SOAP access denied when IIS set to required client certificate

  • Thread starter Thread starter Bob
  • Start date Start date
B

Bob

I'm building a .NET web service which requires client certificate for strong
security. I set IIS to require SSL and client certificate (under site
properties in IIS admin, Directory Security tab, Secure Communication,
Edit... button. then check Require Secure Channel and Require Client
Certificates). Then in my client side code, I add my client certificate to
the property HttpWebClientProtocol.Certificates. However, I keep getting a
"Access Forbidden" error (System.Net.WebException) when I run the client,
which is a .NET Windows application.

I know the client certificate is good, because when I access the site from
IE, it prompts me for a client certificate, and it goes through ok after I
select the certificate. Also I know the cleint certificate is valid and
seems to be sent over to the server, as I created another web service to
only take signed SOAP message using the client certificate (with WSE 1.0),
and it correctly recognize the signiture. Seems to me the .NET part works
fine, but for whatever reason IIS can't seem to recognize the client
certificate sent over. As soon as I uncheck "Require Client Certificate" in
IIS, the call goes through (so the server SSL is good too).

I have exhausted everything I can think of. Can anyone give me some
suggestions?

Thanks a lot
Bob
 
Back
Top