H
hepsubah
I'm trying to capture a client cert in my ASP.NET application, and use
that cert as the client cert for a call to secure web service.
I've used the following code, but am getting a 403 error on the
invocation of the service. All the service is supposed to do is
return the subject of the passed cert (I'll do more with it later)
-----------------------------------------------------------------------------------------------------------------------------------------
protected void Page_Load(object sender, EventArgs e)
{
// Capture Client Certificate
HttpClientCertificate cs = Request.ClientCertificate;
string svcres;
try
{
// Create X509 Cert from Client Cert
X509Certificate x509 = new
X509Certificate(cs.Certificate);
// Instantiate the Servive
TestCertService.Service ts = new
TestCertService.Service();
// Add the Captured Cert
ts.ClientCertificates.Add(x509);
// Invoke the Service
svcres = ts.CertSubject();
Response.Write("<br><br><br>Cert from Service<br>");
Response.Write("-------------------------------------------------------
<br>");
Response.Write("Subject = " + svcres + "<br>");
}
catch (Exception ex)
{
if (ex is WebException)
{
WebException we = ex as WebException;
Response.Write("WebError Invoking Service = Message:"
+ we.Message + "<br>");
}
else
{
Response.Write("Error Invoking Service = Message:" +
ex.Message + "<br>");
}
}
-------------------------------------------------------------------------------------------------------------------------------------------------
Is this approach sound?
Is this a security issue?
Any help would be appreciated
that cert as the client cert for a call to secure web service.
I've used the following code, but am getting a 403 error on the
invocation of the service. All the service is supposed to do is
return the subject of the passed cert (I'll do more with it later)
-----------------------------------------------------------------------------------------------------------------------------------------
protected void Page_Load(object sender, EventArgs e)
{
// Capture Client Certificate
HttpClientCertificate cs = Request.ClientCertificate;
string svcres;
try
{
// Create X509 Cert from Client Cert
X509Certificate x509 = new
X509Certificate(cs.Certificate);
// Instantiate the Servive
TestCertService.Service ts = new
TestCertService.Service();
// Add the Captured Cert
ts.ClientCertificates.Add(x509);
// Invoke the Service
svcres = ts.CertSubject();
Response.Write("<br><br><br>Cert from Service<br>");
Response.Write("-------------------------------------------------------
<br>");
Response.Write("Subject = " + svcres + "<br>");
}
catch (Exception ex)
{
if (ex is WebException)
{
WebException we = ex as WebException;
Response.Write("WebError Invoking Service = Message:"
+ we.Message + "<br>");
}
else
{
Response.Write("Error Invoking Service = Message:" +
ex.Message + "<br>");
}
}
-------------------------------------------------------------------------------------------------------------------------------------------------
Is this approach sound?
Is this a security issue?
Any help would be appreciated