Call WebService from C# application using SSL

Question

In my C# desktop application, I am calling web services developed in php. I can have the CA file. I don't know how to call the web service via SSL and authenticating the certificate. What do I have to pass the server and what to expect in response form the server for authenticating ? Honestly I have no idea.

EDIT : Referred from : http://weblogs.asp.net/jan/archive/2003/12/04/41154.aspx

// Before calling web service System.Net.ServicePointManager.CertificatePolicy = new MyPolicy();

public class MyPolicy : ICertificatePolicy
{
    X509Certificate clientCert = null;

    public MyPolicy() {
        clientCert = X509Certificate.CreateFromSignedFile(HTTPUtility.CERT_FILE);
    }

    public bool CheckValidationResult(ServicePoint srvPoint, X509Certificate certificate, WebRequest request, int certificateProblem)
    {
        Console.WriteLine("********* Into CheckValidationResult : " + certificate.ToString());

        Console.WriteLine("####### Client Certificate : " + clientCert.ToString() + "\n" + "Subject = " + clientCert.Subject);
        Console.WriteLine("Issuer : " + clientCert.Issuer + "\n Seral No : " + clientCert.GetSerialNumberString());
        Console.WriteLine("Not Before : " + clientCert.GetEffectiveDateString() +" \n Not After : " + clientCert.GetExpirationDateString());
        Console.WriteLine("Thumb Print : " + clientCert.GetPublicKeyString());
        Console.WriteLine("######## EQuals SERVER CERT : " + clientCert.Equals(certificate));

        // Force to return true
        return true;
    }
}

Is the above method of checking correct ? If not why and what can be the solution. I also get this warning "'System.Net.ServicePointManager.CertificatePolicy' is obsolete: 'CertificatePolicy is obsoleted for this type, please use ServerCertificateValidationCallback instead.".

With this how can I know if the CheckValidationResult() returned false ?

Any help is highly appreciated.

Thanks

score 2 · Accepted Answer · answered Apr 13 '11 at 16:17

2

Have you tried using ServerCertificateValidationCallback as recommended in the obsolescence message? For example, you could add a method like the following to your existing MyPolicy class:

public bool ValidateServerCertificate(object sender, X509Certificate certificate, X509Chain chain, SslPolicyErrors sslPolicyErrors)
{
    Console.WriteLine(sslPolicyErrors);  // Or whatever you want to do...
    return true;
}

Once that's done, you could replace your existing

System.Net.ServicePointManager.CertificatePolicy = new MyPolicy();

line with the following:

MyPolicy policy = new MyPolicy();
System.Net.ServicePointManager.ServerCertificateValidationCallback = policy.ValidateServerCertificate;

answered Apr 13 '11 at 16:17

Nicole Calinoiu

20,843
2
44
49

How will I know that policy.ValidateServerCertificate returned true/ false. I didn't fina any way to frond from ServicePointManager.ServerCertificateValidationCallback. If I want to ceck the public/private keys, can it be accomplised via this ? Or I am going wrong ??? – Tvd Apr 14 '11 at 07:36
I think you may have misunderstood what use of a custom certificate policy is meant to accomplish. It is intended to allow you to use invalid certificates under certain circumstances (usually during development). It doesn't sound like this is what you are trying to do. Could you perhaps explain exactly what that might be? – Nicole Calinoiu Apr 14 '11 at 12:34
Thanks Nicole. My needs are : With my package a CA file will be with client. When I request for a wEb Service I just need the client to verify the self-signed server certificate using the CA, we're not going to use a client certificate for each client, the service itself is public so we don't care who's using it. This has to do with public/private key files and is normally done by the object. This is my requirement. What I am doing is it wrong or inappropiarte ? What and how shuold I do to achieve the goal ? – Tvd Apr 15 '11 at 08:04
I'm afraid that I don't understand the first sentence of your response (although the rest seems to be quite simple). What is "my package", and what do you mean by "a CA file will be with client"? Otherwise, it sounds like you just want to let your code consume a web service that is using an otherwise untrusted certificate for HTTPs. If this interpretation is incorrect, please explain your scenario in greater detail. – Nicole Calinoiu Apr 15 '11 at 11:34

score 1 · Answer 2 · answered Apr 13 '11 at 11:56

1

Take a look at this: How to call a Web service by using a client certificate for authentication in an ASP.NET Web application

You can find 2 examples at the bottom of that page.

answered Apr 13 '11 at 11:56

HABJAN

9,212
3
35
59

Both uses WSE. I don't wish to use WSE just for this case if it can be achieved using ServicePointManager. Please refer the code above. – Tvd Apr 13 '11 at 14:17

Call WebService from C# application using SSL

2 Answers2

Linked