Saturday, February 27, 2010

How to determine the server certificate given an https wcf proxy?

12:37 AM  cyber news  No comments

One day when you are using https transports in WCF you might try to figure out what certificate the server is using. That is going to be the day you're glad you found my blog. 
 
namespace WebClient
{
    using System;
    using System.IdentityModel.Tokens;
    using System.ServiceModel;
    using System.ServiceModel.Channels;

    /// 
    /// Interface implemented by a random https bound web service I found on the web. 
    /// 
    [ServiceContract (Namespace="http://arcweb.esri.com/v2")]
    interface  IVersion
    {
        [OperationContract]
        string getVersion();
    }

    class Program
    {
        static void Main(string[] args)
        {
            var httpsBinding = new BasicHttpBinding(BasicHttpSecurityMode.Transport);
            var endpointAddress = new EndpointAddress("https://arcweb.esri.com/services/v2/AccountInfo");
            var serviceClient = new ChannelFactory<IVersion>(httpsBinding, endpointAddress).CreateChannel();

             // Instantiating an OperationContextScope populates the OperationContext.Current property
             using (OperationContextScope scope = new OperationContextScope(serviceClient as IContextChannel))
             {
                  serviceClient.getVersion();
                  // Certificate not available until after an API call. 
                  var myCertificate = (OperationContext.Current.IncomingMessageProperties.Security.TransportToken.SecurityToken as X509SecurityToken).Certificate;
                  Console.WriteLine(myCertificate);
             }
         }
    }
}


I expect most folks will skip this post, but if you end up needing this tip leave a comment with what you’re up to -  I’m curious!

Read More

Saturday, February 13, 2010

PowerShell, PowerTab and Certificates

12:39 PM  cyber news  No comments

Powershell is good, but with an awesome tab completer Powershell is great.  Luckily said awesome Tab completer exists, and it is called PowerTab.  Powertab didn't work quite right in the certificate provider (and some other places) so I made some fixes and threw them up on CodePlex. A small demo below:

 powertab_in_cert_completer

Read More

Saturday, February 6, 2010

Better Certificate Management in Powershell via CertificateHelper

8:13 PM  cyber news  No comments

If you’ve read my previous post here, you know powershell can do some basic certificate management via the certificate provider. However, the certificate provider has some limitations. The certificate provider can’t create,delete,copy or import/export certificates.

This annoyed me so I’m creating a powershell module called CertificateHelper that will provide these missing features.

So far the module implements:

  • New-Certificate
  • Remove-Certificate 

CertHelper can be found on codeplex.

You install it like this:

(You must have hg installed)
PS C:\>cd $home\Documents\WindowsPowerShell\Modules 
PS C:\Users\igord\Documents\WindowsPowerShell\Modules> hg clone https://hg01.codeplex.com/certificatehelper 
destination directory: certificatehelper 
requesting all changes 
adding changesets 
adding manifests 
adding file changes 
added 5 changesets with 8 changes to 4 files 
updating to branch default 
4 files updated, 0 files merged, 0 files removed, 0 files unresolved


Once installed, you can make it available in your powershell session like this:



PS C:\> Import-Module CertificateHelper


You can see the implemented commands like this:



PS C:\> dir function:\*-Certificate

CommandType     Name                                                     Definition
-----------     ----                                                     ----------
Function        New-Certificate                                          param([parameter(Mandatory=$true)]...
Function        Remove-Certificate                                       param($certificatePath)...


A walk through of using the module is: 



PS C:\> dir cert:\LocalMachine\My | ? {$_.Subject -like "*Dog*"}
PS C:\> New-Certificate cert:\LocalMachine\My DogFood
Succeeded
PS C:\> dir cert:\LocalMachine\My | ? {$_.Subject -like "*Dog*"}


    Directory: Microsoft.PowerShell.Security\Certificate::LocalMachine\My


Thumbprint                                Subject
----------                                -------
A229E9FF2AA9DC55D06A35D0BBB0D0A98FEAC1A3  CN=DogFood


PS C:\> Remove-Certificate cert:\LocalMachine\My\A229E9FF2AA9DC55D06A35D0BBB0D0A98FEAC1A3
PS C:\> dir cert:\LocalMachine\My | ? {$_.Subject -like "*Dog*"}
PS C:\>


This is a work in progress, so holler if you hit any issues, or want to prioritize the order in which I provide the features.

Read More