Credit portal




Simple WCF - X509 Certificate


This article will describe how to create Temporary X509 certificate and to implement X509 Certificate security in WCF service and client. This configuration can be simply done via in config file itself.

Using the Code

Creating X509 Certificate:

makecert.exe this tool will helpful to create X509 certificate. This tool is packed along with Microsoft .Net 2005 SDK and also be downloaded from micosoft site.

Step1: creating the temporary certificate TempCA.cer

Step2: Create SignedByCA.cer which is digitally sign and authorize by TempCA certificate

Step3: Import the certificate TempCA.cer using MMC in to "Trusted Root Certificate Authorities" folder (Localmachine)

Step4: Import the certificate SignedByCA.cer in to the personal folder

step3: Go to Start -> Run -> Type MMC -> File -> Add/Remove Snap-In -> StandAlone Tab -> Add Button -> Certificates -> Computer Account

step4: Import SignedByCA.cer in to Personal Folder

Export Certificate: To export the created certifciate to outside world, it is necessary to export the private key also. Thus it is possible to convert the certificate .cer and .pvk to .pfx (i.e TempCA.cer and TempCA.pvk to TempCA.pfx). Equivalent tool for this

conversion is pvk2pfx.exe. This will be available in your <programfile>/Visual Studio 8/Common7/Tools/bin/pvk2pfx.exe

Access Permission X509 certificate: If WCF services are hosted in IIS or Windows service or so on, based on the hosted environment specific permission to be give for X509 certificate. For ex: if WCF service is hosted in IIS then ASPNET user (XP) permission must be given to the certifciate. Thus, this can be achived using Winhttpcertcfg.exe which will give the permission to specified certificate. Seperate download is available for this tool and also this tool is downloadable along this article itself.

WCF Server Config:

Configure the WCF service to support X509 certificate as one of the security process. possible to configure the client level certificate authority in the server config file itself. Thus at the time of creating proxy class using svcutil.exe config file will be generated with certificate information (token).

Client Config:(Auto generated using svcutil.exe)

Sample WCF client config file generated using svcutil.exe

After successful implementation of above points, when any request send from client to the server then the message will be digitally signed by the certifciate present in the client and the server

Category: Insurance

Similar articles: