cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

How to call XI webservice from .Net with certificate based client authentic

gopalkrishna_baliga
Participant

on ‎02-15-2008 1:15 PM

0 Kudos

Hi Experts,

I have a requirement where a .Net (C sharp code) application will call my XI webservice.

.Net >webserviceSOAPAdapter >XI>RFC Adapter->R/3

.Net application can call the XI webservice only after digital certificate based authentication. XI acts as the server to authenticate .Net client application.

XI server is SSL enabled. So the webservice will be called via HTTPS URL that is like https://<XIserver>:<port>/XISOAPAdapter/MessageServlet?channel=:<Sender Service>:<Sender Communication channel>

I have done all the necessary setups required in the sender communication channel and sender agreement. Moreover certificate with public key is also installed in the XI's J2EE server keystore. The private key is kept with .Net client.

In the .Net client code we are passing the private key file (*.pfx).

But unfortunately even after all these settings .Net client returns 401: unAuthorized error.

What could be the problem? What am I missing in XI server settings? What am I missing in .Net side?

It will be greate if someone can send me the C# code snippet that is used for certificate based authentication?

Please help! This is very urgent!

Your help will be greatly appreciated and I will be sincerely greatefull to you.

Thanks

Gopal

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (1)

Answers (1)

otto_frost4
Participant
‎02-18-2008 4:25 PM
0 Kudos

Hello,

On the XI you need to to the following.

Install a server certificate in the ABAP side in transaction STRUST. Make sure it has the Common Name CN set to the server name (domain name), must be the same as in the name in DNS. It should be signed by a CA.

map userid certificate x509, table USREXTID, report RSUSREXT

transaction EXTID_DN, important that the DistringName (DN) is exactly the same.

(you may import the certificate to view the DN) (you map the client certificate to a userid in XI ABAP)

when connecting to XI connect through the ICM. check the port in SMICM.

In trans SMICM, check the logs, and increase the log level, so you can view the errors.

You need to install the CA certifiate of the XI servers server certifiacte in you trusted CA keystore on the windows platform.

You need to install the CA certificate of the client certificate in the trusted CA keystore on ABAP XI.

Hint: to test use the CYGWIN "curl" application.

And yes, the doc for the PCK tells you to install certificates in the java visual admin which is correct for the PCK, or maybe if you don't connect through ICM.

Show replies
Show replies
Ask a Question