = delegate { return true; };
2 answers
solution1
0 ACCPTED 2015-04-24 06:45:50
Add this in your web.config file and you will be fine probably:
<bindings>
<basicHttpBinding>
<binding name="xxxBinding">
<security mode="Transport">
<transport clientCredentialType="Certificate"/>
</security>
</binding>
</basicHttpBinding>
</bindings>
solution2
0 2015-04-27 04:54:12
When I was tasked with attaching a client cert I was able to do it in one of two ways. It doesn't look like you're actually attaching the client cert (if you are using one) anywhere.
1: through code like you've been doing
proxyClient.ClientCredentials.ClientCertificate.SetCertificate(
StoreLocation.CurrentUser,
StoreName.My,
X509FindType.FindByThumbprint,
"6D0DBF387484B25A16D0E3E53DBB178A366DA954");
2: through configuration in the web/app.config file.
<behaviors>
<endpointBehaviors>
<behavior name="ohBehave">
<clientCredentials useIdentityConfiguration="false">
<clientCertificate findValue="c6dafea24197cd6a6f13e846ffcdf70220d23ec2" storeLocation="CurrentUser"
x509FindType="FindByThumbprint" />
</clientCredentials>
</behavior>
</endpointBehaviors>
</behaviors>
<client>
<endpoint address="https://myservice.ca/SubmitService/Submit.svc"
behaviorConfiguration="ohBehave" binding="customBinding" bindingConfiguration="SubmitBinding"
contract="SubmitService.Submit" name="SubmitDev" />
</client>
As long as the cert is in the store specified it should be getting attached.
I also had to use a customBinding in my .config file since we wanted to pass credentials as well (note the httpsTransport node for client certs):
<binding name="SubmitBinding">
<security defaultAlgorithmSuite="Default" authenticationMode="UserNameOverTransport"
requireDerivedKeys="true" includeTimestamp="true" messageSecurityVersion="WSSecurity11WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11BasicSecurityProfile10">
<localClientSettings detectReplays="false" />
<localServiceSettings detectReplays="false" />
</security>
<textMessageEncoding messageVersion="Soap11">
<readerQuotas maxDepth="32" maxStringContentLength="200000000"
maxArrayLength="200000000" maxBytesPerRead="200000000" />
</textMessageEncoding>
<httpsTransport maxBufferPoolSize="200000000" maxReceivedMessageSize="200000000"
maxBufferSize="200000000" requireClientCertificate="true" />
</binding>
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.