Asp.NET - Calling web service certificate error, IIS Manager

Question

We have developed ASP.NET web application that calls web service to get data. Certificates are required to access the web service. Everything works while we start the application from Visual Studio, but it doesn't work when we publish site on IIS server.

What are the neccessary setting to be made in IIS manager to make it work. We have 3 certificates, one .pfx and two .cer root files.

Could you describe how you call the web service? Maybe add some example code. Also please describe where and how do you use the certificates (pfx, cer...) — pepo, Apr 04 '14 at 08:32

score 1 · Answer 1 · answered Apr 04 '14 at 10:34

When you run it from Visual Studio then you are running the application with your credentials. Even IIS Express runs under your credentials.

If you imported certificates to CurrentUser store then you imported it to the store under your account. When you deploy ASP.NET page to IIS then by default it is being run under DefaultAppPool user (IIS APPPOOL\DefaultAppPool). That user has different certificate store and probably does not have any of these certificates in it.

Either import these certificates to LocalMachine store (local computer store in mmc) and set permissions on private key so that DefaultAppPool (or any other pool user that you have set) can access this private key or import these certificates to the CurrentUser store of DefaultAppPool or (the quick and not pretty way) set DefaulAppPool to use your account credentials.

I would personally go with the first option.

I managed to make it work, it was exactly the problem you answered above, thanks for your effort... — Denis Lazendić, Apr 05 '14 at 16:52

score 0 · Answer 2 · answered Apr 04 '14 at 08:41

This is the code from web.config

<behaviors>
  <endpointBehaviors>
   <behavior name="Client2WaySSL">
        <clientCredentials>
          <clientCertificate findValue="CN=lsu.test.client.service.mup.hr" storeLocation="CurrentUser" />
          <serviceCertificate>
            <defaultCertificate findValue="CN=test.service.mup.hr" storeLocation="CurrentUser" storeName="TrustedPeople" />
          </serviceCertificate>
        </clientCredentials>
      </behavior>
  </endpointBehaviors>
</behaviors> 
<bindings>
  <basicHttpBinding>
    <binding name="BasicHttpBinding_MUP.LokalnaSamouprava.FizickaOsoba.WebServiceInterface">
      <security mode="Transport">
        <transport clientCredentialType="Certificate" proxyCredentialType="None" realm="" />
      </security>

    </binding>
    <binding name="BasicHttpBinding_MUP.LokalnaSamouprava.FizickaOsoba.WebServiceInterface1" />
  </basicHttpBinding>
</bindings>
<client>
  <endpoint address="https://lsu.test.service.mup.hr:9001/FizickaOsobaService.svc" binding="basicHttpBinding" behaviorConfiguration="Client2WaySSL" bindingConfiguration="BasicHttpBinding_MUP.LokalnaSamouprava.FizickaOsoba.WebServiceInterface" contract="MUPServis.MUPLokalnaSamoupravaFizickaOsobaWebServiceInterface" name="MUP.LokalnaSamouprava.FizickaOsoba.WebServicePort" />
</client>

We've installed certficates through MMC console.

Asp.NET - Calling web service certificate error, IIS Manager

2 Answers2