Thursday, February 28, 2013

Unable to connect to ASP.NET web service using web application

In this case web developer has created web application installed on IIS 7.5, and this web application was trying to access to asp.net web service which was requesting for client certificate for authentication. Client certificate was issued by publicly trusted certificate authorities. This certificate was installed in machine personal certificate store. Web application's pool identity was delegated access to the private key of the client certificate. During import of the client certificate all intermediate certification authorities were imported into machine personal store.
When the web application was trying to access the web service the following error was returned :
The remote server returned an error: (403) Forbidden.
For testing purposes same client certificate was imported into user's personal certificate store, and same web service was successfully accessed using web browser.

Tracing was enabled, and following lines were into log file:
.... 
System.Net Information: 0 : [4184] SecureChannel#45901694 - We have user-provided certificates. The server has specified 8 issuer(s). Looking for certificates that match any of the issuers.
System.Net Information: 0 : [4184] SecureChannel#45901694 - Left with 0 client certificates to choose from.
..... 

Finally, the resolution for this kind of behavior was to place intermediate certificate authorities certificates from machine personal store into Intermediate Certification Authorities store. After removing Intermediate Certification Authorities Certificates from machine personal store and installing them into Intermediate Certification Authorities Store, the web application was able to connect to the web service.

No comments:

Post a Comment