I need to invoke a REST-based service from Windows Phone 7.
The service only accepts the request if the following conditions are satisfied:
The request must happen over HTTPS/SSL
The request must be authenticated with a client X509 certificate
I don't control the service, so I can't change the authentication requirements.
On the full framework, we can do things like this:
HttpWebRequest request = (HttpWebRequest)HttpWebRequest.Create(uri);
request.ClientCertificates.Add(accessCertificate);
However, the ClientCertificates property isn't available in Silverlight 4, and neither do any of the X509 classes from the System.Security.Cryptography.X509Certificates namespace seem to be available.
Is it really impossible to make Client Certificate-based HTTPS requests from Windows Phone 7?
Client certificates are not supported by the 3rd party WP7 SDK currently.
Confirmation here for your reference.
Problems with client certification authentication on WP7
Whilst it's possible to install certs on the device through email (referenced in an exhcange integration solution), your app won't use them.
There are only 2 ways to install 3rd party certificates on the device and neither can currently be done through code:
Installing certificates via Windows®
Internet Explorer®
A certificate can
be posted on a website and made
available to users through a
device-accessible URL that they can
use to download the certificate. When
a user accesses the page and taps the
certificate, it opens on the device.
The user can inspect the certificate,
and if they choose to continue the
certificate is installed on the
device.
Installing certificates via email
The certificate installer on
Windows Phone 7 supports .cer, .p7b,
and .pfx files. When installing
certificates via email, make sure your
mail filters do not block .cer files.
Certificates that are sent via email
appear as message attachments. When a
certificate is received, a user can
tap to review the contents and then
tap to install the certificate.
Typically, when an identity
certificate is installed the user is
prompted for the passphrase that
protects it.
You'll have to get the user to perform one of these actions before the app will work with the certificate.
From Windows Phone 7 and Certificates_FINAL_121610.pdf
So you can us oAuth for authentication and pass the token in the request header. If you check out acs.codeplex.com you can see how this is done using the Azure ACS system. I realize you may not be using Azure, but the reference app may help. I would also search for oAuth and Windows Phone 7, I have found a few examples that way too.
As far as SSL, you should be able to do that through the browser with out any issue. You can also open any https Url using an HttpWebRequest, etc.
Related
I have made an app with Spring Boot on backend and UI in AngularJS. UI is separate from the backend. UI is deployed in Firebase and my backend in deployed in AWS (via boxfuse). I want to add a trusted https certificate to my backend but Certificate Manager does not let me create a trusted certificate for Amazon owned domain. How can I add a certificate to the backend (with Let's Encrypt)? Does my UI also need a trusted certificate?
First of all, If you are using public domain of EC2 instance, I would advice not to use because whenever you start and stop instance, It will change the domain. If you are doing with let's encrypt than you should do it in the server which having apache configured. Let's encrypt provide you the ACME client, most recommended is certbot. Choose your OS and Web server. It will provide you the script, Run that script in your server and it will ask for required detail which needed to get SSL Certification. Rest of the things script will do it for you. Please read the documentation before you perform this things.
You should consider the domain type as well either you are using single domain or wildcard according to your application.
Below link is useful for me, If you want you can get more detail about this.
https://www.digitalocean.com/community/tutorials/how-to-install-an-ssl-certificate-from-a-commercial-certificate-authority
In CEF (Chromium Embedded Framework) support to display Client Certificate list dialog is not available, due to which I cannot display a certificate list using CefSharp browser while using PKI authentication. What CEF does support, is signing the user in by making use of the "first" certificate in the list. This works great if you only have a single certificate on your client.
The problem occurs when you have multiple valid certificates and the only certificate CEF uses is the first one. So is there a workaround for this?
Is there a way to "re-order" the client certificate list, to switch the certificate you need as the first one?
I've installed ssl certificate (which I downloaded from a webbrowser) via email on the device. Unfortunately, after the installation I still can't open the page in IE without warning ('It looks like the security certificate wasn't issued by a trusted certificate authority...').
I have to install my custom certificate properly, because without it I can't provide https connection between my wp 8.1 silverlight app and my web service. I tried .p7b, .peb, .cer and .cert certificates.
Any suggestions?
Untrusted certificates only work for email inboxes, not for apps. Either use HTTP or a paid cert.
We have an intranet web based information portal. Now, under development is module for internal orders.
The problem is: When the approver approves the order, it accesses page that requires https and accessing it should be much secure than a simple (second) password authentication.
The first idea was to pair certified connection between the server and client, i.e. the server should recognize that client has installed appropriate certificate, otherwise, to show inaccessible page message.
We played with OpenSSL certificates, but because we are newbie in that, there was no success.
Which is the right way to do this?
Probably, this is important: The certificates was done under Linux. They should work on Win2003 server with installed Apache2 with enabled SSL module (PHP, MySQL). Also - pages can be accessed only via IP address of the server. Is it OK to configure certificate for IP address? Information we used to generate certificates is here.
Is there another way to secure connection between client and server in that case, i.e. to ensure that only privileged client (computer, browser) is accessing the secured page? If you have other suggestions, they will be well appriciated.
I'm about to start a project with WPF which uses a web service to get info etc.
A username and password is required to authenticate you and get data which belongs to you.
I would like my WPF application to store the username and password. But I don't want to store it. So I was thinking. It would be cool if after I login for the first time it would generate a certificate at the WCF end and give it to the WPF application which can be used for each and every call.
Is what I'm thinking possible? Another problem I would like to tackle is how do I avoid someone copying and pasting the certificate?
Update
Based on #zamd suggestion. This is what I would like to solve.
Webservice uses WCF Web Api
Site has forms authentication
Site signs in with Username and Password which is validated by a Token Service
Webservice can authenticate the users token provided by the Token Service
I found this very useful blog article http://weblogs.asp.net/cibrax/archive/2011/02/04/authenticating-clients-in-the-new-wcf-http-stack.aspx but I would like to use Forms Authentication to get the SAML Token
You should look into Claims-based-security and SAML Token.
At login, you application should go to your service or a 'security service' also known as 'Security Token Service' and get a SAML token in exchange of a userName/Password pair. SAML tokens are usually secured for the receipient and can be safely stored on the client side until they are expired.
Every time you need to call WCF service, you can use this SAML token for rich authentiction and authorization.
Your understanding of Certificate base authentication is incorrect. Certificates are used for establishing SSL connection, are used to encrypt data using asymmetric encryption and authenticate user but to authenticate user against a certificate the certificate should be installed on the user's system and not provided by the WCF service. This requires one to setup a PKI infrastructure.
The other options you can look at is to use
ASP.Net form authentication with running WCF service in ASP.Net compatibility mode. In this case once authenticated only the auth cookie would pass there after.
Look at this question for some other ways User/Pass Authentication using RESTful WCF & Windows Forms
If you have to use username/password combination then you can get Windows to store it for you under Windows 7, Windows Server 2008 (and perhaps Vista) using the Windows Credential Manager. You need to fall down to p/invoke calls (
http://pinvoke.net/default.aspx/advapi32/CredRead.html and http://pinvoke.net/default.aspx/advapi32/CredWrite.html) for this.
The only issue I had with this is that it didn't work on Windows Server 2003 even though the documentation says that it is a supported OS.