Click here to Skip to main content
15,887,987 members
Search within:


How to implement web service (asmx) from winforms app using client certificate validation
Please Sign up or sign in to vote.
1.00/5 (2 votes)
I have a web service (asmx) that is being called by winforms client application. Currently, I am using a shared SSL with the web service that is being called by winforms client, not sure how secure is that. But, I would like to implement SSL Certificate security to validate client requests that will come from Winforms application installed at client location.

I am looking for some good guidelines/links which can give me end-to-end details of such implementation for web service both at client side (winforms app - how to use cert and call web services) and server side (install cert on IIS server etc.). Can someone help me provide right links/details for such implementation?

Note: I would love to use latest WCF services for such implementation and may go with it if its simple enough. However, if not simple and due to time constraints, I want to continue using 2.0 based asmx web services for now as a first priority.

- .NET Framework version 4.0 is used on web application where web service is hosted
- Winforms Client application is using .NET Framework 3.5.
Posted
Updated 15-Mar-17 3:35am
Add a Solution

2 solutions

Please see: http://technet.microsoft.com/en-us/library/cc732996%28v=WS.10%29.aspx[^].

—SA
 
Share this answer
 
Posted
Comments
[no name] 26-Sep-13 10:33am    
Thanks for the link but I am looking for end-to-end solution with some code snippets and screenshots. Is there any?
Sergey Alexandrovich Kryukov 26-Sep-13 12:23pm    
I am not sure. Sorry, but the real end-to-end solution is the one you create, as a software developer. This is where our forum helps...
—SA
[no name] 30-Sep-13 21:34pm    
I bought the SSL certificate for my domain (www.mydomain.com) and installed the certificate on my hosting site. Now, I am trying to add the client certificate file (mydomain.cer) on web service call from windows client but gives me a CryptographicException: "The index value is not valid." on the following line.


string certPath = "C:\\MyProjects\\WinApp1\\mydomain.cer";
X509Certificate cert = X509Certificate.CreateFromCertFile(certPath);

Can anyone please advise?
[no name] 30-Sep-13 22:08pm    
Update: I used Comodo InstantSSL certificate and contacted them. They sent me another few files with extention crt. So, instead of using .CER file, when I used .CRT file, the following code worked and I was able to create the cert from file.

string certPath = "C:\\MyProjects\\WinApp1\\mydomain.CRT";
X509Certificate cert = X509Certificate.CreateFromCertFile(certPath);

Next, while calling my web service method, I am getting the following error.

System.Web.Services.Protocols.SoapException: Server did not recognize the value of HTTP Header SOAPAction:
[no name] 1-Oct-13 10:36am    
So, found that I had to update the web service reference in my winforms application may be bcoz the website now contains SSL certificate and changes. After applying changes, I was able to call web service using Client Certificate, using below code.

string certPath = "C:\\MyProjects\\WinApp1\\mydomain.CRT";
X509Certificate cert = X509Certificate.CreateFromCertFile(certPath);

service.ClientCertificates.Add(cert);
string resultString = service.ServiceMethod(param1);

Note: I am updating my responses here so that it can be helpful to those very new to such implementation.
Well, I could not find any articles with end to end solution so I had to move forward with my own research/trial-error method.

To try out, I bought the FREE SSL certificate for my domain (www.mydomain.com).

Note: Free SSL Certificate for 90 Days is available from COMODO website (click here[^]). Their support team is great and help you troubleshoot any issues for installation etc. You will also need to contact your hosting provider to generate CSR (Certificate Signing Request) and provide to you. You can take the CSR to comodo website and submit an order for cert. Your cert will be emailed to you soon.

So, I installed the certificate on my site by contacting support team of my hosting provider. I tested my site and see the locked icon and certificate information. So far so good.

Now, I wanted to use client certificate file (mydomain.cer) to call web service hosted on my website which will be called from windows client. I added following code.

C#
string certPath = "C:\\MyProjects\\WinApp1\\mydomain.cer";
X509Certificate cert = X509Certificate.CreateFromCertFile(certPath);


While debugging, I found the following error on 2nd line.

CryptographicException: "The index value is not valid."

I could not find anything specific about below error on google too :( so I contacted Comodo support team. They sent me another file with extension .CRT instead of .CER.

So, I applied following changes to the code and it worked.

C#
string certPath = "C:\\MyProjects\\WinApp1\\mydomain.CRT";
X509Certificate cert = X509Certificate.CreateFromCertFile(certPath);


Next, I added code to add certificate and call the web service method.

C#
service.ClientCertificates.Add(cert);
string resultString = service.ServiceMethod(param1);


However, I got the following error this time.

System.Web.Services.Protocols.SoapException: Server did not recognize the value of HTTP Header SOAPAction:

So, I found that I had to update the web service reference in my winforms application may be bcoz the website now contains SSL certificate and changes etc.

Right Click on Web Reference and click on "Update Web Reference".

After applying changes, I was able to call web service using Client Certificate, using below code.

C#
string certPath = "C:\\MyProjects\\WinApp1\\mydomain.CRT";
X509Certificate cert = X509Certificate.CreateFromCertFile(certPath);

service.ClientCertificates.Add(cert);
string resultString = service.ServiceMethod(param1);


Hope it helps someone.
 
Share this answer
 
Posted
Add a Solution

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

  Print Answers RSS
Top Experts
Last 24hrsThis month
Related Questions
Certificate validation using poco C++
How to implement oauth2 in C# winforms
Web service certificate problem C#
Validate the Client certificate in web api
Client for ASMX Web services with compression not working on a particular server
X509 certificate, want to retrieve certificate from client personal store
WCF Service using Custom Username from a Windows Client app
The remote certificate is invalid according to the validation procedure
Authenticating non-.NET clients to an asmx web service
Implementing Digital Certificates

Advertise
Privacy
Cookies
Terms of Use
Last Updated 15 Mar 2017
Layout: fixed | fluid
Copyright © CodeProject, 1999-2024
All Rights Reserved.

Web02 2.8:2024-04-02:1

CodeProject, 20 Bay Street, 11th Floor Toronto, Ontario, Canada M5J 2N8 +1 (416) 849-8900