Thank god, finally i've found a solution after a long research, googling/binging and hard work. Just Recap: Third party web service (coded in Java) with X509 SecurityToken Https certificate consume in .NET.
Yes, we can consume the above service using old technology using WSE 2.0 / WSE 3.0 (Web Services Enhancements) and Latest using WCF. I've just tried using WSE 2.0 it's working as expected but with Error code "WSE464: No policy could be found for this message" still i can able to get see response in try..catch block and use appropriate decrypt XML response message.
Steps followed
Install the client given certificate (.pfx)
Open Microsoft Management Console (MMC) in run command type mmc → Enter a. File → Add/Remove snap in → Select certificate in list box → Click Add → Select My
Current User → Finish –> Click Ok.b. Select Trusted Root Certification → Expand it → Select Certificate → Right click on Certificate → Select All Tasks → Import → Select your Certificate location and finish the wizard process
Repeat Step 2 for Local Machine (Local Computer)
Install Microsoft WSE (Web Services Enhancements) 2.0 SP3 / WSE 3.0 Note. WSE 2.0/3.0 will support .Net Framework 2.0 only. http://www.microsoft.com/en-in/download/details.aspx?id=23689
Create new web application project in Visual Studio Expand project → Right click on Reference → Add Service Reference → Advanced → Add Web Reference → Paste your Service WSDL link in URL text box → Click on Go button (Pointing right arrow) → Since it's https it will show with popup with warning message click Yes until it's stops → Enter Web Reference name and click Add Reference button Right click → Reference → Add reference → Click Browse → \Program Files\Microsoft WSE\v2.0\ → Select “Microsoft.Web.Services2.dll” → Click Add Proxy/Stubbed class generated now → Look for Reference.cs file under Web Reference folder if not visible click Show all files in Solution Explorer. → Open Reference.cs file and Replace “System.Web.Services.Protocols.SoapHttpClientProtocol” with “WebServicesClientProtocol”
protected void Page_Load(object sender, EventArgs e) { private static string ClientBase64KeyId = "XPaTfx6Lx8dV/oh6ebOeOo4Xdummy"; MyService myClient = new MyService(); try { SecurityToken signingToken = GetClientToken(false); //Get the SoapContext for the SOAP request. SoapContext requestContext = client.RequestSoapContext; // Expire this message one minute after it is sent. requestContext.Security.Timestamp.TtlInSeconds = 3600; // Add the X509 certificate to the WS-Security header. requestContext.Security.Tokens.Add(signingToken); MessageSignature sig = new MessageSignature(signingToken); requestContext.Security.Elements.Add(sig); RequestClass request = new RequestClass(); request.Name =””; ResponceClass responce = myClient.QueryCsa(request); } catch(Exception ex) { lblResultMessage.Text = ex.Message; } public static X509SecurityToken GetClientToken(bool selectFromList) { X509SecurityToken token = null; // Open the CurrentUser Certificate Store and try MyStore only X509CertificateStore store = X509CertificateStore.CurrentUserStore(X509CertificateStore.MyStore); if (selectFromList) { //token = RetrieveTokenFromDialog(store); } else { token = RetrieveTokenFromStore(store, ClientBase64KeyId); } return token; } private static X509SecurityToken RetrieveTokenFromStore(X509CertificateStore store, string keyIdentifier) { if (store == null) throw new ArgumentNullException("store"); X509SecurityToken token = null; try { if (store.OpenRead()) { // Place the key ID of the certificate in a byte array // This KeyID represents the Wse2Quickstart certificate included with the WSE 2.0 Quickstarts // ClientBase64KeyId is defined in the ClientBase.AppBase class Microsoft.Web.Services2.Security.X509.X509CertificateCollection certs = store.FindCertificateByKeyIdentifier(Convert.FromBase64String(keyIdentifier)); if (certs.Count > 0) { if (!certs[0].SupportsDigitalSignature || (certs[0].Key == null)) { //MessageBox.Show( // "The certificate must support digital " + // "signatures and have a private key available."); //securityToken = null; } // Get the first certificate in the collection token = new X509SecurityToken(((Microsoft.Web.Services2.Security.X509.X509Certificate)certs[0])); } } } finally { if (store != null) store.Close(); } return token; }
}
Add the following code in in your page and Get ClientBase64KeyId value from X509 Certficate Tool.
Start → Program Files → Microsoft WSE 2.0 → X509 Certificate Tool → Select Certificate Location is Local Computer → Sore Name is Personal → Click Open Certificate Button, listed with certificates and select appropriates which is one installed using MMC. Now pick the values from Key Identifier (Based64 Encoded) value and use it below code. If your application is Asp.Net Web application, it may not accessible so click 'View Private Keys File Properties' button and assign appropriate Security permission in the same tool itself.
Almost we've done 70% of work. Now it's very crucial part going to do now... Yes we're going to apply Policy details.This is all about Security Policy related to X509 Certificate which defines about what part it's going to Sign (Signature), Encryption, Integrity, Confidentiality and so on. Don't panic we have helper called WSE 2.0 Tool, Yes chumma :) try it Start → Program Files → Microsoft WSE 2.0 → Configuration Editor → File → Open → Point to Web.config from your application
General => Check both the Check Boxes
Security, Routing and Customized Filters => They are not called me:) So Leave It.
Policy => Very Important. 1. Check Enable Policy 2.Click Add → Name
it / Enter any name → Next → Leave it default (Secure Client
Application) → (Default) Next → Next → (Default: X509 Certificate) → Next → Select Certificate → Select appropriate certificate from the
list → Ok → Next → FinishTokenIssuing => Leave it
Diagnostics => Check it appropriate check boxes for tracing and
logging purposeFile → Save → Close it :)
Now one would've created policyCache.config which is referenced in Web.config file. Here we have add our HTTPS service URL in . Done
This is achieved by WSE 2.0. Yes i know this is old technology. I am trying to consume with WCF as Client... I will post it next session....
:) Happy Programming :) JaiSankar