I have to connect in .NET to a service which can be accesed with the following soap requests:
<soapenv:Header>
<wsse:Security
soapenv:mustUnderstand="1"
xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecuritysecext-
1.0.xsd">
<wsse:BinarySecurityToken
EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soapmessage-
security-1.0#Base64Binary"
ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-tokenprofile-
1.0#X509v3"
wsu:Id="CertId-16010509"
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurityutility-
1.0.xsd">
MIIElDCCA3ygAwIBAgIBQzANBgkqhkiG9w0BAQUFADBBMRMwEQYKCZImiZPyLGQBGRMDbmV0
MRUwEwYKCZImiZPyLGQBGRMFZ2VhbnQxEzARBgNVBAMTCmVkdUdBSU5TQ0EwHhcNMDcwNTI4
MDgxNjE2WhcNMDgwNTI3MDgxNjE2WjBbMRMwEQYKCZImiZPyLGQBGRYDbmV0MRUwEwYKCZIm
iZPyLGQBGRYFZ2VhbnQxEDAOBgNVBAoTB0ZlZElSSVMxGzAZBgNVBAMTEnRlc3QtYXMucmVk
aXJpcy5lczCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANQxCW2uup3EDvVgWlpO
luEAZ9g/gfp6iwaypIrgp/
uk3J3LNT4iAfBg4KscZT4KnY97wHzCRoU2Uqgr3Lgm14RXZgbIl1pDf0XZa9uHVx0A+Q+
hnFhNevCbM7Bcw5gBwBEXKRm2aYTlUxrEXYitcyChSqxSqZ/
0BWwSe92lYiQxfdYh8k5NWnXrmqiSW3nQHLWGxMNt2qP/f6ih8I2e+D3R97XuHLk/
XnhethUwNIYRGtoiuinOr1hFRft1SfO1fAJsAdGiO1ERDXRNHHnTGUXRL5jIHXHl3hEfHd7X
TDfpSFB1q3hx0vwL5nLb6n6YpxS5G/
QkLtIZunaeS58rAOMCAwEAAaOCAXswggF3MAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFDHi/
4JITDc5MCORoMV6+
Cookbook KBO Consult Web Services
Document: Cookbook KBO Consult Webservices vs1.10.2 nl.doc Versie 1.10.2
Opslagdatum 15/10/2008 10:49 9/65
HWVmYjtMB8GA1UdIwQYMBaAFIsPjyeA0pPXRl2RhLsumGKuBPHSMA4GA1UdDwEB/
wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwgZwGA1UdEQSBlDCBkYY3a
HR0cDovL3d3dy5yZWRpcmlzLmVzL3BraS9lZHVnYWluL2VlUmVzb2x2ZXI/
ZWU9YTNiMThjMYZWaHR0cDovL2VkdWdhaW4uZ2VhbnQubmV0L3Jlc29sdmVyP3Vybj11cm4l
M0FnZWFudCUzQWVkdWdhaW4lM0Fjb21wb25lbnQlM0FzcCUzQXRlc3QtYXMwQAYDVR0fBDkw
NzA1oDOgMYYvaHR0cDovL3d3dy5yZWRpcmlzLmVzL3BraS9lZHVnYWluL2NybC9jYWNybC5k
ZXIwFwYDVR0gBBAwDjAMBgorBgEEAbp7AgACMA0GCSqGSIb3DQEBBQUAA4IBAQAMj0taSdXv
60fFVI/djyqB47LqfhUMz1Ja0zKAjrZsS5H8SU+
D3ksOw0b6HR4BO21HFiYIHEB1UffEAgPqHhtcLT/
TJ5kiewKOqaHv5QcfgxFMolAiDUsB6i9bCrWdwJIqPePaDG7KHwcpmHB0vLwJihCpRBgdCqi
wz8i5VXdAmloMiEtnm1SU+1BfoTioi79/ZUhUBGPJb7GL20W3yyT9c4/
5JK5IKrRfXINlutqZgfUGXvyaxNh7Zgl3MpDaw8U5khl5ZSjcyfsBro2qQVMAJCcph1rwKNj
gX8MkTb4GYbUpcnVP7p089kz9OTOLteEzVTIi3VKKiykPWcUYlgwY
</wsse:BinarySecurityToken>
<ds:Signature Id="Signature-11459550" xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:SignedInfo>
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-excc14n#"/>
<ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
<ds:Reference URI="#id-9800632">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"
/>
</ds:Transforms>
<ds:DigestMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<ds:DigestValue>
LPWm9mc4GbU1/+Zf9qK3Abw9GAQ=
</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>
ueCF0yGx7Nsda8a+PXkGi6cPBKcr/0ya+YWdkVezs+Rzwvk/++d0S4tl+oAU7zWBPo5f9PRsS8M9
CtzRh6RqMIMOorseStILW0do32w8YXGknVK76QH5+e1kVQqAGFHyMM5/mEQs/xXW5l0xiDoWPWfM
fTt4hqXv766A2jj3UrxYnKM/1x2qHF7OhydmsIiCasuUyHsQRd010xvpeedZ5kiwnEqQD1/sqDmf
