0

I currently have an application developed in C# that helps me in managing permissions on our Share-point 2013 site. Recently, I learned we may be loosing our local instance and moving to another instance that's behind a cac enforced IIS. I have converted one of my test sites to require certificates and have tried several way to send the cert to the IIS server but I still get

"The remote server returned and error: (403) Forbidden.

Below is a few things I have tried.

var handler = new WebRequestHandler();
handler.ClientCertificateOptions = ClientCertificateOption.Automatic;
handler.ClientCertificates.Add(pki.GetClientCertificate());

handler.UseProxy = false;

using (var client = new HttpClient(handler))
{
  context connection code here
}

the pki.GetClientCertificate is a method, I made that returns a selected certificate in this case my cac cert. Its funny that SharePoint designer connects without issue or prompt. Any help on this matter would be much appreciated.

Just to add some more things I have tried

context.Credentials = new SharePointOnlineCredentials(uli.username, uli.password);

the uli username is the certificate converted to username I have a class that dose the conversion. the password is the pin converted to a secure string. I get the same message even when adding the credentials to the context.

o0knight0o
  • 1
  • 2

1 Answers1

0

I found a workable but slow solution here:

http://sharepoint.findincity.net/view/635399286724222582121618/ssl-certificate-error-when-using-client-object-model

The only issue with this is every time I call the context I have to send the certificate chain. One thing I changed from this users code is the following.

static void context_ExecutingWebRequest(object sender, WebRequestEventArgs e)
{
 IntPtr ptr = IntPtr.Zero;
 X509Certificate2 certificate = null;
 X509Certificate t = null;
 var store = new X509Store(StoreName.My, StoreLocation.CurrentUser);
 store.Open(OpenFlags.ReadOnly | OpenFlags.OpenExistingOnly);


            // Nothing to do if no cert found.
        HttpWebRequest webReq = e.WebRequestExecutor.WebRequest;
        //webReq.Proxy = new WebProxy("http://[ProxyAddress]"); 
        //Specify a proxy address if you need to 
       // X509Certificate cert = pki.GetClientCertificate();
        foreach (X509Certificate c in store.Certificates)
        {
            webReq.ClientCertificates.Add(c);
        }
    }

I just dumped all my certificates into the request because I didn't want to have a prompt every time I clicked something. So if anyone has a more efficient way to do this let me know.

The code below shows the use of the clientcontext and how it validates your cert

using (context = new ClientContext(siteurl))
            {
                ServicePointManager.ServerCertificateValidationCallback = delegate(object sender1, X509Certificate certificate, X509Chain chain, SslPolicyErrors sslPolicyErrors)
                     {
                         bool validationResult = true;
                         return validationResult;
                     };
                context.ExecutingWebRequest += new EventHandler<WebRequestEventArgs>(context_ExecutingWebRequest);

//add all your context commands below this line }

o0knight0o
  • 1
  • 2