How can I get the X509Certificate sent from the client in web service?

Question

I am trying to get client certificate in web service.

I add client certificate in proxy object and call web method Verify.

private void button2_Click(object sender, EventArgs e)
{
    string certPath = "D:\\test.pfx";
    cert = new X509Certificate2(certPath,"pass");
    Service1 obj = new Service1();
    obj.ClientCertificates.Add(cert);
    textBox2.Text = obj.Verify();
}

Web Method in Web Service:

[WebMethod]
public string Verify()
{
    X509Certificate2 cert = new X509Certificate2(Context.Request.ClientCertificate.Certificate);
    bool test = cert.Verify();
    return test.ToString();

}

In finish with this error:

System.Web.Services.Protocols.SoapException: Server was unable to process request. ---> System.Security.Cryptography.CryptographicException: m_safeCertContext is an invalid handle.

I don't know why. I used this sample.

I test web service and client on localhost.

Possible duplicate of http://stackoverflow.com/questions/7528455/how-to-get-the-x509certificate-from-a-client-request?lq=1 — Michael Freidgeim, Jun 20 '13 at 21:45

score 1 · Answer 1 · edited Dec 30 '22 at 15:06

1

Have you tried to follow this guide?

Host the project from IIS - not the thin web server that is bundled with VS2005.

From within VS2005 select File - New Web Site.

Select the Location of HTTP then enter the path eg: http://localhost/MyWebSite. Note that you don't have to use HTTPS just yet (I find it easier for development to use HTTP then when deploying to UAT or Production to use HTTPS).

Code up a test form.

Go into IIS Admin - right click on the new app (MyWebSite) and select Properties.

On the Directory Security tab, click Edit... under 'Secure communications'.

Make sure 'Accept client certificates' is checked.

When you run your app - make sure you use HTTPS in the url eg: https://localhost/MyWebSite

edited Dec 30 '22 at 15:06

Glorfindel

21,988
13
81
109

answered Sep 12 '09 at 09:49

Filip Navara

4,818
1
26
37

I don t use SSL, I only want send client certificate on Web Service. I configure access to the client certificate with tool WinHttpCertCfg.exe, but the error is same...I don t know why.. – Sep 12 '09 at 11:04
1

You can't send the certificate without using SSL. – Filip Navara Sep 12 '09 at 11:25
If I don't use SSL, I don't send certificate ?? Why ?? I can't send any type od certificate ? *.cer, .*pfx? any type ? I don't believe.. – Sep 12 '09 at 17:58
The certificates are sent as part of the SSL protocol, not as part of the plain HTTP, so you really need to use HTTPS (HTTP+SSL). – Filip Navara Sep 12 '09 at 18:03
to Filip Navara.. oh Sory, my wrong... I use own secure comunication (based on soap extension + symetric cryptograhy), I try use client certificate only on aunthentification in web service. – Sep 12 '09 at 19:53

How can I get the X509Certificate sent from the client in web service?

1 Answers1