x.509 Certificates

  • Thread starter Thread starter GaryDean
  • Start date Start date
G

GaryDean

I have to write an asp.net app that uses a web service requiring x.509
certificates. Are there any good docs on how to do this both in code and on
the server. Most of the stuff I'm finding through google is old 1.1 docs.
I have the certificate.
 
Much of that will still work, although another option is to look at WCF docs
with SOAP as the transport mechanism. The consumption is very similar and it
may also convince you that WCF is a better model for you, as you can create
binary contracts for your own consumption, while still leaving the SOAP
contracts for people outside of your domain.

--
Gregory A. Beamer
MVP, MCP: +I, SE, SD, DBA

Subscribe to my blog
http://feeds.feedburner.com/GregoryBeamer#

or just read it:
http://feeds.feedburner.com/GregoryBeamer

********************************************
| Think outside the box! |
********************************************
 
Hi Gary,

As for using Certificate in Webservice, I'd like to confirm the detailed
problem scenario in your environment.

Generally, you can use x509 certificate for authentication via using the
https/ssl transport layer security. For example, you can setup the
webservice in IIS to se ssl/https. And you can supply certificate in client
code (if server-side require client to provide certificate). Here are some
reference article on this:


#How to call a Web service by using a client certificate for authentication
in an ASP.NET Web application
http://support.microsoft.com/?id=901183

#Using client certificates with ASP.NET
http://geekswithblogs.net/lorint/archive/2005/12/30/64516.aspx

If you want to use X509 certificate to perform custom security (such as
encryption or signing), ASP.NET webservice doesn't directly certificate
integrity. There is an add-on component called "Web Service Enhancement"
(so far the latest version is 3.0 for .net framework 2.0). You can use it
to add certiciate and message layer securityt functionality for your
Webservice:

#Security Features in WSE 3.0
http://msdn.microsoft.com/en-us/magazine/cc300773.aspx

#Implementing Message Layer Security with X.509 Certificates in WSE 3.0
http://msdn.microsoft.com/en-us/library/aa480581.aspx

BTW, will WCF also be a possible option for you as Gregory suggested? So
far WSE is not updating and WCF provide more support on security such as
certificate.


Sincerely,

Steven Cheng

Microsoft MSDN Online Support Lead


Delighting our customers is our #1 priority. We welcome your comments and
suggestions about how we can improve the support we provide to you. Please
feel free to let my manager know what you think of the level of service
provided. You can send feedback directly to my manager at:
(e-mail address removed).

==================================================
Get notification to my posts through email? Please refer to
http://msdn.microsoft.com/en-us/subscriptions/aa948868.aspx#notifications.

Note: The MSDN Managed Newsgroup support offering is for non-urgent issues
where an initial response from the community or a Microsoft Support
Engineer within 1 business day is acceptable. Please note that each follow
up response may take approximately 2 business days as the support
professional working with you may need further investigation to reach the
most efficient resolution. The offering is not appropriate for situations
that require urgent, real-time or phone-based interactions or complex
project analysis and dump analysis issues. Issues of this nature are best
handled working with a dedicated Microsoft Support Engineer by contacting
Microsoft Customer Support Services (CSS) at
http://support.microsoft.com/select/default.aspx?target=assistance&ln=en-us.
==================================================
This posting is provided "AS IS" with no warranties, and confers no rights.




--------------------
 
Steven:
The article 901183 is one of those excellent "how to" articles but, like all
the others, it is for WSE 2.0. All I can find for WSE 3.0 is MSDN docs and
a book (that I ordered). Maybe this is the time to jump into WCF. Thanks
for all these links.
 
Thanks for your reply Gary,

For WSE 3.0, most of the examples and quick start reference has been
included in the SDK (document and samples), you can download it and install
with full version to get them.

#Web Services Enhancements (WSE) 3.0 for Microsoft .NET
http://www.microsoft.com/downloads/details.aspx?familyid=018a09fd-3a74-43c5-
8ec1-8d789091255d&displaylang=en

and here is another blog entry which include some further get started
resource:

#So you want to learn WSE 3.0? A short primer on how and where to start.
http://blogs.msdn.com/mfussell/archive/2006/05/25/607820.aspx

Sincerely,

Steven Cheng

Microsoft MSDN Online Support Lead


Delighting our customers is our #1 priority. We welcome your comments and
suggestions about how we can improve the support we provide to you. Please
feel free to let my manager know what you think of the level of service
provided. You can send feedback directly to my manager at:
(e-mail address removed).


--------
From: "GaryDean" <[email protected]>
References: <[email protected]>
Subject: Re: x.509 Certificates
Date: Mon, 25 Aug 2008 06:44:50 -0700
 
Hi Gary,

Have you tried the examples in the WSE 3.0 sdk or do you have any further
questions on this?

Sincerely,

Steven Cheng

Microsoft MSDN Online Support Lead


Delighting our customers is our #1 priority. We welcome your comments and
suggestions about how we can improve the support we provide to you. Please
feel free to let my manager know what you think of the level of service
provided. You can send feedback directly to my manager at:
(e-mail address removed).

==================================================
Get notification to my posts through email? Please refer to
http://msdn.microsoft.com/en-us/subscriptions/aa948868.aspx#notifications.
This posting is provided "AS IS" with no warranties, and confers no rights.

--------------------
Content-Type: text/plain
Content-Transfer-Encoding: 7bit
From: (e-mail address removed) (Steven Cheng [MSFT])
Organization: Microsoft
Date: Tue, 26 Aug 2008 02:22:28 GMT
Subject: Re: x.509 Certificates
 
Back
Top