如何使用客户端证书验证从winforms应用程序实现Web服务（asmx） [英] How to implement web service (asmx) from winforms app using client certificate validation

问题描述

我有一个由winforms客户端应用程序调用的Web服务（asmx）。目前，我正在使用winforms客户端调用的Web服务的共享SSL，不确定它的安全性。但是，我想实现SSL证书安全性来验证将来自客户位置安装的Winforms应用程序的客户端请求。



我正在寻找一些好的指南/链接这可以为我提供客户端（winforms app - 如何使用证书和调用Web服务）和服务器端（在IIS服务器上安装证书等）的Web服务实现的端到端详细信息。有人可以帮我提供这种实现的正确链接/详细信息吗？



注意：我很乐意使用最新的WCF服务进行此类实现，如果简单的话可能会使用它足够。但是，如果不简单并且由于时间限制，我想继续使用基于2.0的asmx Web服务作为第一优先级。



- .NET Framework 4.0版用于托管Web服务的Web应用程序

- Winforms客户端应用程序正在使用.NET Framework 3.5。

I have a web service (asmx) that is being called by winforms client application. Currently, I am using a shared SSL with the web service that is being called by winforms client, not sure how secure is that. But, I would like to implement SSL Certificate security to validate client requests that will come from Winforms application installed at client location.

I am looking for some good guidelines/links which can give me end-to-end details of such implementation for web service both at client side (winforms app - how to use cert and call web services) and server side (install cert on IIS server etc.). Can someone help me provide right links/details for such implementation?

Note: I would love to use latest WCF services for such implementation and may go with it if its simple enough. However, if not simple and due to time constraints, I want to continue using 2.0 based asmx web services for now as a first priority.

- .NET Framework version 4.0 is used on web application where web service is hosted
- Winforms Client application is using .NET Framework 3.5.

推荐答案

请参阅：< a href =http://technet.microsoft.com/en-us/library/cc732996%28v=WS.10%29.aspx> http://technet.microsoft.com/en-us/library/cc732996 ％28v = WS.10％29.aspx [ ^ ]。

-SA

好吧，我找不到任何有端到端解决方案的文章，所以我不得不继续推进我自己的研究/试错法。



为了试用，我为我的域名购买了免费的SSL证书（www.mydomain.com）。



注意：COMODO网站提供90天免费SSL证书（点击此处 [ ^ ]）。他们的支持团队非常棒，可以帮助您解决任何安装问题。您还需要联系您的托管服务提供商以生成CSR（证书签名请求）并提供给您。您可以将CSR带到comodo网站并提交证书订单。您的证书将很快通过电子邮件发送给您。



因此，我通过联系我的托管服务提供商的支持团队在我的网站上安装了证书。我测试了我的网站，看到了锁定的图标和证书信息。到目前为止一直很好。



现在，我想使用客户端证书文件（mydomain.cer）来调用我的网站上托管的Web服务，该服务将从Windows客户端调用。我添加了以下代码。

Well, I could not find any articles with end to end solution so I had to move forward with my own research/trial-error method.

To try out, I bought the FREE SSL certificate for my domain (www.mydomain.com).

Note: Free SSL Certificate for 90 Days is available from COMODO website (click here[^]). Their support team is great and help you troubleshoot any issues for installation etc. You will also need to contact your hosting provider to generate CSR (Certificate Signing Request) and provide to you. You can take the CSR to comodo website and submit an order for cert. Your cert will be emailed to you soon.

So, I installed the certificate on my site by contacting support team of my hosting provider. I tested my site and see the locked icon and certificate information. So far so good.

Now, I wanted to use client certificate file (mydomain.cer) to call web service hosted on my website which will be called from windows client. I added following code.

string certPath = "C:\\MyProjects\\WinApp1\\mydomain.cer";
X509Certificate cert = X509Certificate.CreateFromCertFile(certPath);

调试时，我在第二行发现了以下错误。



CryptographicException：索引值无效。



我也找不到任何关于谷歌下面的错误的具体信息:(所以我联系了Comodo支持团队。他们发给我另一个文件扩展名.CRT而不是.CER。



所以，我对代码应用了以下更改并且它有效。

While debugging, I found the following error on 2nd line.

CryptographicException: "The index value is not valid."

I could not find anything specific about below error on google too :( so I contacted Comodo support team. They sent me another file with extension .CRT instead of .CER.

So, I applied following changes to the code and it worked.

string certPath = "C:\\MyProjects\\WinApp1\\mydomain.CRT";
X509Certificate cert = X509Certificate.CreateFromCertFile(certPath);

接下来，我添加了添加证书的代码并调用Web服务方法。

Next, I added code to add certificate and call the web service method.

service.ClientCertificates.Add(cert);
string resultString = service.ServiceMethod(param1);

但是，我收到以下错误时间。



System.Web.Services.Protocols.SoapException：服务器无法识别HTTP标头SOAPAction的值：



所以，我发现我必须更新我的winforms应用程序中的web服务引用可能是bcoz网站现在包含SSL证书和更改等。



右键单击Web Reference并单击更新Web引用。



应用更改后，我可以使用Web服务调用客户证书，使用下面的代码。

However, I got the following error this time.

System.Web.Services.Protocols.SoapException: Server did not recognize the value of HTTP Header SOAPAction:

So, I found that I had to update the web service reference in my winforms application may be bcoz the website now contains SSL certificate and changes etc.

Right Click on Web Reference and click on "Update Web Reference".

After applying changes, I was able to call web service using Client Certificate, using below code.

string certPath = "C:\\MyProjects\\WinApp1\\mydomain.CRT";
X509Certificate cert = X509Certificate.CreateFromCertFile(certPath);

service.ClientCertificates.Add(cert);
string resultString = service.ServiceMethod(param1);

希望它对某人有帮助。

Hope it helps someone.

这篇关于如何使用客户端证书验证从winforms应用程序实现Web服务（asmx）的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！