I have a Windows Phone App, built for 8.1, and one of the tasks was a client-server certificate scenario. My app worked fine, I could send the client certificate and login to the server. However after upgrading to windows 8.10.14xxxx that was not possible. I took wireshark traces and it seems that the certificate is never send. The content length of the message is 0.
I use HttpClient.SendAsync
(await) and HttpBaseProtocolFilter
to enter the certificate. It worked perfect before the upgrade.
Any idea? Is something broken?
First I am installing the pfx
async private void btnInstall_Click(object sender, RoutedEventArgs e)
{
//Install the self signed client cert to the user certificate store
string CACertificate = null;
try
{
Uri uri = new Uri("ms-appx:///certificates/test.pfx");
var file = await Windows.Storage.StorageFile.GetFileFromApplicationUriAsync(uri);
IBuffer buffer = await FileIO.ReadBufferAsync(file);
using (DataReader dataReader = DataReader.FromBuffer(buffer))
{
byte[] bytes = new byte[buffer.Length];
dataReader.ReadBytes(bytes);
// convert to Base64 for using with ImportPfx
CACertificate = System.Convert.ToBase64String(bytes);
}
await CertificateEnrollmentManager.UserCertificateEnrollmentManager.ImportPfxDataAsync(
CACertificate,
"xxxxx",
ExportOption.Exportable,
KeyProtectionLevel.NoConsent,
InstallOptions.None,
"ClientCert1");
}
catch (Exception ex)
{
//;
}
}
Then I am calling the service
string serviceURL = "https://my.web.services";
Certificate cert = null;
CertificateQuery query = new CertificateQuery();
query.FriendlyName = "ClientCert1";
IReadOnlyCollection<Certificate> certs = await CertificateStores.FindAllAsync(query);
HttpBaseProtocolFilter bpf = new HttpBaseProtocolFilter();
//if you install the CA you don't need to ignore the ServerCertificate Errors
//bpf.IgnorableServerCertificateErrors.Add(ChainValidationResult.Untrusted);
if (certs.Count > 0)
{
cert = certs.ElementAt(0);
bpf.ClientCertificate = cert;
}
HttpClient httpClient = new HttpClient(bpf);
try
{
var response = await httpClient.GetInputStreamAsync(new Uri(serviceURL));
//take data
}
catch (Exception ex)
{
//0x80072F0D
}
I am always taking an excepting (0x80072F0D
) when running in 8.10.14xxxx
windows phone. My code worked before the update, now I am always taking this return code. The certificate is loaded in httpClient. When I stop the app with the debugger it seems that the certificate is there, however the 0x800072F0D
probably means that the certificate is not sent???
There is an intermediate certificate authority in the scenario. That certificate is included in the pfx. Do I need to install this somehow?
I am assuming that you have already put the client certificate in app certificate store.
If not then do these:
1) Download the PFX file.
2) Install certificate in the App's certificate store by following
await CertificateEnrollmentManager.ImportPfxDataAsync(certString, "Your_PFX_Password", ExportOption.Exportable, KeyProtectionLevel.NoConsent, InstallOptions.None, friendlyName);
3) Check for the certificate in certificate store.
CertificateQuery certQuery = new CertificateQuery();
certQuery.FriendlyName = friendlyName;
IReadOnlyList<Certificate> certs = await CertificateStores.FindAllAsync(certQuery);
The certs[0]
should have the certificate that you need.
4) Now, to attach the certificate to HTTP request
HttpBaseProtocolFilter protolFilter = new HttpBaseProtocolFilter();
protolFilter.ClientCertificate = certs[0] //from previous step
HttpClient client = new HttpClient(protolFilter)
PS : You should not use System.Net.htpp.HttpClient
. Instead of that you should use Windows.Web.Http.HttpClient
.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With