Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

SOAP toolkit 2.0 - problems with client certificates.

142 views
Skip to first unread message

joe fork

unread,
Jun 2, 2004, 10:56:32 AM6/2/04
to
We have a SOAP service on IIS (IIS 5.0), and the IIS site is set to
"accept client certificates" - which means that a SOAP
client should be able to access the SOAP service without using a
client certificate (with "require client certs", the soap client would
need a cert). However, the client (written using the MS SOAP
Toolkit 2.0) cannot access the service. It fails- IIS logs an http
400 (bad request?), and the soap client throws a runtime error 5400.

We are able to access the service over SSL, when IIS is set to ignore
client certificates. Do we need to set the SoapConnector
SSLClientCertificateName property to some blank or null value to let
the service (and IIS) know that we are not using a client certificate?

Also- when IIS is set to "accept client certs", we're able to access
the service from a browser, and from a Java soap client.

Wolfgang Manousek [MSFT]

unread,
Jun 4, 2004, 12:23:31 PM6/4/04
to
a common mistake is that the WSDL file is on the secure site, the toolkit
can not pull the WSDL ...

although with the information you gave I can not even figure out if a WSDL
is in the picture at all ...

Wolfgang
"joe fork" <mjm...@hotmail.com> wrote in message
news:d6fb4645.04060...@posting.google.com...

Rao

unread,
Jun 6, 2004, 11:19:39 PM6/6/04
to
I have similar problem with soaptool kit 3.0 and client certificates. My
WSDL file is on the secure site. I used a copy of the wsdl file on the
client.

call oSoapClient.mssoapinit("cmprofile.wsdl")
oSoapClieny("EndPointURL") ="https://myServer/cmdsoap/cmprofile.wsdl"
oSoapClient.ConnectorProperty("SSLClientCertificateName")="LOCAL_MACHINE\My\OCDEV"

I am getting "Access denied" error.

How everIf I use LOCAL_USER instead of LOCAL_MACHINE
oSoapClient.ConnectorProperty("SSLClientCertificateName")="LOCAL_USER\My\OCDEV"
, I am getting a different error.

Is it necessay to install the client certifcate under a specifc
account(IWAM_MACHINE). What is the procedure to export the client cert to
the server on which my web service exists.?

Thanks in advance.

Rao

Wolfgang Manousek [MSFT]

unread,
Jun 7, 2004, 1:32:52 AM6/7/04
to
you will have to move the wsdl file locally, the toolkit is not able to pull
it from a secure site.

Wolfgang
"Rao" <aka...@hotmail.com> wrote in message
news:d11d851dcc96df0f...@localhost.talkaboutsoftware.com...

Rao

unread,
Jun 7, 2004, 3:41:02 PM6/7/04
to
I have the wsdl locally but I am getting the following error.

Client:An unanticipated error occurred during the processing of this request. HRESULT=0x80070005: Access is denied. - Client:Sending the Soap message failed or no recognizable response was received HRESULT=0x80070005: Access is denied. - Client:Unspecified client error. HRESULT=0x80070005: Access is denied.


Wolfgang Manousek [MSFT]

unread,
Jun 9, 2004, 5:53:28 PM6/9/04
to
can you look at the transfer with a trace?
how many messages do travel? My understanding is that is should work on the
first exchange since no cert is required, but obvious some errors are
returned... what is returned from IIS on the first try?


"Rao" <anon...@discussions.microsoft.com> wrote in message
news:266115FD-7D8C-4BBA...@microsoft.com...

0 new messages