2
votes

I have a problem with consuming a java webservice over SSL. I have two approaches, one with .net4.0 and one with .net2.0. Unfortunately the .net4.0 approach did not work. However, the earlier version (2.0) is working correctly:

class Program
{
    static void Main(string[] args)
    {
        try
        {
            Srv.Service client = new Srv.Service ();
            X509Store store = new X509Store(StoreName.My, StoreLocation.CurrentUser);
            store.Open(OpenFlags.ReadOnly);
            string findValue = "IssuerName";
            X509Certificate2Collection certsCollection = store.Certificates.Find(X509FindType.FindByIssuerName, findValue, false);

            X509Certificate2 cert;
            if (certsCollection.Count > 0)
            {
                cert = certsCollection[0];
                client.ClientCertificates.Add(cert); // Only in .net 2.0
            }

            client.MethodA();

        }
        catch (Exception e)
        {
            string msg = e.Message;
        }
    }
}

After that I did something similar in .net4.0 client (throws 'Could not establish secure channel for SSL/TLS with authority {server_name}' Exception):

class Program
{
    static void Main(string[] args)
    {
        try
        {
            Srv.ServiceClient srv = new Srv.ServiceClient();
            X509Store store = new X509Store(StoreName.My, StoreLocation.CurrentUser);
            store.Open(OpenFlags.ReadOnly);
            string findValue = "IssuerName";
            X509Certificate2Collection certsCollection = store.Certificates.Find(X509FindType.FindByIssuerName, findValue, false);

            X509Certificate2 cert;
            if (certsCollection.Count > 0)
            {
                cert = certsCollection[0];
                srv.ClientCredentials.ClientCertificate.Certificate = new X509Certificate2();
                srv.ClientCredentials.ClientCertificate.Certificate = cert;
            }

            client.MethodA();
        }
        catch (Exception e)
        {
            string msg = e.Message;
        }
    }
}

Why is almost the same code is working in 2.0 and throwing an exception in 4.0? Or maybe I am doing it wrong in second example? Overriding of ServicePointManager.ServerCertificateValidationCallback did not help...

Why I cannot add user certificate by Add method in 4.0 like it is done in 2.0 framework?

Edit: I am not using IIS. I am consuming webservice which is hosted on JBoss.

In second example i get following exception:

Could not establish secure channel for SSL/TLS with authority {server_name}

1
are you using IIS..? if so .NET 4.0 has different application pools and I would almost bet that the 2.0 one is pointing to .net 2.0 framework.. I could be mistaken..MethodMan
I think that the credentials and the certificate to use for SSL are two different things.John Saunders
I think that you are right. But how can I put client certificate in client written in 4.0?user1013552

1 Answers

0
votes

I had the same issue. I could invoke web service with soapUI: soapUI My solution - create web reference by using 'Add service reference' dialog (Advanced settings -> Add Web Reference). See: Web Reference vs. Service Reference and Difference between web reference and service reference?