cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

How to code a .NET application to send a X.509 Client Certficate to SAP WS

sarah_bavousett
Participant

on ‎10-29-2009 4:22 PM

0 Kudos

Thanks for any help,

I am lookin for a coding example of a .NET application that calls a Web Service from SAP ECC (RFC Web service) using x.509 certificate.

I can get the .NET application to call a SAP Web Service using no authentication or Username/password. I am getting "The request failed with HTTP status 401: Unauthorized." error returned to the .NET application. In ICM trace files I am getting "No Client Certificate ".

Any help would be appreciated,

Thank You

Sarah

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (1)

Answers (1)

ravi_raman2
Active Contributor
‎10-29-2009 6:25 PM
0 Kudos

Sarah,

This would be the xml. Are you looking for the .net code that creates the WSSE.

<?xml version="1.0" encoding="utf-8"?>

<wsse:Security

xmlns:wsse="http://schemas.xmlsoap.org/ws/2002/12/secext">

<wsse:BinarySecurityToken

ValueType="wsse:X509v3"

EncodingType="wsse:Base64Binary">

Ea4AHjbs1 ...

</wsse:BinarySecurityToken>

</wsse:Security>

<soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"

xmlns:xsd="http://www.w3.org/2001/XMLSchema"

xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/">

<soap:Body>

<HelloWorldResponse xmlns="http://tempuri.org/WebService/Service1">

<HelloWorldResult>string</HelloWorldResult>

</HelloWorldResponse>

</soap:Body>

</soap:Envelope>

Regards

Ravi Raman

Show replies
Show replies
sarah_bavousett
Participant
‎10-30-2009 2:51 PM
0 Kudos

Thank you Ravi Raman for your help.

What I am looking for is .NET application code such as this partial example.

I am having trouble coding the application properly to send a Client Certficate so that SAP recieves and interrprets it properly.

// Obtain the certificate.

try

{

X509Certificate Cert = X509Certificate.CreateFromCertFile("C:
mycert.cer");

// Handle any certificate errors on the certificate from the server.

ServicePointManager.CertificatePolicy = new CertPolicy();

// You must change the URL to point to your Web server.

HttpWebRequest Request = (HttpWebRequest)WebRequest.Create("https://YourServer/sample.asp");

Request.ClientCertificates.Add(Cert);

Request.UserAgent = "Client Cert Sample";

Request.Method = "GET";

HttpWebResponse Response = (HttpWebResponse)Request.GetResponse();

....

Thank you,

Sarah

Former Member
‎06-25-2015 3:32 PM
0 Kudos

Hi Sarah,

I know it's pretty old thread, I am working on similar requirement, if you could share some of your experience in achieving this would be grateful.

Thanks

Krish

sarah_bavousett
Participant
‎07-06-2015 3:44 PM
0 Kudos

Krish

We did not complete this due to time constraints, we stayed with the username/password method and moved on.

Sorry I could not help

Sarah

former_member183816
Active Participant
‎07-06-2015 5:18 PM
0 Kudos

Better look into stackoverflow, you will find solution there easily,

Connecting to SAP Web Service from C# .NET application - Stack Overflow

Former Member
‎07-07-2015 2:49 AM
0 Kudos

Hi Ambuj,

Yes, I looked at that code, the first question I am having is, what certificate I have to read , is that from user profile personal certificate or certificate stored on the server location?

What cert I need to import on to sap and what should be the expected certificate format to create certrule in sap.

any help greatly appreciated.

Thanks

Krish

former_member183816
Active Participant
‎07-07-2015 5:26 AM
0 Kudos

You need to read certificate, stored on the server location (SAP ABAP Sserver). You can try self signed certificate also, depends on your server's configuration.


There are two types of HTTPS authentication can be configured on  Server side i.e. SAP WS in your case.

1. without client authentication

2. with client authentication

In first approach client (.Net app in your case) don't have to authenticate itself to server. Only client needs to know, where it's sending data by exporting server certificate or by using self-signed certificate, if server certificate is not available (Try self signed certificate first).

In second approach you need to exchange SSL certificates between client and server. Without authentication between both, communication is not possible. These certificates are generated and provided by some authentic vendors. You can also create these certificates at client and server application if it allows.


Hope, it will clear your basic understanding about certificate exchange. I don't have any idea, where to find certificate for your client (.net app). For SAP ABAP server, you can easily extract it from certificate store by contacting there BASIS team.

Ask a Question