Secure XML Web Services with Secure Socket Layer


This step-by-step article describes how to configure a current XML Web service to use an encrypted channel with a Secure Socket Layer (SSL) connection.

Secure XML Web Services with Secure Socket Layer

This step-by-step article describes how to configure a current XML Web service to use an encrypted channel with a Secure Socket Layer (SSL) connection.

Configure Your Web Server for SSL

Your XML Web Service will be running on Internet Information Server (IIS) and it will rely on IIS to provide SSL support. Because of this, you must first install an SSL server certificate on your server so that you can enable SSL support.

1. Install Certificate Services by starting the Add/Remove Programs tool, clicking Add/Remove Windows Components, and then click to select the Certificate Services check box.

2. Run the Web Server Certificate Wizard by starting Internet Services Manager, right-clicking on the virtual site that you want the certificate for, clicking Properties, clicking the Directory Security tab, and then clicking Server Certificate.

3. In the Web Server Certificate Wizard, click Create a new certificate, and then click Next.

4. Click Prepare the request now, but send it later, and then click Next.

5. Continue to fill out the information in the Wizard to fit your needs, but when you are prompted to provide the common name of the certificate, make sure that you specify the name of the host computer that you are running your XML Web service on.

6. When you complete the wizard, a certificate request is saved in a file that you specify. By default, this is c:\Certreq.txt.

7. If you are submitting your certificate to a different certificate authority, do that now by using their procedures and when you receive your certificate file, open it, and then skip to step 16. If you are using your own Certificate Services to get your certificate, browse to http://localhost/certsrv and choose the Request a Certificate option.

8. Under the Request Type page, specify that this is an Advanced Request, and then click Next.

9. Click Submit a certificate request using a base64 encoded PKCS #10 file or a renewal request using a base64 encoded PKCS #7 file, and then click Next.

10. On the Submit a Saved Request page, click Browse for a file to insert, specify the file you created in step 6, click Read, and then Submit. Your request has been submitted, and now you must approve it.

11. On the Programs menu, under Administrative Tools, start the Certificate Authority management console.

12. Under your Certificate Authority's name, choose the Pending Request folder. Right-click the certificate request that you just submitted, point to All Tasks, and then click Issue. Close the Certificate Authority management console.

13. In your browser, go back to http://localhost/certsrv, click Check on Pending Requests, and then click Next.

14. Make sure that the request you just created is selected, and then click Next.

15. On the Certificate Issued page, choose either of the encoding schemes, and then click Download CA certificate. The Certificate property pages are displayed. Click the General tab, and then click Install Certificate.

16. The Certificate Import Wizard starts. Accept all of the defaults and click through the wizard until it has completed.

17. Go back to the Internet Services Manager, right-click the virtual site you created the certificate for, click Properties, click the Directory Security tab, and then click Server Certificate.

18. Click Assign an existing certificate to see a list with your certificate in it. Click your certificate, and then click Next. Complete the Web Server Certificate Wizard. Your SSL Server Certificate is now installed.

Install Certificate Authority's Certificate on Client
If you used your own certificate services, you must install your certificate authority's certificate on the client as a trusted root certificate authority. To do so:

1. Browse to http://my computer/certsrv where my computer is the host name where the certificate services are located that issued the server certificate.

2. Click Retrieve the CA certificate or the certificate revocation list, and then click Next.

3. Click the Install this CA certification path link. The certificate should be properly installed.

If you are planning to access your XML Web Service from an ASP page, you must add the Certificate Authority's certificate to the machine's trusted root store:

1. Repeat the preceding first 2 steps, click Download CA certificate, and then save it to a file on your local computer.

2. Start Mmc.exe.

3. Click Console, and then click Add/Remove Snap-in.

4. In the Add/Remove Snap-in dialog box, click Add.

5. In the Add Standalone Snap-in dialog box, click Certificates, and then click Add.

6. Click Computer Account, and then click Next.

7. Click Local Computer, and then click Finish.

8. The list of certificate categories for the local computer should appear in the snap-in window.

9. Click OK to return to the Console Root window.

10. In the tree view, open the list of trusted root certificate authorities.

11. To add the certificate authority certificate that issued your server certificate to the list, click Action, click All Tasks, and then click Import, or drag the certificate on to the list.

Verify That It Works
To determine if SSL is configured properly, try browsing to your server by using an https URL such as https://my_computer/test/test.asmx.
Or http URL such as https://my_computer/test/test.asmx

You configuration should be alright if you can successfully browse to the location without any error messages being displayed by Internet Explorer. You are ready to try to access your web service programmatically.

APPLIES TO

1. Microsoft Windows 2000 Server/2003 Server
2. Microsoft Internet Information Services 5.0

Web service programmatically.

Consume a Web service through an HTTP proxy server

Name Space Required:

 System.Net 

 System.Security.Cryptography.X509Certificates 


Proxy servers that require NTLM authentication

To set NTML authentication for the proxy server, use the following sample code:



Using System.Net;

WebProxy myProxy = new

WebProxy("http://proxyserver:port",true);

myProxy.Credentials = CredentialCache.DefaultCredentials;

FindServiceSoap myFindService = new FindServiceSoap();

myFindService.Proxy = myProxy;



This Article is helpful for to Install CA and establish Secure Connection



Regards,
Shivaraj.gk@gmail.com


Comments

Author: G,VISWESWARA PRASAD31 Jul 2007 Member Level: Bronze   Points : 0

it is very useful and excellent article.



  • Do not include your name, "with regards" etc in the comment. Write detailed comment, relevant to the topic.
  • No HTML formatting and links to other web sites are allowed.
  • This is a strictly moderated site. Absolutely no spam allowed.
  • Name:
    Email: