Wednesday, 15 February 2017

Using PowerShell New-WebServiceProxy to access Web Services with Client Certificate Authentication

We've recently been looking into helping our customers implement two factor authentication with client certificates.

This was going very well, until writing the help to consume our ASP.NET soap web services with a client certificate.

Here's the problem... It seems that the New-WebServiceProxy cmdlet does not support passing client certificates when it generates the compiled WSDL.

$uri = "https://centrel-ws02/xiaconfiguration/webservice/xiaconfiguration.asmx"
$proxy = New-WebServiceProxy $uri -UseDefaultCredential 


The following error is returned
New-WebServiceProxy : The request failed with HTTP status 403: Forbidden.

This limitation is confusing because the following command would help, however the cmdlet requires that a connection is immediately made, which is then too late to add the certificate


$proxy.ClientCertificates.Add($certificate)


This is somewhat annoying given that the Invoke-WebRequest cmdlet does have client cetificate functionality built in


$reqest = Invoke-WebRequest -Uri $uri -UseDefaultCredentials -CertificateThumbprint "FD68506860158BA2B878E0322094E5A6092EDDE6"




Workaround
The only workaround we've managed to find is to save the WSDL from the web service in a web browser and manually add the certificate

$proxy = New-WebServiceProxy "file://c:\temp\my.wsdl"
$certificate = Get-ChildItem Cert:\CurrentUser\My\FD68506860158BA2B878E0322094E5A6092EDDE6
$proxy.ClientCertificates.Add($certificate)
Write-Host $proxy.SomeMethod()

No comments:

Post a Comment