my dog learned polymorphism*
The moose likes Web Services and the fly likes Java service and c# client https Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Java » Web Services
Bookmark "Java service and c# client https" Watch "Java service and c# client https" New topic
Author

Java service and c# client https

John Landon
Ranch Hand

Joined: Sep 25, 2008
Posts: 227
Hi,
I probably touched this in another thread but...
I have Jax-ws Java web service on tomcat via https.
I have self signed certificate and can access the wsdl via web browser.
How do I write a c# client to access this web service via https (it already accesses it via http).

Thanks,
John.
Jimmy Clark
Ranch Hand

Joined: Apr 16, 2008
Posts: 2187
If you have the service available via HTTPS via Tomcat, are you stating that you have a C# client application that can access the service via HTTP?

What is the URL that is in the WSDL file for the service? Please post.
[ December 09, 2008: Message edited by: James Clark ]
Peer Reynders
Bartender

Joined: Aug 19, 2005
Posts: 2922
    
    5
Originally posted by John Landon:
Hi,
I probably touched this in another thread but...


JaxWs https and certificates

Have you tried to install the server certificate in the Windows Certificate Store of the client machine with the Certification Manager Microsoft Management Console snap-in (certmgr.msc)?
John Landon
Ranch Hand

Joined: Sep 25, 2008
Posts: 227
Originally posted by James Clark:
If you have the service available via HTTPS via Tomcat, are you stating that you have a C# client application that can access the service via HTTP?

What is the URL that is in the WSDL file for the service? Please post.

[ December 09, 2008: Message edited by: James Clark ]


https://localhost:8443/services/WebService
Jimmy Clark
Ranch Hand

Joined: Apr 16, 2008
Posts: 2187
Thanks. Not sure if you are using a C# IDE or not. Either way, you first need to create a proxy for the web service. There is a .NET utility program called wsdl.exe which will do this for you. Once you have code for the web service proxy, you then need to create a DLL file, which is then available for any client applications to use.

Good luck!
John Landon
Ranch Hand

Joined: Sep 25, 2008
Posts: 227
Originally posted by James Clark:
Thanks. Not sure if you are using a C# IDE or not. Either way, you first need to create a proxy for the web service. There is a .NET utility program called wsdl.exe which will do this for you. Once you have code for the web service proxy, you then need to create a DLL file, which is then available for any client applications to use.

Good luck!


I did all that. I created the stub and that's how I access the http but for https it doesn't work.
Jimmy Clark
Ranch Hand

Joined: Apr 16, 2008
Posts: 2187
If you are hosting the service with a HTTP URL and created a proxy for the HTTP URL, then the proxy will not work for a HTTPS URL.

If you are hosting the service with a HTTPS URL and created a proxy for the HTTP URL, then the proxy will not work for the HTTPS URL.
[ December 10, 2008: Message edited by: James Clark ]
John Landon
Ranch Hand

Joined: Sep 25, 2008
Posts: 227
Originally posted by James Clark:
If you are hosting the service with a HTTP URL and created a proxy for the HTTP URL, then the proxy will not work for a HTTPS URL.

If you are hosting the service with a HTTPS URL and created a proxy for the HTTP URL, then the proxy will not work for the HTTPS URL.

[ December 10, 2008: Message edited by: James Clark ]

here is the whole story:
web page
Jimmy Clark
Ranch Hand

Joined: Apr 16, 2008
Posts: 2187
That is a big story

Either way, HTTPS is not really a good way to secure access to a web service. This is a transport-level security measure where everything is encrypted. This "blanket" encryption may work for a limited implementation with only two applications. It will not work when there are multiple parties or more complex security requirements.

Message-level security (opposed to transport-level security) is the better option and enables the flexibility and agility benefits of the web service paradigm. With this approach, different parts of a message can be protected differently and securely processed by multiple parties/intermediaries.

For more information, check out the WS-Security, XML Encryption, and XML Signature standards.

Good luck!
[ December 10, 2008: Message edited by: James Clark ]
Peer Reynders
Bartender

Joined: Aug 19, 2005
Posts: 2922
    
    5
Support Certificates In Your Applications With The .NET Framework 2.0

SSL Support
The SSL authentication protocol relies on certificates. Support for SSL in the .NET Framework consists of two parts. The special (but most widely used) case of SSL over HTTP is implemented by the HttpWebRequest class (this is also ultimately used for Web service client proxies). To enable SSL, you don't have to do anything special besides specify a URL that uses the https: protocol.
When connecting to an SSL secured endpoint, the server certificate is validated on the client ...

Web Service Security
The WS-Security standard specifies client and server authentication and secure communication using certificates. Toolkits like the Web Services Enhancements (WSE) for the .NET Framework and technologies like the Windows Communication Foundation fully support this. Again, this boils down to supplying a certificate either in code or through configuration. The following snippet shows how to add a client certificate to a Web service proxy using WSE3:
...
With Windows Communication Foundation, you typically provide a reference to a certificate store in a configuration file (see Figure 8). As you can see, all configuration attributes map directly to the enums used earlier in code.
...

