Unable to connect to ASP.NET web service using web application

In this case web developer has created web application installed on IIS 7.5, and this web application was trying to access to asp.net web service which was requesting for client certificate for authentication. Client certificate was issued by publicly trusted certificate authorities. This certificate was installed in machine personal certificate store. Web application's pool identity was delegated access to the private key of the client certificate. During import of the client certificate all intermediate certification authorities were imported into machine personal store.
When the web application was trying to access the web service the following error was returned :
The remote server returned an error: (403) Forbidden.
For testing purposes same client certificate was imported into user's personal certificate store, and same web service was successfully accessed using web browser.

Tracing was enabled, and following lines were into log file:
.... 
System.Net Information: 0 : [4184] SecureChannel#45901694 - We have user-provided certificates. The server has specified 8 issuer(s). Looking for certificates that match any of the issuers.
System.Net Information: 0 : [4184] SecureChannel#45901694 - Left with 0 client certificates to choose from.
..... 

Finally, the resolution for this kind of behavior was to place intermediate certificate authorities certificates from machine personal store into Intermediate Certification Authorities store. After removing Intermediate Certification Authorities Certificates from machine personal store and installing them into Intermediate Certification Authorities Store, the web application was able to connect to the web service.

2 comments:

  1. Thank you for the information. I understand the setup for the web application and its access to the ASP.NET web service using a client certificate. https://www.animationliberty.com

    ReplyDelete
  2. If you're encountering issues with your web application connecting to a web service, it may be due to the intermediate certificate authorities certificates not being installed in the correct store. By cautiously moving these certificates to the Intermediate Certification Authorities store, you can resolve the issue and allow your web application to connect to the web service successfully. boats for sale abu dhabi

    ReplyDelete

How to check EMBG (Unique Master Citizen Number) using regex

In this post, I will share my implementation of how to check if some number looks like EMBG or Unique Master Citizen Number. For those of yo...