Does anyone know if it the IT-Hit WebDav Server (http://www.webdavsystem.com/server) can accept and check client certificates? Perhaps it is something that IIS does for the product when deployed in an IIS?
IT Hit WebDAV Server is based on IIS or HttpListener (two different implementations).
IIS supports client certificates, this means WebDAV Server based on IIS will work fine. All you need to do is setup your IIS.
As I see from this question HttpListener supports client certificates too. If you are missing something to make it work (can not reach some property for example), please contact me.
Related
I'm hosting a couple of sites on IIS 8.5 (Windows server 2012-R2).
These https sites are bound using a UCC SSL certificate from GoDaddy.
I created a new site on IIS and added binding using the "IIS Express SSL Certificate".
This caused the rest of my sites to stop responding to https requests.
I had to reassign the UCC SSL so my sites could work with HTTPS again, but I was wondering if anyone knows why this happens. Having these things happening in a production server is a nightmare so I was wondering if anyone could shed some light on this matter.
This usually happens when you use the same IP or port with all the HTTPS sites. if you want to use the same binding with the different hostname you could use the SNI(Server Name Indication).
Server Name Indication (SNI), which is a TLS extension to include a virtual domain as a part of SSL negotiation. What this effectively means is that the virtual domain name, or a hostname, can now be used to identify the network endpoint. In addition, a highly scalable web hosting store has been created to complement SNI. The result is that the secure site density is much higher on Windows Server 2012 and it is achieved with just one IP address.
It should be noted that in order for this feature to be used, your client browsers have to support SNI. Most modern browsers support SNI; however, Internet Explorer (of any version) on Windows XP does not support SNI.
When you assign the https binding to the site you just need to check the Require Server Name Indication checkbox.
I have WCf service hosted in windows service.
I would want to know how would i make service accessible only through SSL and use certificate provided by certificate issuer(Godaddy,verisign etc).
If you created a WCF-Service you'll be forced to use an Windows IIS Server to host your application. When using an IIS, you can specify the Port and an SSL-Certificate.
To do this, just
add a new Website to your IIS. Make sure, you are using an application pool that supports .NET Framework 4.0.
copy your compiled WCF-Service and all references/files that your services needs to the associated IIS-Site-Folder
Configure the Bindings of this IIS Page. You need an imported SSL-Certificate at this point. If you already imported it, you can choose it from a ListBox within the Bindings-Dialog.
Within that dialog, you can specify the port
Make sure you've opened that port on your firewall
If you delete other bindings (meaning all HTTP Bindings), you can make sure that your service is only reachable through SSL and your specific port.
If you need cheap, good and multidomain/wildcard certificates, please check out StartSSL. In my opinion, they serve you the best.
You can find more information about IIS Configuration here.
I have a WCF service that I want to secure with Client Certificates but I cannot get it to work on Azure.
I removed Azure from the equation by hosting the service on a standard Windows Server on Amazon. I installed both the service and client certificates (none are self-signed) into the Local Machine 'Personal' store on this server including the chained certificates and it all worked as expected, called from my local PC, with the client cert set against the binding/behavior. It did not work without the certificate being specified so it definitely worked correctly this way.
I then deployed the service to Azure. The client and server certificates are uploaded to the portal and set in the config against "Local Machine/My" and the CA and root certificates are uploaded and I tried them in various stores including "My", "Trusted" and "CA". Every variation I try, I continue to get "The HTTP request was forbidden with client authentication scheme 'Anonymous'" called from exactly the same program locally with the only change being the client endpoint address.
As another detail, I can get it to work without certificates so there is no problem with the web service but I am unsure how to work out what is actually happening with the certificate handshake between client and service.
I have finally got it to work, and have written a guide here: Blogspot.co.uk
I'm not sure what I had got wrong before since I have not done anything too weird to make it work. I think perhaps I had a small defect somewhere in configuration that I eventually fixed by starting again. Anyway, it DOES work and provides some useful security on Azure.
See my answer to this SO post - bottom line, cert in LocalMachine/My and run with elevated privileges in csdef file add:
<Runtime executionContext="elevated" />
I would like do use Atomic Transactions between WCF and Weblogic, but I'm facing many problems to configure it.
I've already turned on the Wsat on Windows and associated it a valid certificate. I also enabled the SSL on IIS and configured the https port.
My main doubts are about the right WCF binding configurations and how and where I import the IIS certificate on Weblogic.
I imported my Wsat certificate in Demo.jks file (Weblogic keystore), but it did not work.
Best regards,
ps: Forgive my poor english :)
Summary:
Does anybody know if there are known issues or configuration gotchas with an IIS service connecting to an Azure based service?
Scenario:
I currently have a scenario that requires me to host two web-services, one in Azure, and one on a server running IIS. The IIS hosted service (a WCF service) connects to the Azure hosted service (actually the Azure storage API) in order to fetch certain information. This information is manipulated and returned to the client.
Client -> IIS Service -> Azure Storage Service
Issue:
I'm running into issues with the IIS service connecting to the Azure Service. The hostname cannot be resolved. I'm using the Azure Storage client from my code, but have actually tried this using the azure API calls, and they also do not work from IIS. I captured the requests using Fiddler (on a different machine), they match the azure REST API calls, as expected. These requests, when made outside of IIS on the host machine execute properly. It is only when they are issued by the IIS service that they fail.
In my research other people have been running into this issue when there's a firewall problem, but since I can hit the service properly from the machine, that doesn't seem to fit the bill. My hunch is that there's a configuration issue I need to sort out in IIS, but I've failed to find anything useful with my searches.
Does anyone have any information on why this might be occuring (known bugs, gotchas etc)? Any workarounds? From a SOA perspective, this seems fairly critical to understand.
Any assitance anyone has would be helpful. Thank you.
Sounds like a proxy configuration issue. Check how your IIS server connected to Internet. If you are using some sort of proxy to get to Internet, that connection has to be configured correctly.
Specifically, if your proxy servers are Microsoft ISA server, or Microsoft Forefront TMG, then you need to check two things:
ISA server client or Forefront TMG client software is installed on the server
The account used by IIS application pool is domain user. ISA Server/TMG are designed to work only with user account, not service account. Alternative workaround for this limitation is using "defaultProxy" configuration in web.config, however it only wokrs for HTTP/HTTPS.
If you use different proxy server, then other issues might be involved, for example proxy might require authentication.