When Web Services are used, a common concern is security: SOAP messages are transferred in plain text over the network, so anyone with a sniffer could intercept the SOAP message and read it. In my opinion this could happen also to binary data, but probably it requires a little bit more hacker skills. So a solution is to use HTTPS (SSL) instead of HTTP, so the communication is encrypted.
To accomplish this, we need to do the following things
· Install Certificate (Issued by Certificate Authority) on the Web Server
· Create Web Service using .net
· Configure Web service to use SSL in IIS
· Call the Web Service thro Client
Install Certificate
Normally in the Production environment we need to buy the certificate from Verisign or any other well know certification Authority (CA). In the development environment we can make use of .net SDK’s MakeCert.exe which comes with .net 2.0 SDK.
Path to the Exe :
/Program Files/Microsoft Visual Studio 8/SDK/v2.0/bin/MakeCert.exe
Create and Install the certificate
Makecert -sr LocalMachine –ss My –n CN=ServiceModelSamples-HTTPS-Server –sky exchange –sk ServiceModelSamples-HTTPS-Key
Now the certificate is created and assigned in the Local Machine.
Create Web Service using .net
Using VS2005 or 2008 create a Web service with a sample Web Method AddValues which has two integer parameters and returns an integer value.
[WebMethod]
public int AddValues(int a,int b)
{
return a+b;
}
Now if you browse the Service from IIS it will show the AddValues Method.
Configure Web service to use SSL in IIS
· Type inetmgr in Run dialogbox and open IIS.
· On the DefaultWebsite Properties, Select the Directory Security tab.
Under Secure communication, select Server Certificate.
In the popup Wizard, select assign an existing certificate.
In the next step select our ServiceModelSamples-HTTPS-Server certificate and finish the wizard.
Now the certificate is installed. Now the view Certificate button gets enabled and
you can view the certificate.
Now R.click your web service Virtual directory in IIS and select its properties.
In the Properties dialogbox select Directory Security tab.
Under Secure communication, click Edit button.
Check Require Secure Channel (SSL).
Press OK and Exit the Properties.
Test the Web Service for HTTPS.
Now in the browser browse to your web service as
http://localhost/MyService/Service1.asmx
The Browser will show “The page must be viewed over a secure channel”.
Now in the browser change the address URL to
https://localhost/MyService/Service1.asmx
The browser will show the following screen
Click Continue to this Website (not recommended).
Create Client to consume the Web Service Method.
Open Visual Studio and create a ASP.Net web application.
In the Web Reference add a reference to our web service.
Type https://localhost/MyService/Service1.asmx in the URL and assign a name to the reference.
Now in the page load call our service
Service.Service1 myservice = new
ServiceHandler.Service.Service1();
int result= myservice.AddValues(10,11);
Response.Write(result.ToString());
If you run the application you will get the validation error.
“The remote certificate is invalid according to the validation procedure.”
Resolution:
Add a new Class file to your project with the name MyCertificatePolicy
Add the following using Statement.
using System;
using System.Net;
using System.Security.Cryptography.X509Certificates;
Inherit System.Net.ICertificatePolicy to the class
Add the method to the class below the constructor
public bool CheckValidationResult(ServicePoint sp,
X509Certificate cert,
WebRequest req,
int problem)
{
return true;
}
Now in the PageLoad add the below code, before initializing the Web service.
System.Net.ServicePointManager.CertificatePolicy =
new MyCertificatePolicy();
Service.Service1 myservice =
new ServiceHandler.Service.Service1();
int result= myservice.AddValues(10,11);
Response.Write(result.ToString());
Now Run the Project. The output 21 will be displayed in the Page.
Thanks, It worked
By: prem on January 22, 2013
at 10:37 am
Nice thanks for sharing it..
By: sharmasarvesh on January 31, 2013
at 4:28 am
I am really pleased to glance at this webpage posts which includes lots of helpful facts, thanks for providing such information.
By: lawn mower repair edmonton on July 3, 2013
at 2:36 pm
Thanks for finally writing about >Creating and Using C# Web service over HTTPS – SSL
| *****## R.MARAN. ## ***** <Loved it!
By: golden cherry casino no deposit codes on July 16, 2013
at 12:02 pm
I have got understand a couple of great things here. Certainly worthy of social bookmarking intended for returning to. I wonder precisely how much hard work you add to produce the excellent insightful website.
By: test a website on September 4, 2013
at 1:15 pm
[…] Source Link […]
By: C# SOAP WSDL WebService Over HTTPS | DeLatitude on December 11, 2013
at 9:14 am
I don’t even know how I ended up right here, but I believed this post used to be great.
I don’t know who you might be but certainly you’re going to a famous
blogger in case you aren’t already. Cheers!
By: sapo.pt on April 14, 2014
at 6:56 pm
Great article. Thanks for shared.
By: Clemilson Dias on July 17, 2014
at 5:50 pm