Using a particular webservice in Powershell

Question

I am trying to access a webservice in Powershell

Here is my code including the error message that I get

[System.Net.ServicePointManager]::ServerCertificateValidationCallback = {$true}
$proxy = New-WebServiceProxy -uri http://url/webService/platform/CoreWebService.svc?wdsl

$cert = new-object System.Security.Cryptography.X509Certificates.X509Certificate("test.cer")

$proxy.ClientCertificates.Add($cert)

$proxy.Credentials = Get-Credential

$proxy.WorkspaceList()

#Ausnahme beim Aufrufen von "WorkspaceList" mit 0 Argument(en):  "Logon failed: unknown user name, wrong password or account disabled."
#In Zeile:2 Zeichen:5
#+     $proxy.WorkspaceList()
#+     ~~~~~~~~~~~~~~~~~~~~~~
#    + CategoryInfo          : NotSpecified: (:) [], MethodInvocationException
#    + FullyQualifiedErrorId : SoapException

Checked the username several times and confirmed with support that it's the right one and that the account is set up for it. Also: it works in a Visual Studio project

When getting the configuration of the webservice via svcutil it gives me the following configuration

<?xml version="1.0" encoding="utf-8" ?>
<configuration>
    <system.serviceModel>
        <bindings>
            <basicHttpBinding>
                <binding name="BasicHttpBinding_ICoreWebServiceBasic" closeTimeout="00:01:00"
                    openTimeout="00:01:00" receiveTimeout="00:10:00" sendTimeout="00:01:00"
                    allowCookies="false" bypassProxyOnLocal="false" hostNameComparisonMode="StrongWildcard"
                    maxBufferSize="65536" maxBufferPoolSize="524288" maxReceivedMessageSize="65536"
                    messageEncoding="Text" textEncoding="utf-8" transferMode="Buffered"
                    useDefaultWebProxy="true">
                    <readerQuotas maxDepth="32" maxStringContentLength="8192" maxArrayLength="16384"
                        maxBytesPerRead="4096" maxNameTableCharCount="16384" />
                    <security mode="None">
                        <transport clientCredentialType="None" proxyCredentialType="None"
                            realm="" />
                        <message clientCredentialType="UserName" algorithmSuite="Default" />
                    </security>
                </binding>
            </basicHttpBinding>
            <wsHttpBinding>
                <binding name="WSHttpBinding_ICoreWebService" closeTimeout="00:01:00"
                    openTimeout="00:01:00" receiveTimeout="00:10:00" sendTimeout="00:01:00"
                    bypassProxyOnLocal="false" transactionFlow="false" hostNameComparisonMode="StrongWildcard"
                    maxBufferPoolSize="524288" maxReceivedMessageSize="65536"
                    messageEncoding="Text" textEncoding="utf-8" useDefaultWebProxy="true"
                    allowCookies="false">
                    <readerQuotas maxDepth="32" maxStringContentLength="8192" maxArrayLength="16384"
                        maxBytesPerRead="4096" maxNameTableCharCount="16384" />
                    <reliableSession ordered="true" inactivityTimeout="00:10:00"
                        enabled="false" />
                    <security mode="Message">
                        <transport clientCredentialType="Windows" proxyCredentialType="None"
                            realm="" />
                        <message clientCredentialType="UserName" negotiateServiceCredential="true"
                            algorithmSuite="Default" establishSecurityContext="true" />
                    </security>
                </binding>
                <binding name="WSHttpBinding_ICoreWebService1" closeTimeout="00:01:00"
                    openTimeout="00:01:00" receiveTimeout="00:10:00" sendTimeout="00:01:00"
                    bypassProxyOnLocal="false" transactionFlow="false" hostNameComparisonMode="StrongWildcard"
                    maxBufferPoolSize="524288" maxReceivedMessageSize="65536"
                    messageEncoding="Text" textEncoding="utf-8" useDefaultWebProxy="true"
                    allowCookies="false">
                    <readerQuotas maxDepth="32" maxStringContentLength="8192" maxArrayLength="16384"
                        maxBytesPerRead="4096" maxNameTableCharCount="16384" />
                    <reliableSession ordered="true" inactivityTimeout="00:10:00"
                        enabled="false" />
                    <security mode="Message">
                        <transport clientCredentialType="Windows" proxyCredentialType="None"
                            realm="" />
                        <message clientCredentialType="Windows" negotiateServiceCredential="true"
                            algorithmSuite="Default" establishSecurityContext="true" />
                    </security>
                </binding>
            </wsHttpBinding>
        </bindings>
        <client>
            <endpoint address="http://url/webService/platform/CoreWebService.svc"
                binding="wsHttpBinding" bindingConfiguration="WSHttpBinding_ICoreWebService"
                contract="ServiceReference1.ICoreWebService" name="WSHttpBinding_ICoreWebService">
                <identity>
                    <certificate encodedValue="certificate string, which I copied into test.pfx, then imported into certificate store and exported as DER encoded cer file" />
                </identity>
            </endpoint>
            <endpoint address="http://url/webService/platform/CoreWebService.svc/wauth"
                binding="wsHttpBinding" bindingConfiguration="WSHttpBinding_ICoreWebService1"
                contract="ServiceReference1.ICoreWebService" name="WSHttpBinding_ICoreWebService1">
                <identity>
                    <servicePrincipalName value="host/AMAZONA-1AGOCUI" />
                </identity>
            </endpoint>
            <endpoint address="http://url/webService/platform/CoreWebService.svc/basic"
                binding="basicHttpBinding" bindingConfiguration="BasicHttpBinding_ICoreWebServiceBasic"
                contract="ServiceReference1.ICoreWebServiceBasic" name="BasicHttpBinding_ICoreWebServiceBasic" />
        </client>
    </system.serviceModel>
</configuration>

In the manual, they give the example for using the WSHttpBinding_ICoreWebService endpoint and that is also what works in a Visual Studio project.

What am I missing in my Powershell script?

Thank you!

Sandro

2014-05-22: updated to reflect latest script

score 0 · Answer 1 · edited May 23 '17 at 12:27

0

You're trying to load X509Certificate from PFX file not CER. PFX is secure certificate that requires private key to save it to the store.

You can either add it to the certificate store manually or through code (using Import-PfxCertificate). Then you can export the CER certificate and can finally do this line:

$cert = new-object System.Security.Cryptography.X509Certificates.X509Certificate("test.cer")

Not sure about the Get-Certificate cmdlet, but you can go with -UseDefaultCredential option too.

Here is a similar thread:

X509Certificate.CreateFromCertFile - the specified network password is not correct

edited May 23 '17 at 12:27

Community

1
1

answered May 21 '14 at 07:22

batbaatar

5,448
2
20
26

Thanks! I imported and exported into Cer file via the Management Console. My question now reflects the suggested changes to the script The result is unfortunately exactly the same This line of yours I don't understand "Not sure about the Get-Certificate cmdlet, but you can go with -UseDefaultCredential option too." – Sandro May 22 '14 at 04:32
@Sandro Look here technet.microsoft.com/en-us/library/hh849841.aspx and let me know if the -UseDefaultCredential option is working for you. In other words try this line $proxy = New-WebServiceProxy -uri url/webService/platform/CoreWebService.svc?wdsl -UseDefaultCredential and remove this line: $proxy.Credentials = Get-Credential – batbaatar May 22 '14 at 05:58
Hello! I tried the above, but that didn't work. And I might missunderstand something: the credentials that need to be given are the login data from the remote webservice, right? There is no association to my Windows account, is there? And I believed that the client certificate from the .config file tells my side what to look for in the other to make sure I am communication with the right webservice. Correct? Either way: I am not there, yet. Anything else I have to do to set up the right end point? – Sandro May 23 '14 at 04:36
Oh wait. Can you open that web service URL from your browser using the certificate in your cert store? If you can't, you must provide user credentials. Get-Credential is a cmdlet that gets the current windows user credentials. Btw, why the last 4 letters of the URL is WDSL not WSDL? – batbaatar May 23 '14 at 05:26
Back to the issue: WDSL was a typo (nice catch, corrected in questions), but correcting it didn't change anything regarding functionality. What do you mean by "open web service URL in browser with certificate"? I can browse to the above URL without WSDL and it will give me a description of how to use it, under ?wsdl I'll get an XML file. Support claims, that they are using HTTP (with some internal measures to make it secure) and thus no certificate needed. I am clarifying that with them – Sandro Jun 02 '14 at 05:42

Using a particular webservice in Powershell

1 Answers1