Hi, I have one problems. I used X509 certificate to call asmx web service. The communication scenario is :
client pick a x509 certificate from certstore, add to proxy object and call method CreateConnection on web service side: Code is here :
private void button1_Click(object sender, EventArgs e) { X509Certificate2 cert = new X509Certificate2(PickCertificate(StoreLocation.CurrentUser, StoreName.My)); //SSL obj.Url = "https://test/WebService/service1.asmx"; obj.ClientCertificates.Add(cert); obj.CreateConnection(); }
2.1) On web service site is extracting X509 certificate from Context.
2.2) The webmethod CreateConnection call my own object SecureUtility, which write data from X509 certificate to the SQL database.
Problem is : I call web method CreateConnection with certificate people1, to the database are wrote good data from certificate people1.
Now I call web method with same instance of application with certificate people2, to the database are wrote (bad data) data from certificate people1.
So I call web method with same instance of application with certificate people3, to the database are wrote (bad data) data from certificate people1.
I check data from client certificate on client side, they are good.
But data from certificate on web service side are same (from first certificate) from all time of communication, which I used.
Can somebody help me? I don't know where can be problem. :( I try everything, but I don't solve my problem.
Here is my code:
This is web method, which I call from client, this method extraction X509 cert from context And call method CreateUser from my object SecureUtility. Method CreateUser, write data to SQL database.
[WebMethod(]
[SoapHeader("Ticket", Direction = SoapHeaderDirection.Out)]
public void CreateConnection(string publicClientKey)
{
//my own object
SecureUtility secureUtil = null;
X509Certificate2 cert = null;
try
{
// extracting X509 certificate from Context
cert = new X509Certificate2(Context.Request.ClientCertificate.Certificate);
//create instance of my object
secureUtil = new SecureUtility();
//call method CreateUser from object
secureUtil.CreateUser(cert);
TicketIdentity ticket = new TicketIdentity(secureUtil.GetGuid());
Application[ticket.Ticket] = ticket;
Ticket = new TicketHeader(ticket.Ticket);
}
catch (Exception ex)
{
System.ArgumentException argEx = new System.ArgumentException(ex);
throw argEx;
}
}
This is my class SecureUtility. In class SecureUtility
public class SecureUtility
{
private string Subject; //Common name from x509 cert
public void CreateUser(X509Certificate2 cert)
{
//verify cert
if (cert.Verify())
{
//extracting Common name from certificate
Subject = cert.Subject.ToString();
WriteUserData();
}
else
{
throw new SecurityException("Bad cert");
}
Subject = null;
}
// this method write string Subject in database
private void WriteUserData()
{
SqlConnection conn = null;
SqlCommand cmdIns = null;
try
{
conn = new SqlConnection(@"Data Source=.\SQLEXPRESS; Integrated Security=True;" +
@"AttachDbFilename=|DataDirectory|\LoginDatabase.mdf;");
conn.Open();
string sql = "Insert into ConnectionTable (Subject)"
+ "VALUES(@subject);";
cmdIns = new SqlCommand(sql, conn);
SqlParameter _subjectParam = new SqlParameter("@subject", DbType.String);
_subjectParam.Value = Subject;
cmdIns.Parameters.Add(_subjectParam);
cmdIns.ExecuteNonQuery();
}
finally
{
conn.Close();
if (conn != null)
conn.Dispose();
}
}
}