Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

WCF : " The private key is not present in the X.509 certificate"-error when connecting to soap service

Tags:

.net

soap

certificate

key

wcf

I have to connect in .NET to a service which can be accesed with the following soap requests: 

<soapenv:Header>
<wsse:Security
soapenv:mustUnderstand="1"
xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecuritysecext-
1.0.xsd">
<wsse:BinarySecurityToken
EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soapmessage-
security-1.0#Base64Binary"
ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-tokenprofile-
1.0#X509v3"
wsu:Id="CertId-16010509"
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurityutility-
1.0.xsd">
MIIElDCCA3ygAwIBAgIBQzANBgkqhkiG9w0BAQUFADBBMRMwEQYKCZImiZPyLGQBGRMDbmV0
MRUwEwYKCZImiZPyLGQBGRMFZ2VhbnQxEzARBgNVBAMTCmVkdUdBSU5TQ0EwHhcNMDcwNTI4
MDgxNjE2WhcNMDgwNTI3MDgxNjE2WjBbMRMwEQYKCZImiZPyLGQBGRYDbmV0MRUwEwYKCZIm
iZPyLGQBGRYFZ2VhbnQxEDAOBgNVBAoTB0ZlZElSSVMxGzAZBgNVBAMTEnRlc3QtYXMucmVk
aXJpcy5lczCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANQxCW2uup3EDvVgWlpO
luEAZ9g/gfp6iwaypIrgp/
uk3J3LNT4iAfBg4KscZT4KnY97wHzCRoU2Uqgr3Lgm14RXZgbIl1pDf0XZa9uHVx0A+Q+
hnFhNevCbM7Bcw5gBwBEXKRm2aYTlUxrEXYitcyChSqxSqZ/
0BWwSe92lYiQxfdYh8k5NWnXrmqiSW3nQHLWGxMNt2qP/f6ih8I2e+D3R97XuHLk/
XnhethUwNIYRGtoiuinOr1hFRft1SfO1fAJsAdGiO1ERDXRNHHnTGUXRL5jIHXHl3hEfHd7X
TDfpSFB1q3hx0vwL5nLb6n6YpxS5G/
QkLtIZunaeS58rAOMCAwEAAaOCAXswggF3MAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFDHi/
4JITDc5MCORoMV6+
Cookbook KBO Consult Web Services
Document: Cookbook KBO Consult Webservices vs1.10.2 nl.doc Versie 1.10.2
Opslagdatum 15/10/2008 10:49  9/65
HWVmYjtMB8GA1UdIwQYMBaAFIsPjyeA0pPXRl2RhLsumGKuBPHSMA4GA1UdDwEB/
wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwgZwGA1UdEQSBlDCBkYY3a
HR0cDovL3d3dy5yZWRpcmlzLmVzL3BraS9lZHVnYWluL2VlUmVzb2x2ZXI/
ZWU9YTNiMThjMYZWaHR0cDovL2VkdWdhaW4uZ2VhbnQubmV0L3Jlc29sdmVyP3Vybj11cm4l
M0FnZWFudCUzQWVkdWdhaW4lM0Fjb21wb25lbnQlM0FzcCUzQXRlc3QtYXMwQAYDVR0fBDkw
NzA1oDOgMYYvaHR0cDovL3d3dy5yZWRpcmlzLmVzL3BraS9lZHVnYWluL2NybC9jYWNybC5k
ZXIwFwYDVR0gBBAwDjAMBgorBgEEAbp7AgACMA0GCSqGSIb3DQEBBQUAA4IBAQAMj0taSdXv
60fFVI/djyqB47LqfhUMz1Ja0zKAjrZsS5H8SU+
D3ksOw0b6HR4BO21HFiYIHEB1UffEAgPqHhtcLT/
TJ5kiewKOqaHv5QcfgxFMolAiDUsB6i9bCrWdwJIqPePaDG7KHwcpmHB0vLwJihCpRBgdCqi
wz8i5VXdAmloMiEtnm1SU+1BfoTioi79/ZUhUBGPJb7GL20W3yyT9c4/
5JK5IKrRfXINlutqZgfUGXvyaxNh7Zgl3MpDaw8U5khl5ZSjcyfsBro2qQVMAJCcph1rwKNj
gX8MkTb4GYbUpcnVP7p089kz9OTOLteEzVTIi3VKKiykPWcUYlgwY
</wsse:BinarySecurityToken>
<ds:Signature Id="Signature-11459550" xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:SignedInfo>
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-excc14n#"/>
<ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
<ds:Reference URI="#id-9800632">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"
/>
</ds:Transforms>
<ds:DigestMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<ds:DigestValue>
LPWm9mc4GbU1/+Zf9qK3Abw9GAQ=
</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>
ueCF0yGx7Nsda8a+PXkGi6cPBKcr/0ya+YWdkVezs+Rzwvk/++d0S4tl+oAU7zWBPo5f9PRsS8M9
CtzRh6RqMIMOorseStILW0do32w8YXGknVK76QH5+e1kVQqAGFHyMM5/mEQs/xXW5l0xiDoWPWfM
fTt4hqXv766A2jj3UrxYnKM/1x2qHF7OhydmsIiCasuUyHsQRd010xvpeedZ5kiwnEqQD1/sqDmf
WJ5gjs8aiqiVXoO1IYIm/VRHEoOkUmQp9zBBjtlj/aH2dFhxKrIrl4Fp5dsAbdA9iDNSesp7sDG6
Rgy/joFVJydp6Bolc8WjDf3r6WK+NDynT9F35g==
</ds:SignatureValue>
<ds:KeyInfo Id="KeyId-12534898">
<wsse:SecurityTokenReference
wsu:Id="STRId-12160993"
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-
wss-wssecurity-utility-1.0.xsd">
<wsse:Reference
URI="#CertId-16010509"
ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-
200401-wss-x509-token-profile-1.0#X509v3"/>
</wsse:SecurityTokenReference>
Cookbook KBO Consult Web Services
Document: Cookbook KBO Consult Webservices vs1.10.2 nl.doc Versie 1.10.2
Opslagdatum 15/10/2008 10:49  10/65
</ds:KeyInfo>
</ds:Signature>
</wsse:Security>
</soapenv:Header>
<soapenv:Body wsu:Id="id-9800632" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-
200401-wss-wssecurity-utility-1.0.xsd">
<ent:cbeEntityRequest>
...
</ent:cbeEntityRequest>
</soapenv:Body>
</soapenv:Envelope>