WJ5gjs8aiqiVXoO1IYIm/VRHEoOkUmQp9zBBjtlj/aH2dFhxKrIrl4Fp5dsAbdA9iDNSesp7sDG6
Rgy/joFVJydp6Bolc8WjDf3r6WK+NDynT9F35g==
</ds:SignatureValue>
<ds:KeyInfo Id="KeyId-12534898">
<wsse:SecurityTokenReference
wsu:Id="STRId-12160993"
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-
wss-wssecurity-utility-1.0.xsd">
<wsse:Reference
URI="#CertId-16010509"
ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-
200401-wss-x509-token-profile-1.0#X509v3"/>
</wsse:SecurityTokenReference>
Cookbook KBO Consult Web Services
Document: Cookbook KBO Consult Webservices vs1.10.2 nl.doc Versie 1.10.2
Opslagdatum 15/10/2008 10:49 10/65
</ds:KeyInfo>
</ds:Signature>
</wsse:Security>
</soapenv:Header>
<soapenv:Body wsu:Id="id-9800632" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-
200401-wss-wssecurity-utility-1.0.xsd">
<ent:cbeEntityRequest>
...
</ent:cbeEntityRequest>
</soapenv:Body>
</soapenv:Envelope>
I have to put a X.509v3 certificate in the soap request which i do trough the app.config
<binding name="WSConsultKBOSoap" closeTimeout="00:01:00" openTimeout="00:01:00"
receiveTimeout="00:10:00" sendTimeout="00:01:00" allowCookies="false"
bypassProxyOnLocal="false" hostNameComparisonMode="StrongWildcard"
maxBufferSize="65536" maxBufferPoolSize="524288" maxReceivedMessageSize="65536"
messageEncoding="Text" textEncoding="utf-8" transferMode="Buffered"
useDefaultWebProxy="true">
<readerQuotas maxDepth="32" maxStringContentLength="8192" maxArrayLength="16384"
maxBytesPerRead="4096" maxNameTableCharCount="16384" />
<security mode="TransportWithMessageCredential">
<transport clientCredentialType="None" proxyCredentialType="None"/>
<message clientCredentialType="Certificate" algorithmSuite="Default"/>
</security>
</binding>
and in the clientcredentials:
<clientCertificate findValue="mycertificate" x509FindType="FindBySubjectName" storeLocation="CurrentUser" storeName="TrustedPeople" />
when I try to use the service I get the error
"The private key is not present in the X.509 certificate."
Does this service really need a private key? (did i configure something wrong in the app.config) or do I need a certificate with a private key?
If that's the case, how can I assign a private key to my certificate?
As I can see, your process can't get access to the Private Key. First of all, I would recommend to check whether you have the Private Key at all. Go to the MMC and add the Certificates snap-in. Find your certificate and check the properties:
Make sure you have a private key notice (green-bordered)
If you have a private key, than, most likely, the user your process is running with/under just don't have access to that certificate store (for example, Local Service, etc.) Try to run the process (what's that actually: ASP.NET or WinForms?) under your account and check whether you can establish the connection.
I had similar a problem, make sure to import the .pfx (which you have the password) with the checkbox "MARK KEY AS EXPORTABLE" (in the import wizard), this will save the private key on the store.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With