0

I have a scenario where I want to consume a Webservice from a different server within our corporate network using JQuery. My origin application is an ASP.NET Website running on IIS 7.5, the Webservice is running on an SAP Netweaver Gateway, so no Chance to allow my IIS host there or to use JSONP.

The problem is that I run into the CORS issue, so I installed ARR on my IIS machine and tried to do a rewrite url and use my IIS to consume the remote Webservice. But the problem is, that the target Webservice requires Certificate authentication and it seems that this is not supported by ARR. Am I correct?

Any help is appreciated, Oliver

sideshowbarker
  • 81,827
  • 26
  • 193
  • 197
user3767106
  • 63
  • 8

1 Answers1

0

I have had a similar issue, in my first try I had both my application and ARR running on the same box and this was causing the Application's Authentication module to start first before ARR and was messing up the things, I found success when I had both of them run on different boxes. Below link helped me

http://blogs.msdn.com/b/asiatech/archive/2014/01/28/configuring-arr-with-client-certificate.aspx

Anirudh Goel
  • 4,571
  • 19
  • 79
  • 109
  • Thanks, but that does not help as this is just a way of adding the original client certificate to a custom header. So the backend has to request this custom header to be able to see the client cert. But as my Backend is a SAP Netweaver Gateway, there is no way to tell it to request the client cert through the custom header. – user3767106 Nov 27 '14 at 14:00
  • no it does, additionally what you need to do is setup a site on the ARR Box and configure it's ssl settings for SSLNegotiateCert or SslRequireCert, thus when the user hits the site, ARR will prompt the user to provide a client auth cert. further you setup a urlrewrite rule to forward the request to the netweaver box along with the client cert and you can perform auth using a custom httpmodule – Anirudh Goel Nov 28 '14 at 18:38
  • 1
    Sure, I did set up a site on the ARR Box and set it to SSL required. BUT, as stated on the site you've posted, then the backend server, in my case the netweaver box, must NOT be also requiring a client certificate (but it does), as you then get an 502 error. The way I descibed, ARR adding the client certificate to a speciel header and forward it does not help me, as I cannot change the way the netweaver box authenticates, so I cannot make it request the custom header. – user3767106 Nov 29 '14 at 20:06
  • I don't know if IIS Url rewrite/ARR or similar can handle this scenario WITHOUT requiring back-end server customizations.. In all of the documentations and pages I read the reverse proxy was used to "mask" a backend server which didn't have client cert requirements.. or, if it did, was configurable by the proxy owner. I fear that if you don't own the backend box or cannot change it to handle an header with the client cert, there are few chances.. – Luke May 11 '17 at 16:08
  • even though I would like it was possible to -at least- specify a fixed client cert to send to the backend machine.. but I still didn't find a way to get to this using IIS.. – Luke May 11 '17 at 16:09