Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Programming > ASP .Net > ASP .Net Web Services > Unable to call SSL Web Service passing Client Certificate

Reply
Thread Tools

Unable to call SSL Web Service passing Client Certificate

 
 
gardavis
Guest
Posts: n/a
 
      07-02-2004
This is one of those cases where it works (calling the Web Service) in a WinForm app but not in ASP.Net.

I am attempting to call a PayPal Web Service. I got the client certificate from them.

The certificate works in the WinForm app but the same code in ASP.Net fails.

I click the submit button an about a minute or so, this trap occurred:

Web Exception: System.Net.WebException: The underlying connection was closed: Could not establish secure channel for SSL/TLS. ---> System.IO.IOException: Unable to read data from the transport connection. ---> System.Net.Sockets.SocketException: An existing connection was forcibly closed by the remote host at System.Net.Sockets.Socket.Receive(Byte[] buffer, Int32 offset, Int32 size, SocketFlags socketFlags) at System.Net.Sockets.NetworkStream.Read(Byte[] buffer, Int32 offset, Int32 size) --- End of inner exception stack trace --- at System.Net.Sockets.NetworkStream.Read(Byte[] buffer, Int32 offset, Int32 size) at System.Net.TlsStream.ForceRead(Byte[] space, Int32 offset, Int32 amount) at System.Net.TlsStream.ReadFullRecord(Byte[] buffer, Int32 length) at System.Net.TlsStream.Handshake(ProtocolToken message) --- End of inner exception stack trace --- at System.Net.HttpWebRequest.CheckFinalStatus() at System.Net.HttpWebRequest.EndGetRequestStream(IAsy ncResult asyncResult) at System.Net.HttpWebRequest.GetRequestStream() at System.Web.Services.Protocols.SoapHttpClientProtoc ol.Invoke(String methodName, Object[] parameters) at PayPal.PayPalWS.PayPalAPIInterfaceService.GetTrans actionDetails(GetTransactionDetailsReq GetTransactionDetailsReq) in c:\inetpub\wwwroot\thestore24\paypal\web references\paypalws\reference.cs:line 65 at PayPal._Default.Button1_Click(Object sender, EventArgs ev) in c:\inetpub\wwwroot\paypal\default.aspx.cs:line 107


A second (and third...) attempt also produces a trap but a bit different and it occurs immediatly, not after a delay like the one above.


Web Exception: System.Net.WebException: The underlying connection was closed: Could not establish secure channel for SSL/TLS. ---> System.ComponentModel.Win32Exception: The message received was unexpected or badly formatted --- End of inner exception stack trace --- at System.Net.HttpWebRequest.CheckFinalStatus() at System.Net.HttpWebRequest.EndGetRequestStream(IAsy ncResult asyncResult) at System.Net.HttpWebRequest.GetRequestStream() at System.Web.Services.Protocols.SoapHttpClientProtoc ol.Invoke(String methodName, Object[] parameters) at PayPal.PayPalWS.PayPalAPIInterfaceService.GetTrans actionDetails(GetTransactionDetailsReq GetTransactionDetailsReq) in c:\inetpub\wwwroot\thestore24\paypal\web references\paypalws\reference.cs:line 65 at PayPal._Default.Button1_Click(Object sender, EventArgs ev) in c:\inetpub\wwwroot\paypal\default.aspx.cs:line 10


In order to see the warnings from SCHANNEL in the event log, I changed the EventLogging from 1 to 7 using regedit:


KEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control \SecurityProviders\SCHANNELEventLogging = 7


I repeated the failing request and checked the "System" section in the Event Log. I had three log entries from the request. I had two of these:


Event Type: InformationEvent Source: SchannelEvent Category: NoneEvent ID: 36867User: N/ADescription:Creating an SSL client credential.Data:0000: 04 00 00 00 00 00 00 00 ........0008: 00 00 00 00 00 00 00 00 ........0010: 00 00 00 00 00 00 00 00 ........0018: 00 00 00 00 00 00 00 00 ........0020: 20 00 00 00 00 00 00 00 .......0028: 00 00 00 00 00 00 00 00 ........0030: 18 00 00 00 00 00 00 00 ........


And one of these:


Event Type: WarningEvent Source: SchannelEvent Category: NoneEvent ID: 36875User: N/ADescription:The remote server has requested SSL client authentication, but no suitable client certificate could be found. An anonymous connection will be attempted. This SSL connection request may succeed or fail, depending on the server's policy settings.


This message seems to say that the PayPal Web Service has requested the certificate but my server could not find one to return

My code:


PayPalWS.PayPalAPIInterfaceService payPal; PayPalWS.GetTransactionDetailsResponseType response; PayPalWS.GetTransactionDetailsReq request; : : private void Button1_Click(object sender, System.EventArgs ev) { ServicePointManager.CertificatePolicy = new MyCertificateValidation(); payPal = new PayPalWS.PayPalAPIInterfaceService(); response = new PayPalWS.GetTransactionDetailsResponseType(); request = new PayPalWS.GetTransactionDetailsReq(); request.GetTransactionDetailsRequest = new PayPal.PayPalWS.GetTransactionDetailsRequestType() ; request.GetTransactionDetailsRequest.TransactionID = tbxTrnID.Text; // TrnID Fillin field request.GetTransactionDetailsRequest.Version = "1.0"; payPal.Url = "https://api.sandbox.paypal.com/2.0/"; payPal.RequesterCredentials = new PayPalWS.CustomSecurityHeaderType(); payPal.RequesterCredentials.Credentials = new PayPalWS.UserIdPasswordType(); payPal.RequesterCredentials.Credentials.Username = "me_api1.mydomain.com"; payPal.RequesterCredentials.Credentials.Password = "*****" payPal.RequesterCredentials.Credentials.Subject = ""; string sCertFile = Server.MapPath("Certificate.cer"); X509Certificate x509 = X509Certificate.CreateFromCertFile(sCertFile); payPal.ClientCertificates.Add(x509); response = payPal.GetTransactionDetails( request ); // WEB SERVICE TRAPS HERE : : }


A breakpoint shows that the MyCertificatValidation CheckValidationResult() method is not called prior to the trap.

Thanks for any help!

Gary
 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
How to call a Web service by using a client certificate for authentication in an ASP.NET Web application Colin ASP .Net Security 1 07-14-2007 06:44 AM
How to call a Web service by using a client certificate for authentication in an ASP.NET Web application Colin ASP .Net 1 07-14-2007 06:44 AM
How to call a Web service by using a client certificate for authentication in an ASP.NET Web application Colin ASP .Net Web Services 0 07-13-2007 08:09 PM
SSL / Web Service requring client certificates. No certificate server side...? Matthew ASP .Net Security 0 11-02-2004 11:44 AM
Unable to communicate with SSL Web Service using X509 Client Cert gardavis ASP .Net Web Services 0 07-02-2004 09:58 PM



Advertisments