IDENTITY AND ACCESS MANAGEMENT
[an error occurred while processing this directive]

Directory

Downloads

Internet2 add-ons
 Shibboleth extensions
 Grouper extensions
 UW's Shib 2.x TargetedID

Programs
 Retrieve webiso-protected pages
 Argus, daemon watcher

Libraries for c
 ActiveMQ-CPP interface to c
 EZ-SSL connection library
 EZ-Plot plotting package
 Web template package for c

Apache modules
 Apache auth-location module
 Apache mod_gws authz module

TeX and LaTeX packages
 LaTeX thesis package
 LaTeX double-page floats
 Format c with TeX

Misc
 Plays

 M4 macros

How ... works at UW

 Authentication . . shib & pbc
 UW CA
 
 IdP statistics
 GWS statistics

Notes on ...

 Shibboleth Entitlements
 Shibboleth TargetedID
 Working with webservices
 Working with TeX at UW
 Cross-site request forgery

Related pages

 UW Home
 UW Technology Home

Building a .NET(C#) webservice client

This may help you get a Microsoft.net(C#) client to work with a C&C webservice that requires a UWCA client certificate.

  1. Required software
  2. Certificate installation
  3. Programming notes

Required software

  1. Visual Studio 2005.

  2. Web Services Enhancements (2.0 or 3.0).

Certificate installation

C&C webservices require UWCA certificates for both server and client authentication.

  1. Make sure the UWCA root certificate (UW Services CA)is in your Local Computer trusted CA list.
    1. See the UW Services CA installation page.

  2. Use the UWCA website to access the root certificate and install a certificate for your system.

    1. Request a client certificate for your system.
      1. You must use Internet Explorer.
      2. Select "Request a certificate"
      3. Choose the "ActiveX" request method.

    2. Install the client certificate for your system.
      1. You must again use Internet Explorer.
      2. Select "Manage my certificates"
      3. Click on the request number of your request, then "Retrieve this certificate".
      4. Select "Get the certificate using ActiveX".

  3. Use the mmc tool and the Certificate snap-in to manage certificates on your system.
    1. File->Add/remove snap-in->Add
    2. In the Add Snapin window choose Certificates, then Computer Account, and Add.
    3. Click OK's until back to the Console Root window.
    4. Open the certificate trees to make sure your new certificate found its way into the Local Computer store under Personal. Move it there if not.

  4. Make sure the userid of your service has proper access to the certificate store.

Programming notes

In your Visual Studio 2005 project (we'll call it "WSApplication"):

  1. Add a web reference to the target service's wsdl.

    This will be likely added with the name of the wsdl's ip name. Change that now to something more useful, e.g. "EDSServices".

  2. Add a reference to Microsoft.Web.Services2 or Microsoft.Web.Services3, depending on which version of WSE you have.

In your c# program:

  1. Add the directives:
    WSE 2.0 

      using WSApplication.EDSServices;
  using Microsoft.Web.Services2.Security.X509;
  using System.Security.Cryptography.X509Certificates;

    WSE 3.0 

      using WSApplication.EDSService;
  using Microsoft.Web.Services3.Security.X509;
  using System.Security.Cryptography.X509Certificates;

  2. Add a method to get a certificate from the local store:
    WSE 2.0 

    
    /* Retrieve a certificate by subject name from the Local Machine store. */

    private X509Certificate GetCert(string subject)
    {
        X509Certificate cert = null;

        X509CertificateStore store =
                X509CertificateStore.LocalMachineStore(X509CertificateStore.MyStore);
        store.OpenRead();
        X509CertificateCollection col =
               store.FindCertificateBySubjectString(subject);
        try {
            cert = col[0];
        } catch (Exception e) {
            throw new Exception("Cert not found");
        }
        return (cert);
    }

    WSE 3.0 

    
    /* Retrieve a certificate by subject name from the Local Machine store. */

    private X509Certificate GetCert(string subject)
    {
        X509Certificate cert = null;

        X509Store store = new X509Store(StoreName.My,
                               StoreLocation.LocalMachine);
        store.Open(OpenFlags.ReadOnly);
        X509Certificate2Collection col =
               store.Certificates.Find(X509FindType.FindBySubjectName,
                               subject, true);
        try {
            cert = col[0];
        } catch (Exception e) {
            throw new Exception("Cert not found");
        }
        return (cert);
    }
    adding whatever other checks you might want for no cert or too many certs found.

  3. Add a certificate to your service request.

    Suppose for this example that the wsdl defined a service named "EDSService" that exported a "gettypes" binding. You might call it using: 

    
    X509Certificate cert = GetCert("your_cert_name");
    EDSService eds = new EDSService();
    eds.ClientCertificates.Add(cert);
    string[] types = eds.gettypes(user_id);
    depending, of course, on the specific requirements of the service binding - as defined in the wsdl.
See also:

[an error occurred while processing this directive]
Jim Fox
UW Technology
Identity and Access Management
University of Washington
fox@washington.edu
[an error occurred while processing this directive]
[an error occurred while processing this directive]
[an error occurred while processing this directive]
Fox's Home

© 1983-2017, University of Washington