[ December 10, 2008: Message edited by: Peer Reynders ]
John Landon
Ranch Hand

Joined: Sep 25, 2008
Posts: 227
SSL Support
The SSL authentication protocol relies on certificates. Support for SSL in the .NET Framework consists of two parts. The special (but most widely used) case of SSL over HTTP is implemented by the HttpWebRequest class (this is also ultimately used for Web service client proxies). To enable SSL, you don't have to do anything special besides specify a URL that uses the https: protocol.
When connecting to an SSL secured endpoint, the server certificate is validated on the client ...


Yes but it's just doesn't work.
Peer Reynders
Bartender

Joined: Aug 19, 2005
Posts: 2922
    
    5
Originally posted by John Landon:
Yes but it's just doesn't work.


Originally posted by John Landon:
I have self signed certificate and can access the wsdl via web browser.


The self-signed certificate may be part of the problem. Browsers accept countless server certificates because the certificates are signed by a trusted certifying authority (Verisign, Thawte, etc). A self-signed certificate doesn't have that credibility. This is the reason why you have to import the certificate into the client's certificate store - it's a way of saying "yes, I trust the server with this certificate".

Does the browser report a warning when you access the WSDL via https (port (8)443) ?

Did the warning appear only the first time or does it happen every time you access the https-WSDL?

Which browser are you using?

Some versions of the .NET framework and Internet Explorer may share the same certificate store - just don't count on it. I also do not know whether Firefox (or any other third party browser) uses the Windows Certificate Store or whether it keeps its own certificate store. So you have to make sure with the Certificate Manager Microsoft Management Console snap-in (certmgr.msc) that the server certificate is in fact in the client store. That is the only way that the .NET client will establish an HTTP connection over SSL/TLS - otherwise it errors out because the fact the certificate isn't signed by a trusted certifying authority (which may indicate that it is connecting with a rogue web site).

Also take into account that earlier releases of the .NET framework and WSE (now assimilated by the WCF) may not be quite as "smooth" in their operation.

To get this problem under control you may have to expose a static HTML page through https on your server and make a simple C# client that uses System.Net.HttpWebRequest to retrieve the page's HTML.

Fetching Web Pages with HTTP
You can use System.Net.ServicePointManager.ServerCertificateValidationCallback to determine whether the client is rejecting the server certificate (as a diagnostic tool - not a remedy).

Once you have figured out the appropriate client (certificate store) configuration you can try your web services client.

Isn't interoperability fun?
John Landon
Ranch Hand

Joined: Sep 25, 2008
Posts: 227
Yes the browser does ask me if I trust this certificate and I have to say yes. The question is how do I say yes in the code?
Peer Reynders
Bartender

Joined: Aug 19, 2005
Posts: 2922
    
    5
Originally posted by John Landon:
Yes the browser does ask me if I trust this certificate and I have to say yes. The question is how do I say yes in the code?


You don't. Try the following:

On the Windows client machine open Windows Explorer.
Find the "tomcat.certificate" that you generated and rename it "tomcat.cer".
Now right-click the "tomcat.cer". You should get an "Install Certificate" option in the context menu.
Click on "Install Certificate" and run through the Certificate Import Wizard (Hopefully it will know where to put it).

If all goes well, fire up Internet Explorer and navigate to the https-WSDL - does it still ask?

If it doesn't ask - go fire up the C# client that uses the https endpoint. If both IE and the .NET Framework use the same certificate store then that client may work now.
John Landon
Ranch Hand

Joined: Sep 25, 2008
Posts: 227
Originally posted by Peer Reynders:


You don't. Try the following:

On the Windows client machine open Windows Explorer.
Find the "tomcat.certificate" that you generated and rename it "tomcat.cer".
Now right-click the "tomcat.cer". You should get an "Install Certificate" option in the context menu.
Click on "Install Certificate" and run through the Certificate Import Wizard (Hopefully it will know where to put it).

If all goes well, fire up Internet Explorer and navigate to the https-WSDL - does it still ask?

If it doesn't ask - go fire up the C# client that uses the https endpoint. If both IE and the .NET Framework use the same certificate store then that client may work now.

Tried. it says that the file is invalid to use as a certificate
Peer Reynders
Bartender

Joined: Aug 19, 2005
Posts: 2922
    
    5
I was afraid of that. It denies the certificate because it wasn't issued by a trusted certifying authority.

Basically you have to set yourself up as a "minature signing authority" in the certificate store for the certificate to be accepted.

This is alluded to in keytool.exe : Java Glossary. However I haven't been able to locate an equivalent Windows/.NET discussion.

I guess this is where most people give up and simply buy a certificate from a legitimate signing authority.
 
It is sorta covered in the JavaRanch Style Guide.
 
subject: Java service and c# client https
 
Similar Threads
Call https .net webservice using Java client
WSDL - how to connect to webservice
Https and wsdl
Invoking a https webservice
Print to ipp via ssl