c# - WebAPI Certificates and Authentication - ELI5 -

-

i'm sure i'm missing key facts, can you. i'm confused on how needs work:

  • server 1 – iis 8, hosting vendor’s webapi, anonymous , windows authentication. providers negotiate, ntlm. https , signed certificate (cert1).
  • server 2 – iis8, new webapi connecting server1’s webapi. i’m assuming need store cert1 on server 2. have certificate, https (cert2)
  • server 3 – iis 8, website connecting server 2’s webapi.
  • user – browser connecting server 3, windows authentication only. every server , user’s browser connects same active directory.

i have access server1’s web.config change bindings, not code. in visual studio 2013, when add service reference server 2, web.config added this:

<system.servicemodel> <bindings>   <wshttpbinding>     <binding name="wshttpbinding_icorewebservice">       <security mode="transport">         <transport clientcredentialtype="windows" proxycredentialtype="none" realm="" />         <message clientcredentialtype="certificate" negotiateservicecredential="true" algorithmsuite="default" establishsecuritycontext="true" />       </security>     </binding>   </wshttpbinding> </bindings> <client>   <endpoint address="https://dave.domain.com/webservice/corewebservice.svc" binding="wshttpbinding" bindingconfiguration="wshttpbinding_icorewebservice" contract="dave.icorewebservice" name="wshttpbinding_icorewebservice">     <identity>       <userprincipalname value="server1serviceaccount@dave.domain.com" />     </identity>   </endpoint> </client>

this server1's webapi web.config

<system.servicemodel> <bindings>   <wshttpbinding>     <!-- following block used secure connection (https)-->     <binding name="daveservicebinding" maxreceivedmessagesize="2147483647" maxbufferpoolsize="2147483647" receivetimeout="00:05:00" sendtimeout="00:05:00">       <readerquotas maxdepth="2147483647" maxstringcontentlength="2147483647" maxarraylength="2147483647" maxbytesperread="2147483647" maxnametablecharcount="2147483647" />       <security mode="transportwithmessagecredential">         <transport clientcredentialtype="none" />         <message clientcredentialtype="username" />       </security>     </binding>   </wshttpbinding> </bindings> <services>   <service name="dave.webservice.corewebservice" behaviorconfiguration="davewebservicebehavior">     <endpoint address="" binding="wshttpbinding" bindingconfiguration="davewebservicebinding" contract="dave.webservice.icorewebservice" />     <endpoint address="wauth" binding="wshttpbinding" bindingconfiguration="davewebservicebindingwauth" contract="dave.webservice.icorewebservice" />     <endpoint address="mex" binding="mexhttpsbinding" contract="imetadataexchange" />   </service> </services> <behaviors>   <servicebehaviors>     <behavior name="davewebservicebehavior">       <datacontractserializer maxitemsinobjectgraph="2147483647" />       <servicecredentials>         <usernameauthentication usernamepasswordvalidationmode="custom" customusernamepasswordvalidatortype="dave.webservice.webserviceauthvalidator,dave.webservice" />       </servicecredentials>       <servicemetadata httpsgetenabled="true" />       <servicedebug includeexceptiondetailinfaults="true" />     </behavior>   </servicebehaviors> </behaviors>

  1. i’m having trouble how certificates work between server 1 , server 2. need download cert1 , store on server2? refer certificate when make call. code isn't finding certificate:

    svc.clientcredentials.servicecertificate.setdefaultcertificate(storelocation.localmachine,             storename.trustedpublisher,             x509findtype.findbysubjectname, "cn = dave.domain.com, ou = zz123, o = dave, inc., l = chicago, s = illinois, c = us");

  2. how can bubble windows authentication user server1? vendor’s api authenticate through message.

right now, i’m able browse service locally, i’ve been stuck on server 2 , getting certificate. want make sure i’m storing , referencing correctly.

thanks in advance.

the subject name needed domain, , used mmc make sure certificate should be.

mmc -> certificates (you may need add them in snap-in)

trusted people -> certificates.

hope helps someone.


Comments

Post a Comment

Popular posts from this blog

javascript - Karma not able to start PhantomJS on Windows - Error: spawn UNKNOWN -

-
i lost "unknown" error: karma.conf.js: frameworks: ['mocha', 'should'], plugins: ['karma-mocha', 'karma-should', 'karma-phantomjs-launcher'], ... browsers: ['phantomjs'], error: 23 07 2015 14:35:37.691:warn [karma]: no captured browser, open http://localhost:9876/ 23 07 2015 14:35:37.701:info [karma]: karma v0.13.3 server started @ http://localhost:9876/ 23 07 2015 14:35:37.707:info [launcher]: starting browser phantomjs 23 07 2015 14:35:37.738:error [karma]: { [error: spawn unknown] code: 'unknown', errno: 'unknown', syscall: 'spawn' } error: spawn unknown @ exports._errnoexception (util.js:749:11) @ childprocess.spawn (child_process.js:1093:11) @ exports.spawn (child_process.js:933:9) @ object._execcommand (c:\users\jinga4x\git\mdl-sample-project\node_modules\karma\lib\launchers\process.js:63:21) @ object._start (c:\users\jinga4x\git\md...
Read more

Nuget pack csproj using nuspec -

-
i want create nuget package contains specified in nuspec file, still version csproj. in order use token have pack like: nuget pack myproj.csproj but when adds dependencies , creates unwanted folder in nuget package. nuspec file is: <?xml version="1.0" encoding="utf-8"?> <package xmlns="http://schemas.microsoft.com/packaging/2011/08/nuspec.xsd"> <metadata> <id>test</id> <version>$version$</version> <title>test</title> <authors>test</authors> <owners>test</owners> <requirelicenseacceptance>false</requirelicenseacceptance> <description>test</description> <summary>test</summary> <releasenotes>test</releasenotes> <copyright>test</copyright> </metadata> <files> <file src="bin\debug\*.dll" target="lib\net45" /> <file s...
Read more

c# - Display ASPX Popup control in RowDeleteing Event (ASPX Gridview) -

-
i have aspxgridview includes new , delete button. delete button includs gv_rowdeleting event. want show aspxpopupcontrol (id="pupconfirm"). want user have confirm password delete item. tried: protected void gv_rowdeleting(object sender, devexpress.web.data.aspxdatadeletingeventargs e) { pupconfirm.showonpageload = true; } but nothing happened. please me. !!! you can create template column javascript prompt confirmation. <itemtemplate> <asp:linkbutton id="btndelete" runat="server" text="delete" commandname="delete" onclientclick="javascript:if(!confirm('are sure want delete record?')){return false;}"> </asp:linkbutton> </itemtemplate>
Read more