Welcome to OGeek Q&A Community for programmer and developer-Open, Learning and Share
Welcome To Ask or Share your Answers For Others

Categories

0 votes
128 views
in Technique[技术] by (71.8m points)

c# - Using Client certificates for Windows RT (windows 8.1/windows phone 8.1)

I am trying a new feature of windows 8.1 and windows phone 8.1 namely the certificate stores and possibility to use client certificates for client authentication on the server side. However I am having problems with this functionality.

I have a basic tested WCF service which runs on IIS express. IIS express is configured to support SSL and client certificates. In configuration file of IIS (configurationhost.config) I have set this:

<access sslFlags="SslRequireCert" /> (tried also SslNegotiateCert)
<clientCertificateMappingAuthentication enabled="true" />

I have added the client certificate within the Windows RT app as below:

//Install the self signed client cert to the user certificate store
string CACertificate = null;
try
{
    Uri uri = new Uri("ms-appx:///Assets/AdventureWorksTestClient1.pfx");
    var file = await Windows.Storage.StorageFile.GetFileFromApplicationUriAsync(uri);
    IBuffer buffer = await FileIO.ReadBufferAsync(file);
    using (DataReader dataReader = DataReader.FromBuffer(buffer))
    {
       byte[] bytes = new byte[buffer.Length];
       dataReader.ReadBytes(bytes);
       // convert to Base64 for using with ImportPfx
       CACertificate = System.Convert.ToBase64String(bytes);
    }
    await CertificateEnrollmentManager.UserCertificateEnrollmentManager.ImportPfxDataAsync(
            CACertificate,
            "",
            ExportOption.Exportable,
            KeyProtectionLevel.NoConsent,
            InstallOptions.None,
            "ClientCert1");
 }
 catch (Exception ex)
 {...

Then I am using the HttpBaseProtocolFilter to which I add client certificate this way:

IReadOnlyCollection<Certificate> certs = await CertificateStores.FindAllAsync(query);

HttpBaseProtocolFilter bpf = new HttpBaseProtocolFilter();
if (certs.Count > 0)
{
    cert = certs.ElementAt(0);
    bpf.ClientCertificate = cert;
}
HttpClient httpClient = new HttpClient(bpf);
....

And then request:

var resp = await httpClient.GetAsync(new Uri(serviceURL));

This line of code is generating this exception:

{System.Exception: Exception from HRESULT: 0x80072F7D
  at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
  at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
  at System.Runtime.CompilerServices.TaskAwaiter`1.GetResult()
  at JumpStartCertificateDemo.MainPage.<btnCallService_Click>d__0.MoveNext()}

I am 100% sure that I have imported right certificates also on localhost (local computer) and also on application side. Calling of service through browser is working properly. (I am prompted to provide client certificate), so there has to be some problem with providing client certificate in the application.

Can anyone help me on this one please? Thank you.

question from:https://stackoverflow.com/questions/25764157/using-client-certificates-for-windows-rt-windows-8-1-windows-phone-8-1

与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome To Ask or Share your Answers For Others

1 Reply

0 votes
by (71.8m points)

The problem could be related to the validity of the certificate that you are using it.

By default .Net refuses to establish https connection with invalid or not trusted certificate.

Usually the certificate is invalid because it is generate by a non-trusted authority (self signed certificate) or because the address of the site is not included in the valid addresses list for the certificate.

In .Net this limitation can be relaxed, see this discussion C# Ignore certificate errors?


与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
OGeek|极客中国-欢迎来到极客的世界,一个免费开放的程序员编程交流平台!开放,进步,分享!让技术改变生活,让极客改变未来! Welcome to OGeek Q&A Community for programmer and developer-Open, Learning and Share
Click Here to Ask a Question

...