I must consume a PHP webservice which has a SSL certificate. My .net 3.5 Class library references the webservice with 'Add Service references' in Visualstudio 2010 (WCF right?).
When calling the main method of the webservice I receive;
Could not establish secure channel for SSL/TLS with authority '{base_url_of_WS}'.
I tried a lot, like
System.Net.ServicePointManager.ServerCertificateValidationCallback = new RemoteCertificateValidationCallback(CheckValidationResult);
public bool CheckValidationResult(Object sender, X509Certificate certificate, X509Chain chain, SslPolicyErrors sslPolicyErrors)
{
return true;
}
But It wouldn't work. Also I have the certificate installed on my own machine.
*Extra info; When I use the wsdl location in 'Add service reference' the same error occurs. Before I tried it, I worked with a static wsdl.
This question is related to
.net
wcf
web-services
ssl
https
Had same error with code:
X509Certificate2 mycert = new X509Certificate2(@"C:\certificate.crt");
Solved by adding password:
X509Certificate2 mycert = new X509Certificate2(@"C:\certificate.crt", "password");
Problem
I was running into the same error message while calling a third party API from my ASP.NET Core MVC project.
Could not establish secure channel for SSL/TLS with authority '{base_url_of_WS}'.
Solution
It turned out that the third party API's server required TLS 1.2. To resolve this issue, I added the following line of code to my controller's constructor:
System.Net.ServicePointManager.SecurityProtocol = System.Net.SecurityProtocolType.Tls12;
In case it helps anyone else, using the new Microsoft Web Service Reference Provider tool, which is for .NET Standard and .NET Core, I had to add the following lines to the binding definition as below:
binding.Security.Mode = BasicHttpSecurityMode.Transport;
binding.Security.Transport = new HttpTransportSecurity{ClientCredentialType = HttpClientCredentialType.Certificate};
This is effectively the same as Micha's answer but in code as there is no config file.
So to incorporate the binding with the instantiation of the web service I did this:
System.ServiceModel.BasicHttpBinding binding = new System.ServiceModel.BasicHttpBinding();
binding.Security.Mode = System.ServiceModel.BasicHttpSecurityMode.Transport;
binding.Security.Transport.ClientCredentialType = System.ServiceModel.HttpClientCredentialType.Certificate;
var client = new WebServiceClient(binding, GetWebServiceEndpointAddress());
Where WebServiceClient is the proper name of your web service as you defined it.
This error can occur for lots of reasons, and the last time, I solved it by modifying the Reference.svcmap
file, and changing how the WSDL file is referenced.
Throwing exception:
<MetadataSource Address="C:\Users\Me\Repo\Service.wsdl" Protocol="file" SourceId="1" />
<MetadataFile FileName="Service.wsdl" ... SourceUrl="file:///C:/Users/Me/Repo/Service.wsdl" />
Working fine:
<MetadataSource Address="https://server.domain/path/Service.wsdl" Protocol="http" SourceId="1" />
<MetadataFile FileName="Service.wsdl" ... SourceUrl="https://server.domain/path/Service.wsdl" />
This seems weird, but I have reproduced it. This was in a console application on .NET 4.5 and 4.7, as well as a .NET WebAPI site on 4.7.
We had this issue on a new webserver from .aspx pages calling a webservice. We had not given permission to the app pool user to the machine certificate. The issue was fixed after we granted permission to the app pool user.
Here is what fixed for me:
1) Make sure you are running Visual Studio as Administrator
2) Install and run winhttpcertcfg.exe to grant access
https://msdn.microsoft.com/en-us/library/windows/desktop/aa384088(v=vs.85).aspx
The command is similar to below: (enter your certificate subject and service name)
winhttpcertcfg -g -c LOCAL_MACHINE\MY -s "certificate subject" -a "NetworkService"
winhttpcertcfg -g -c LOCAL_MACHINE\MY -s "certificate subject" -a "LOCAL SERVICE"
winhttpcertcfg -g -c LOCAL_MACHINE\MY -s "certificate subject" -a "My Apps Service Account"
Ensure you run Visual Studio as an administrator.
This was exact the problem I was facing. At some other article I got a hint to change the configuration. For me this works:
<bindings>
<basicHttpBinding>
<binding name="xxxBinding">
<security mode="Transport">
<transport clientCredentialType="Certificate"/>
</security>
</binding>
</basicHttpBinding>
</bindings>
Source: Stackoverflow.com