I have to put a X.509v3 certificate in the soap request which i do trough the app.config

<binding name="WSConsultKBOSoap" closeTimeout="00:01:00" openTimeout="00:01:00"
     receiveTimeout="00:10:00" sendTimeout="00:01:00" allowCookies="false"
     bypassProxyOnLocal="false" hostNameComparisonMode="StrongWildcard"
     maxBufferSize="65536" maxBufferPoolSize="524288" maxReceivedMessageSize="65536"
     messageEncoding="Text" textEncoding="utf-8" transferMode="Buffered"
     useDefaultWebProxy="true">
      <readerQuotas maxDepth="32" maxStringContentLength="8192" maxArrayLength="16384"
       maxBytesPerRead="4096" maxNameTableCharCount="16384" />

  <security mode="TransportWithMessageCredential">
    <transport clientCredentialType="None" proxyCredentialType="None"/>
    <message clientCredentialType="Certificate" algorithmSuite="Default"/>
  </security>
</binding>

and in the clientcredentials:

<clientCertificate findValue="mycertificate" x509FindType="FindBySubjectName" storeLocation="CurrentUser" storeName="TrustedPeople" />

when I try to use the service I get the error

"The private key is not present in the X.509 certificate."

Does this service really need a private key? (did i configure something wrong in the app.config) or do I need a certificate with a private key?

If that's the case, how can I assign a private key to my certificate?

like image 432
Michaël Laridon Avatar asked May 09 '12 17:05

Michaël Laridon

2 Answers

As I can see, your process can't get access to the Private Key. First of all, I would recommend to check whether you have the Private Key at all. Go to the MMC and add the Certificates snap-in. Find your certificate and check the properties:

Properties

Make sure you have a private key notice (green-bordered)

If you have a private key, than, most likely, the user your process is running with/under just don't have access to that certificate store (for example, Local Service, etc.) Try to run the process (what's that actually: ASP.NET or WinForms?) under your account and check whether you can establish the connection.

like image 185
Mikhail Avatar answered Nov 03 '22 00:11

Mikhail

I had similar a problem, make sure to import the .pfx (which you have the password) with the checkbox "MARK KEY AS EXPORTABLE" (in the import wizard), this will save the private key on the store.

like image 40
Diego Iturriaga Avatar answered Nov 03 '22 00:11

Diego Iturriaga
Sign in to Comment

Related questions

How to view the last 10 DataPoints in a chart that's updating each second?
Process.Start("echo", "%cd%") throws W32Exception File Not Found
ConfigurationManager & Static Class
Determining whether a service is already installed
Get PNG Image From Native Win32 Resource In .NET
Make visible baloonTipText until it is clicked
Is it bad practice to depend on the .NET automated garbage collector?
Why is calling a protected or private CSharp method / variable possible? [duplicate]
What is the difference between variable = 0 and variable = nothing in .NET?
converting \u0040 to @ in C#
NetSparkle vs SparkleDotNET
htmlagilitypack select <a> tag with specified inner text
How do I create a small button with three dots on it?
SendInput fails on 64bit [duplicate]
Reflection not restricted even if it's not in grant set
MonoDevelop for .NET application on Linux
Understanding the yield keyword and LINQ
ReadOnly in C# vs in VB.NET
How to change WPF ComboBox SelectedText BackGround Color?
Interesting Property Behavior

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!