Appendix B. Microsoft .NET Web services 507
Configuring the .NET Web service to require SSL connections
1. From the IIS console, expand the Default Web Site (or the name of the Web
page where your .NET Web service virtual directory is located), right-click
ManufacturerB and select Properties.
2. Click the Directory Security tab and select Edit in the Secure
communications area.
3. Inside the Secure communications dialog box, put a check-mark in the box
labeled Require secure channel (SSL). Accept all other defaults and click
OK.
4. Finally, click OK to close the Properties window.
We have completed the steps necessary to require SSL communication between
the Web server running the .NET Web service and any incoming requestors. The
final steps in completing SSL configuration involve importing the Web server
certificate into a key database that a client can reference when attempting
connections to the secure source.
B.3.2 Importing the SSL certificate into a key database
We must now export the certificate installed onto the Microsoft Web server and
then import it into a key database that can be utilized by a client when sending
messages to that Web server.
Attention: Though, in theory, we could enable the Web server to require SSL
connections for the entire Web page in which the .NET client virtual directory
is located, for the sake of this exercise, we configure the server to require SSL
connections for only the .NET client, and not other resources located inside of
this Web page.
In proper business scenarios, however, best practice would most likely
mandate securing all resources on the Web server. This follows the exact
instructions described here, with the exception that you select the entire Web
page in the first step, instead of just one resource inside of it.
508 Patterns: Extended Enterprise SOA and Web Services
Export the Microsoft .NET Web server certificate to a file
First, we must export the certificate from the Web server’s certificate store so that
it can then be imported into a key database.
1. Click Start → