Part 4 – Send the request to the Certification Authority

To secure your website you can use SSL and certificates. In this post I will explain in detail how to setup your site to use a certificate, including the details of installing your own Certification Authority. Finally I will show you some C# code to work with certificates.

Part 1 will show you how to install the Certificate Authority on a Windows 2003 machine, part 2 is about creating a new website,
part 3 shows how to request a webserver certificate,
part 4 shows you how to send the request to the Certification Authority,
part 5 shows you how the CA processes the request,
part 6 shows you how to download and install the certificate on the website,
part 7 shows you how to create a virtual folder.
Part 8 shows you how to test ths site together with some coding examples in C#.

	Go to the inetmgr; right click the CertSrv virtual folder below the Default Website and choose Browse.
	Click Request a certificate
	Click advanced certificate request
	Click Submit a certificate request by…
	Open the certnew.cer in C:\ (with notepad),  select all text and copy it to the clipboard.
	Past it into the textbox below saved request. Click Submit
	The certificate request is now pending. It is not processed immediately because we have a “Standalone root CA”; there is no AD integration so a CA Administrator has to verify the certificate request manually.

Part 3 – Request a webserver certificate

To secure your website you can use SSL and certificates. In this post I will explain in detail how to setup your site to use a certificate, including the details of installing your own Certification Authority. Finally I will show you some C# code to work with certificates.

Part 1 will show you how to install the Certificate Authority on a Windows 2003 machine, part 2 is about creating a new website,
part 3 shows how to request a webserver certificate,
part 4 shows you how to send the request to the Certification Authority,
part 5 shows you how the CA processes the request,
part 6 shows you how to download and install the certificate on the website,
part 7 shows you how to create a virtual folder.
Part 8 shows you how to test ths site together with some coding examples in C#.

Follow the steps below to enable SSL on a website. I assume that the website is already created and that it is called SSLWebSite.

	Go to the properties of the website for which to enable SSL; I use SSLWebSite in this post.
	The field for the SSL port is empty; the Default Website uses the (default) 443 port so you have to specify another value; 444 for example.
	Select the Directory Security tab. Click Server Certificate
	Click Next
	Click Next
	Click Next
	Click Next
	Click Next
	Enter your common name. Click Next
	Click Next
	Click Next
	Click Next
	Click Finish

At this point the certificate request is ready. We now have to send this request to a Certification Authority to get an actual certificate. In part 1 of this posts we have installed our own CA so we can send the request to our own CA.

Part 2 – Create IIS Website

To secure your website you can use SSL and certificates. In this post I will explain in detail how to setup your site to use a certificate, including the details of installing your own Certification Authority. Finally I will show you some C# code to work with certificates.

Part 1 will show you how to install the Certificate Authority on a Windows 2003 machine, part 2 is about creating a new website,
part 3 shows how to request a webserver certificate,
part 4 shows you how to send the request to the Certification Authority,
part 5 shows you how the CA processes the request,
part 6 shows you how to download and install the certificate on the website,
part 7 shows you how to create a virtual folder.
Part 8 shows you how to test ths site together with some coding examples in C#.

To create a new Web site in IIS, follow these steps:

	Start the inetmgr; right click Websites; select New; select Web site.
	Click Next
	Click Next
	You probable already have a Default Website running on port 80 so choose port 82 for this new website. Click Next
	As a best practice create the site in its own sub directory.
	Check Run scripts (such as ASP)
	Click Finish

Part 1 – Installing a Certificate Authority (CA)

To secure your website you can use SSL and certificates. In this post I will explain in detail how to setup your site to use a certificate, including the details of installing your own Certification Authority. Finally I will show you some C# code to work with certificates.

Part 1 will show you how to install the Certificate Authority on a Windows 2003 machine, part 2 is about creating a new website,
part 3 shows how to request a webserver certificate,
part 4 shows you how to send the request to the Certification Authority,
part 5 shows you how the CA processes the request,
part 6 shows you how to download and install the certificate on the website,
part 7 shows you how to create a virtual folder.
Part 8 shows you how to test ths site together with some coding examples in C#.

Windows Server 2003 can be used as a Certificate Authority (also known as CA) to provide extended security by offering support for Digital Certificates. Digital Certificates can be used to secure the communication between a webserver and a browser.

In this post I describe how to install a CA.

Caution: when installing this component. After this you CAN NOT rename your server or add it to another domain!
Continue reading →

Notes

Impersonation is the ability of a server application to take on the identity of the client.

As you set out to work with SSL, keep in mind that you cannot use host headers with SSL. With SSL, Hypertext Transfer Protocol (HTTP) requests are encrypted, and the host header name within the encrypted request cannot be used to determine the correct site to which a request must be routed.

Common Security Scenarios

How to: Create Temporary Certificates for Use During Development

SoapUI and WCF Service testing

The web.config that is create when you create a new WCF service application does not work with SoapUI. Retrieving the WSDL will work fine but when you execute a operation on the service the following message will appear:

<s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:a="http://www.w3.org/2005/08/addressing">
   <s:Header>
      <a:Action s:mustUnderstand="1">http://www.w3.org/2005/08/addressing/soap/fault</a:Action>
   </s:Header>
   <s:Body>
      <s:Fault>
         <s:Code>
            <s:Value>s:Sender</s:Value>
            <s:Subcode>
               <s:Value xmlns:a="http://schemas.xmlsoap.org/ws/2005/02/sc">a:BadContextToken</s:Value>
            </s:Subcode>
         </s:Code>
         <s:Reason>
            <s:Text xml:lang="en-US">The message could not be processed. This is most likely because the action 'http://tempuri.org/IService1/EnrollRight' is incorrect or because the message contains an invalid or expired security context token or because there is a mismatch between bindings. The security context token would be invalid if the service aborted the channel due to inactivity. To prevent the service from aborting idle sessions prematurely increase the Receive timeout on the service endpoint's binding.</s:Text>
         </s:Reason>
      </s:Fault>
   </s:Body>
</s:Envelope>

A solution to this problem (at least for testing purposes) is to add a custom wsHttpBinding. Create a new WCF Service application C# project. Delete all text from the web.config and add replace it with the markup below.

<?xml version="1.0"?>
<configuration>
  <system.serviceModel>

    <behaviors>
      <serviceBehaviors>
        <behavior name="Service1Behavior">
          <serviceMetadata httpGetEnabled="true"/>
        </behavior>
      </serviceBehaviors>
    </behaviors>

    <bindings>
      <wsHttpBinding>
        <binding name="wsHttpBindingNoSecurity">
          <security mode="None"/>
        </binding>
      </wsHttpBinding>
    </bindings>

    <services>
      <service name="WcfService1.Service1" behaviorConfiguration="Service1Behavior">
        <endpoint address="" binding="wsHttpBinding" bindingConfiguration="wsHttpBindingNoSecurity" contract="WcfService1.IService1"/>
        <endpoint address="mex" binding="mexHttpBinding" contract="IMetadataExchange"/>
      </service>
    </services>

  </system.serviceModel>

  <system.web>
    <compilation debug="true"/>
  </system.web>

</configuration>

Important to note is that we have a custom wsHttpBinding with the security mode set to “None”. This is necessary for SoapUI to work with this service!

Now you have to create a new SoapUI project. Point it to the ?wsdl for this services and the project is created with a default request for all operations. Open the first request and press the WS-A button (on the bottom of the request editor). Check “Enable WS-A addressing”, “Add default wsa:Action” and “Add default wsa:To”.

Now execute the request and you get a proper response!

Configure crond on your PlayonHD from A.C. Ryan

Two weeks ago I bought a PlayonHD put together by A.C. Ryan. When I bought the box I was not aware of the fact that I bought a little Unix box. It turns out that you can telnet to the box and have a complete Linux system at your hands: it is called BusyBox.
Continue reading →

WCF and MSMQ

First let us understand why MSMQ came in to picture and then rest will follow. Let us take a scenario where your client needs to upload data to a central server. If everything will works fine and the server is available 24 hours to client then there are no issues. In case the server is not available, the clients will fail and the data will not be delivered. There is where MSMQ comes in to picture. It eliminates the need of persistent connection to a server. Therefore, what you do is deploy a MSMQ server and let the clients post message to this MSMQ server. When your actual server runs, it just picks up the message from the queue. In short, neither the client nor the server needs to be up and running on the same time. In WCF we have a client and service model and in real world it is very much practical possible that both the entities will not be available at one time.

In order to use MSMQ you need to install the Message queuing by click on Install windows component and selecting MSMQ queuing. Once that done we are all set to make our sample of MSMQ using WCF. Continue reading →

How to determine which version of SQL Server 2008 is running

To determine which version of Microsoft SQL Server 2008 is running, connect to SQL Server 2008 by using SQL Server Management Studio, and then run the following Transact-SQL statement.

SELECT SERVERPROPERTY('productversion'), SERVERPROPERTY ('productlevel'), SERVERPROPERTY ('edition')

MSBuild notes

To examine what types of values the well-known metadata returns, take a look at the example below:

<Project xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
  <ItemGroup>
    <PrjFile Include="Helloworld.proj" />
  </ItemGroup>
  <Target Name="Well known metadata">
    <Message Text="%40(PrjFile->'%25(Fullpath)'):@(PrjFile->'%(Fullpath)')"/>
    <Message Text="%40(PrjFile->'%25(Rootdir)'):@(PrjFile->'%(Rootdir)')"/>
    <Message Text="%40(PrjFile->'%25(Filename)'):@(PrjFile->'%(Filename)')"/>
    <Message Text="%40(PrjFile->'%25(Extension)'):@(PrjFile->'%(Extension)')"/>
    <Message Text="%40(PrjFile->'%25(RelativeDir)'):@(PrjFile->'%(RelativeDir)')"/>
    <Message Text="%40(PrjFile->'%25(Directory)'):@(PrjFile->'%(Directory)')"/>
    <Message Text="%40(PrjFile->'%25(RecursiveDir)'):@(PrjFile->'%(RecursiveDir)')"/>
    <Message Text="%40(PrjFile->'%25(Identity)'):@(PrjFile->'%(Identity)')"/>
    <Message Text="%40(PrjFile->'%25(ModifiedTime)'):@(PrjFile->'%(ModifiedTime)')"/>
    <Message Text="%40(PrjFile->'%25(CreatedTime)'):@(PrjFile->'%(CreatedTime)')"/>
    <Message Text="%40(PrjFile->'%25(AccessedTime)'):@(PrjFile->'%(AccessedTime)')"/>
  </Target>
</Project>