Web service et certificat d'authentification
Bonjour,
Dans un programme j'ai un appel à un Web Service qui évolue et qui doit intégrer un certificat d'authentification.
Je me suis renseigné sur le sujet et j'ai essayé de modifier mon appel mais malheureusement j'ai le serveur distant qui n'a pas l'air d'accord avec ce que je fais et qui me retourne un 403:forbidden:
Et je ne vois pas ou se situe le problème alors si quelqu'un veut m'aider dans mes investigations et à mieux comprendre l'utilisation de certificats je suis à son écoute.
J'ai en ma possession un fichier "certificat.crt".
La connection ne nécessite pas d'identifiant de connection.
Code:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109
|
public static string SoapRequest(String orderRequest)
{
try
{
String soapRequest = ESBManager.Read(TPL.SOAP_REQUEST);
soapRequest = String.Format(soapRequest, orderRequest);
byte[] buffer = Encoding.ASCII.GetBytes(soapRequest);
//TEST DIT 33576
//You must change the path to point to your .cer file location.
X509Certificate Cert = X509Certificate.CreateFromCertFile("C:\\Temp\\certificat.crt");
// Handle any certificate errors on the certificate from the server.
ServicePointManager.ServerCertificateValidationCallback = CertificateValidationCallBack;
HttpWebRequest WebReq = (HttpWebRequest)WebRequest.Create("https://xxxxxxxxx");
//Test DIT 33576
WebReq.ClientCertificates.Add(Cert);
WebReq.UserAgent = "Client Cert Sample";
// Elargissement du timeout
WebReq.Timeout = 300000;
//Set the method/action type
WebReq.Method = "POST";
//We use form contentType
WebReq.ContentType = "soap/xml; charset=utf-8";
//The length of the buffer
WebReq.ContentLength = buffer.Length;
//We open a stream for writing the post data
Stream MyPostData = WebReq.GetRequestStream();
//Now we write, and after wards, we close. Closing is always important!
MyPostData.Write(buffer, 0, buffer.Length);
MyPostData.Close();
//Get the response handle, we have no true response yet!
HttpWebResponse WebResp = (HttpWebResponse)WebReq.GetResponse();
//Now, we read the response (the string), and output it.
Stream MyResponse = WebResp.GetResponseStream();
StreamReader MyResponseReader = new StreamReader(MyResponse);
//Read the response Stream and write it
String response = MyResponseReader.ReadToEnd();
return response;
}
catch (Exception ex)
{
throw ex;
}
}
//Test DIT 33576
private static bool CertificateValidationCallBack(
object sender,
System.Security.Cryptography.X509Certificates.X509Certificate certificate,
System.Security.Cryptography.X509Certificates.X509Chain chain,
System.Net.Security.SslPolicyErrors sslPolicyErrors)
{
// If the certificate is a valid, signed certificate, return true.
if (sslPolicyErrors == System.Net.Security.SslPolicyErrors.None)
{
return true;
}
// If there are errors in the certificate chain, look at each error to determine the cause.
if ((sslPolicyErrors & System.Net.Security.SslPolicyErrors.RemoteCertificateChainErrors) != 0)
{
if (chain != null && chain.ChainStatus != null)
{
foreach (System.Security.Cryptography.X509Certificates.X509ChainStatus status in chain.ChainStatus)
{
if ((certificate.Subject == certificate.Issuer) &&
(status.Status == System.Security.Cryptography.X509Certificates.X509ChainStatusFlags.UntrustedRoot))
{
// Self-signed certificates with an untrusted root are valid.
continue;
}
else
{
if (status.Status != System.Security.Cryptography.X509Certificates.X509ChainStatusFlags.NoError)
{
// If there are any other errors in the certificate chain, the certificate is invalid,
// so the method returns false.
return false;
}
}
}
}
// When processing reaches this line, the only errors in the certificate chain are
// untrusted root errors for self-signed certificates. These certificates are valid
// for default Exchange server installations, so return true.
return true;
}
else
{
// In all other cases, return false.
return false;
}
} |
Le certificat est bien chargé dans l'ogjet X509Certificate Cert.
L'erreur apparait lors de l'appel à
Code:
Stream MyPostData = WebReq.GetRequestStream();
Quelqu'un aurait-il une idée de ce qui cloche ou manque?
Cordialement,
Christophe.