0

How to solve the forbidden access issue? I'm accessing my service through web reference so there are no declarations on my codes. Is there any set-up I have to include to make the certificate valid during connection?
My Web Service was setup using IIS binding and inbound and outbound in firewall. For creating certificate, I followed this link for creating temporary client certificate .

Web Reference

This is my webconfig

<?xml version="1.0"?>
<configuration>

  <connectionStrings>
    <add name="constring" providerName="System.Data.SqlClient" connectionString="Data Source = ip;Initial Catalog = db; User ID = user; Password = pass"/>
  </connectionStrings>

  <appSettings>
    <add key="aspnet:UseTaskFriendlySynchronizationContext" value="true"/>
  </appSettings>

  <system.web>
    <compilation debug="true" targetFramework="4.5" />
  </system.web>
  <system.serviceModel>
    <client>
      <endpoint behaviorConfiguration="ClientCertificateBehavior" 
        binding="basicHttpBinding"
        bindingConfiguration="SecureHttpsBinding" contract="IMetadataExchange" 
        name="https" />
    </client>
    <bindings> 
      <basicHttpBinding>
        <binding maxReceivedMessageSize="10485760" name="SecureHttpsBinding">
          <readerQuotas maxStringContentLength="10485760"></readerQuotas>
            <security mode="Transport">
              <transport clientCredentialType="Certificate"></transport>
            </security>
        </binding>
      </basicHttpBinding>
    </bindings>

    <services>
      <service name="RBOSService.AccountService" behaviorConfiguration="ServiceBehavior">
        <endpoint address="" contract="RBOSService.IAccountService" binding="basicHttpBinding" bindingConfiguration="SecureHttpsBinding"/>
      </service>
      <service name="RBOSService.OrderService" behaviorConfiguration="ServiceBehavior">
        <endpoint address="" contract="RBOSService.IOrderService" binding="basicHttpBinding" bindingConfiguration="SecureHttpsBinding"/>
      </service>
    </services>

    <behaviors>
      <endpointBehaviors>
        <behavior name="ClientCertificateBehavior">
          <clientCredentials>
            <clientCertificate findValue="CN=tempClientcertCN" 
              storeLocation="LocalMachine"
              storeName="My" 
              x509FindType="FindBySubjectDistinguishedName" />
          </clientCredentials>
        </behavior>
      </endpointBehaviors>
      <serviceBehaviors>
        <behavior name="ServiceBehavior">
          <!-- To avoid disclosing metadata information, set the value below to false and remove the metadata endpoint above before deployment -->
          <serviceMetadata httpGetEnabled="true" httpsGetEnabled="true" />
          <!-- To receive exception details in faults for debugging purposes, set the value below to true.  Set to false before deployment to avoid disclosing exception information -->
          <serviceDebug includeExceptionDetailInFaults="true"/>
        </behavior>
      </serviceBehaviors>
    </behaviors>
    <serviceHostingEnvironment aspNetCompatibilityEnabled="true"
      multipleSiteBindingsEnabled="true" />
  </system.serviceModel>

  <system.webServer>
    <modules runAllManagedModulesForAllRequests="true"/>
  </system.webServer>    
</configuration>

I also added this code for trustIssue inside OnCreate()

System.Net.ServicePointManager.ServerCertificateValidationCallback += (o, certificate, chain, errors) => true;

and after requesting webService, I got an exception regarding forbidden.

userAccount = requestAccessService.sendRequestAccess(userRequest, ref response);

This is the full exception message

{System.Net.WebException: The request failed with HTTP status 403: Forbidden
  at System.Web.Services.Protocols.SoapHttpClientProtocol.ReceiveResponse (System.Net.WebResponse response, System.Web.Services.Protocols.SoapClientMessage message, System.Web.Services.Protocols.SoapExtension[] extensions) [0x00054] in <6f1079230fce4308ba6b44c62385411f>:0 
  at System.Web.Services.Protocols.SoapHttpClientProtocol.Invoke (System.String method_name, System.Object[] parameters) [0x000ad] in <6f1079230fce4308ba6b44c62385411f>:0 
  at BusinessLogic.RequestAccessWebService.RequestAccessService.sendRequestAccess (BusinessLogic.RequestAccessWebService.UserRequestBO userRequest, System.String& response) [0x00001] in D:\files\jeys\H2 software\GitLab\RBOS_Release_1\RBOS Mobile\RBOS 2.0.4 - base - Merged 0620\BusinessLogic\Web References\RequestAccessWebService\Reference.cs:123 
  at (wrapper remoting-invoke-with-check) BusinessLogic.RequestAccessWebService.RequestAccessService:sendRequestAccess (BusinessLogic.RequestAccessWebService.UserRequestBO,string&)
  at RBOS_2._0._1.RequestAccess.backgroundService (System.Object sender, System.ComponentModel.DoWorkEventArgs ev) [0x00131] in D:\files\jeys\H2 software\GitLab\RBOS_Release_1\RBOS Mobile\RBOS 2.0.4 - base - Merged 0620\RBOS 2.0.1\Activities\RequestAccess.cs:184 }

If there are any questions, feel free to comment. Thanks for help.

jace
  • 1,634
  • 3
  • 14
  • 41
  • does it matter if certificate is selfsigned or bought ? – jace Oct 27 '17 at 03:39
  • Are you able to call that service some other way than via Xamarin? (e.g. using the PostMan plugin for chrome). That 403 response usually means that the request got to the web-server ok, but the user does not have permission to perform that action. I'd expect a different error response for a bad certificate. I'd suggest it would be worth checking the logs (both IIS logs and application logs) and event viewer on your server. – GregHNZ Oct 27 '17 at 04:10
  • Yes i can call it in the chrome browser. But I'm having a problem in visual studio - xamarin on calling it. When I set-up the ssl settings to require ssl, vs xamarin is giving me an error of http 403: forbidden in web reference. So I just set it up to accept or none . Right now it's a success on web reference but when calling the method inside the service it says still forbidden. On basic http, all is good but with https I am now having so much problem. All problem are in vs xamarin because i'm good in browser access of the service. – jace Oct 27 '17 at 05:07

0 Answers0