IDENTITY AND ACCESS MANAGEMENT
[an error occurred while processing this directive]

Building a .NET(C#) webservice client

This may help you get a Microsoft.net(C#) client to work with a C&C webservice that requires a UWCA client certificate.

  1. Required software
  2. Certificate installation
  3. Programming notes


Required software

  1. Visual Studio 2005.

  2. Web Services Enhancements (2.0 or 3.0).


Certificate installation

C&C webservices require UWCA certificates for both server and client authentication.

  1. Make sure the UWCA root certificate (UW Services CA)is in your Local Computer trusted CA list.
    1. See the UW Services CA installation page.

  2. Use the UWCA website to access the root certificate and install a certificate for your system.

    1. Request a client certificate for your system.
      1. You must use Internet Explorer.
      2. Select "Request a certificate"
      3. Choose the "ActiveX" request method.

    2. Install the client certificate for your system.
      1. You must again use Internet Explorer.
      2. Select "Manage my certificates"
      3. Click on the request number of your request, then "Retrieve this certificate".
      4. Select "Get the certificate using ActiveX".

  3. Use the mmc tool and the Certificate snap-in to manage certificates on your system.
    1. File->Add/remove snap-in->Add
    2. In the Add Snapin window choose Certificates, then Computer Account, and Add.
    3. Click OK's until back to the Console Root window.
    4. Open the certificate trees to make sure your new certificate found its way into the Local Computer store under Personal. Move it there if not.

  4. Make sure the userid of your service has proper access to the certificate store.


Programming notes

In your Visual Studio 2005 project (we'll call it "WSApplication"):

  1. Add a web reference to the target service's wsdl.

    This will be likely added with the name of the wsdl's ip name. Change that now to something more useful, e.g. "EDSServices".

  2. Add a reference to Microsoft.Web.Services2 or Microsoft.Web.Services3, depending on which version of WSE you have.

In your c# program:

  1. Add the directives:
    WSE 2.0

      using WSApplication.EDSServices;
      using Microsoft.Web.Services2.Security.X509;
      using System.Security.Cryptography.X509Certificates;
    


    WSE 3.0

      using WSApplication.EDSService;
      using Microsoft.Web.Services3.Security.X509;
      using System.Security.Cryptography.X509Certificates;
    

  2. Add a method to get a certificate from the local store:
    WSE 2.0

    
        /* Retrieve a certificate by subject name from the Local Machine store. */
    
        private X509Certificate GetCert(string subject)
        {
            X509Certificate cert = null;
    
            X509CertificateStore store =
                    X509CertificateStore.LocalMachineStore(X509CertificateStore.MyStore);
            store.OpenRead();
            X509CertificateCollection col =
                   store.FindCertificateBySubjectString(subject);
            try {
                cert = col[0];
            } catch (Exception e) {
                throw new Exception("Cert not found");
            }
            return (cert);
        }
    
    


    WSE 3.0

    
        /* Retrieve a certificate by subject name from the Local Machine store. */
    
        private X509Certificate GetCert(string subject)
        {
            X509Certificate cert = null;
    
            X509Store store = new X509Store(StoreName.My,
                                   StoreLocation.LocalMachine);
            store.Open(OpenFlags.ReadOnly);
            X509Certificate2Collection col =
                   store.Certificates.Find(X509FindType.FindBySubjectName,
                                   subject, true);
            try {
                cert = col[0];
            } catch (Exception e) {
                throw new Exception("Cert not found");
            }
            return (cert);
        }
    
    
    adding whatever other checks you might want for no cert or too many certs found.

  3. Add a certificate to your service request.

    Suppose for this example that the wsdl defined a service named "EDSService" that exported a "gettypes" binding. You might call it using:

    
        X509Certificate cert = GetCert("your_cert_name");
        EDSService eds = new EDSService();
        eds.ClientCertificates.Add(cert);
        string[] types = eds.gettypes(user_id);
    
    
    depending, of course, on the specific requirements of the service binding - as defined in the wsdl.


[an error occurred while processing this directive]
Jim Fox
UW Technology
Identity and Access Management
University of Washington
fox@washington.edu
[an error occurred while processing this directive]
[an error occurred while processing this directive]
[an error occurred while processing this directive]
Fox's Home

© 1983-2017, University of Washington