http://15seconds.com/issue/020312.htm--> 참조 웹사이트...
현재 제가 작성한 코드는 이 사이트를 참조해서 했습니다.
만약 현재 이 사이트에서 작성한 코드가 맞다면, 단지 잘못한것은 인증을 서버으로 통해서 하지 않고, MAKECERT을 사용해서, 진행을 했습니다.
이 부분을 참조해서 해결좀 해주세요...ㅠㅠ...
클라이언트의 인증에서 Common name(CN)값을 추출해야 하는데, wse를 사용하지 않고요,,왜냐하면, wse을 사용하면, webserive에서
베이스 클래스를 수정해야 하는것으로 알고 있습니다. 그리고 webservice의 SoapHttpClientProtocol으로 파생되는것으로 알고 있느데...
그리고, windows 2000에서 웹서비스 서버를 구성할 때, 서버인증서를 받아서 설치하면 되나요...
그럼 수고하세요.
Client Certificate Authentication
As the name implies, this type of authentication uses certificates for authenticating users.
There are two types of certificates -- server certificates and client certificates. Server certificates ensure that the identity of the server is valid and we can trust it; similarly client certificates ensure that the identity of the client is valid and the client can be trusted. Some trusted third-party Certificate Authority (CA) issues these certificates.
While invoking Web Services, a client must present a valid client certificate to the Web server. The Web server uses the client certificate for authentication purposes.
To configure a Web Service to use Certificate authentication, perform the following steps:
Install SSL on the server computer
Configure the Web application to accept client certificates. For information about certificates, please visit the following site: http://localhost/iishelp/iis/htm/core/iiabcsc.htm
Modify the Web.config file and set the mode attribute of the <authentication> node to "Windows".
Apart from the above steps, we can map certificates to Domain or Active Directory accounts. For more information about mapping certificates to Windows 2000 user accounts, please refer to Step-by-Step Guide to Mapping Certificates to User Accounts.
Now we will see how to access the Web Service that has been secured by using the certificates. On the client side, we must have the client certificate in the form of an xxxx.cer file. This file contains the client certificate and CA issues it.
For testing purposes, I have created the CCWebservice.asmx Web Service that contains a method named GetCertificateDetails. This method returns a ClientCertificateDetails object that contains some information about the certificate the client sent to the server while invoking this method on our Web Service.
Following is the minimal code that is required to access the Web Service:
1. CSWebservices.CCWebservice objws ;
2. objws = new CSWebservices.CCWebservice() ;
3. X509Certificate objCert ;
4. objCert = X509Certificate.CreateFromCertFile("C:\\certfile.cer") ;
5. objws.ClientCertificates.Add(objCert) ;
6. CSWebservices.ClientCertificateDetails objCertDetails ;
7. objCertDetails = objws.GetCertificateDetails() ;
In the above code, line 4 is creating an object of type X509Certificate. This class represents the Authenticode X.509 v.3 certificate. Since we have a certificate in the form of a CER file, we initialize the certificate object by calling CreateFromCertFile and pass in the path to the CER file. Line 5 is adding this certificate into a collection of certificates that should be sent to the server with Web Service method invocation request.
The beauty of this mechanism is that the interaction between client and server is seamless. Unlike other methods, clients are not required to interactively enter a user's ID and password because all of it has been taken care of by the client certificate. This type of security mechanism is good for Business-to-Business (B2B) processes and transaction where no manual interaction is required.
[최초 등록일: ]
[최종 수정일: 8/29/2006]