I am trying to create a connection to a web service via WSDL. I was told that the service authentication is called TLS with certificate exchange authentication. I created the client through "Add Service Link" in visual studio. When I send a command, I expect to see a “handshake” in a wired shark, but I don’t even see the initiation of initiating a “Customer Greetings”.
Service authentication is described here:
http://en.wikipedia.org/wiki/Transport_Layer_Security#Description
My client is written in C #
Here is the complete program that I run to test the connection (it starts with Run ()):
public class ClientExample
{
private const string Url =
"https://xxxxxxxxx";
public static void Run()
{
ServicePointManager.ServerCertificateValidationCallback += ValidateCertificate;
ServicePointManager.SecurityProtocol = SecurityProtocolType.Ssl3;
PerformTest("Clear Cache", GetBinding());
}
private static Binding GetBinding()
{
var bec = new BindingElementCollection
{
new TextMessageEncodingBindingElement(MessageVersion.Soap12, Encoding.UTF8),
new HttpsTransportBindingElement{ RequireClientCertificate = true }
};
return new CustomBinding(bec);
}
private static void PerformTest(string test, Binding binding)
{
try
{
Console.ResetColor();
Console.ForegroundColor = ConsoleColor.Green;
Console.WriteLine(test);
Console.ResetColor();
var client = GetClient(binding);
SendMessage(client);
}
catch (Exception e)
{
DisplayError(e);
}
}
private static MyClient GetClient(Binding binding)
{
var endpointAddress = new EndpointAddress(Url);
var client = new MyClient(binding, endpointAddress);
if (client.ClientCredentials != null)
{
client.ClientCredentials.ClientCertificate.SetCertificate(StoreLocation.LocalMachine, StoreName.My,
X509FindType.FindBySubjectName,
"xxxxxxxxxxxxx");
}
return client;
}
private static void SendMessage(ChargePointServiceClient client)
{
var response = client.clearCache("xxxxxxxxxxxxx", new ClearCacheRequest());
Console.WriteLine(ClearCacheDescription(response));
}
private static string ClearCacheDescription(ClearCacheStatus response)
{
switch (response)
{
case ClearCacheStatus.Accepted:
return "Accepted";
case ClearCacheStatus.Rejected:
return "Rejected";
}
return "Unkown";
}
private static bool ValidateCertificate(object sender, X509Certificate certificate, X509Chain chain, SslPolicyErrors sslpolicyerrors)
{
switch (sslpolicyerrors)
{
case SslPolicyErrors.None:
return true;
case SslPolicyErrors.RemoteCertificateChainErrors:
DisplayWarningMessage("RemoteCertificateChainErrors");
return false;
case SslPolicyErrors.RemoteCertificateNameMismatch:
DisplayWarningMessage("RemoteCertificateNameMismatch");
return false;
case SslPolicyErrors.RemoteCertificateNotAvailable:
DisplayWarningMessage("RemoteCertificateNotAvailable");
return false;
default:
DisplayWarningMessage("Unkown Certificate Validation Error");
return false;
}
}
private static void DisplayError(Exception exception)
{
if (exception == null)
return;
Console.BackgroundColor = ConsoleColor.DarkRed;
Console.ForegroundColor = ConsoleColor.White;
Console.WriteLine(@"Exception");
Console.ResetColor();
Console.WriteLine(exception.Message);
if (exception.InnerException != null)
Console.WriteLine();
DisplayError(exception.InnerException);
}
private static void DisplayWarningMessage(string message)
{
Console.BackgroundColor = ConsoleColor.DarkYellow;
Console.ForegroundColor = ConsoleColor.White;
Console.WriteLine(message);
Console.ResetColor();
}
}
I registered all network traffic through system.diagnostic in my app.config:
<system.diagnostics>
<sources>
<source name="System.Net">
<listeners>
<add name="System.Net"/>
</listeners>
</source>
<source name="System.Net.Sockets">
<listeners>
<add name="System.Net"/>
</listeners>
</source>
<source name="System.Net.Cache">
<listeners>
<add name="System.Net"/>
</listeners>
</source>
</sources>
<switches>
<add name="System.Net" value="Verbose"/>
<add name="System.Net.Sockets" value="Verbose"/>
<add name="System.Net.Cache" value="Verbose"/>
</switches>
<sharedListeners>
<add name="System.Net"
type="System.Diagnostics.TextWriterTraceListener"
traceOutputOptions="None"
initializeData="network.log"
/>
</sharedListeners>
<trace autoflush="true"/>
</system.diagnostics>
:
, tls:
System.Net Information: 0 : [9040] TlsStream
:
System.Net Information: 0 : [9040] SecureChannel
System.Net Information: 0 : [9040] Enumerating security packages:
System.Net Information: 0 : [9040] Negotiate
System.Net Information: 0 : [9040] NegoExtender
System.Net Information: 0 : [9040] Kerberos
System.Net Information: 0 : [9040] NTLM
System.Net Information: 0 : [9040] TSSSP
System.Net Information: 0 : [9040] pku2u
System.Net Information: 0 : [9040] Schannel
System.Net Information: 0 : [9040] Microsoft Unified Security Protocol Provider
System.Net Information: 0 : [9040] LiveSSP
System.Net Information: 0 : [9040] WDigest
System.Net Information: 0 : [9040] CREDSSP
System.Net Information: 0 : [9040] SecureChannel
, :
System.Net Information: 0 : [9040] SecureChannel#11159819 - Left with 1 client certificates to choose from.
System.Net Information: 0 : [9040] SecureChannel#11159819 - Trying to find a matching certificate in the certificate store.
System.Net Information: 0 : [9040] SecureChannel#11159819 - Locating the private key for the certificate: [Version]
, . , ...
System.Net Information: 0 : [9040] SecureChannel
System.Net Information: 0 : [9040] ProcessAuthentication(Protocol=Ssl3, Cipher=Rc4 128 bit strength, Hash=Sha1 160 bit strength, Key Exchange=RsaKeyX 2048 bit strength).
, ,
, . , ,
System.Net Error: 0 : [9040] Exception in HttpWebRequest
, wirehark ( IP - )
(ip.src == xxx.xxx.xxx.xx or ip.dst == xxx.xxx.xxx.xx) and ssl.handshake
, , , . , TLS.
, , Hello/Server Hello Hello wirehark ?
( wcf, , wcf . wcf, )