Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

403: Access Forbidden

8 views
Skip to first unread message

Matthew.D...@capitaloneauto.com

unread,
Feb 8, 2005, 8:43:16 PM2/8/05
to
hello,

i am working on my first web service project. i am writing a webpage
that consumes a ws from one of our partners, so i do not have access to
the ws code itself. this partner uses certificates for security. the
steps they gave me to access it are:


1) run wsdl.exe on the "webservice.wsdl" given to me
2) compile the resulting .CS proxy class into a .DLL assembly
3) add this to my project's References section

4) install the .PFX certificate given to me by double-clicking it,
input password
5) go into IE (or Control Panels -> Internet Options) and go to Content
tab, Certificates...
6) click on the newly installed cert and Export, doing so as a DER
X.509 ".CER" file
7) do the following in my app code:

//load up the .cer
X509Certificate cert =
X509Certificate.CreateFromCertFile(@"c:\temp\test.cer");

//attach the cert to my proxy class ws object
ws.ClientCertificates.Add(cert);

//app authentication for proxy object
ws.Credentials = new NetworkCredential("[name]", "[password]");

//use webservice
bool result = ws.ValidateCustomer(customerID);

...however, when i run any of the ws methods, i get a 403 error:

The request failed with HTTP status 403: Access Forbidden.

...according to my IT contact at the partner, he said their logs report
i am failing at the web server level, and am not even reaching the
application's authentication (the NetworkCredential entry). he
indicated this is due to a problem w/ my certificate.

he also said other clients are using it, and provided me w/ a secure
test-form URL that uses the service. i am able to access the URL on
their secure site, so i know it works and apparently my certificate
works (IE asks me if i want to use the installed cert, i say Yes, i get
in and can run the form).


now i am stuck. i have granted ASPNET access to the .cer file, nothing.
have also farted around with the WinHttpCertCfg command line util,
running:

winhttpcertcfg -i webservice.pfx -p [password] -c LOCAL_MACHINE\my -a
aspnet

...which i see puts in entries to "C:\Documents and Settings\All
Users\Application Data\Microsoft\Crypto\RSA\MachineKeys". no use.


obviously, im not a certificate expert. any help would be
appreciated...


thanks!
matt

Matthew.D...@capitaloneauto.com

unread,
Feb 9, 2005, 5:14:10 PM2/9/05
to
i am now able to successfully run the costco webservice in my C#
ASP.NET test project. there were two changes i made on my end:

1) installed .NET Framework 1.1's service pack (the 1.1 release has
it's own SP1), which cites updates to webservices, security, and
certificates. this did not immediately fix my problem... so it may not
be related.

2) added the Certifcates snap-in for the MMC windows management
utility, and using it to delete my certs, re-add the .PFX into the
"Personal" store, then exporting it to a .CER all w/ the MMC snap-in
(and not using Control Panels -> Internet Settings or IE).

works. but i should really test further to establish which of the two
fixed it... im leaning towards #2.. i read in some other places people
said it was better to let MMC manage the store settings set it properly
sets rights.

but who knows, maybe it was both. if i have time ill test it on another
box.

Matthew.D...@capitaloneauto.com

unread,
Feb 16, 2005, 2:26:23 PM2/16/05
to
tested on another machine -- it was using MMC.

the other machine did not have 1.1 SP1 installed, had the same problem
as my machine when installing the certificate just by double-clicking
the .PFX. however, after using MMC's snap-in, importing the .PFX, then
exporting the .CER, i had no trouble.


matt

0 new messages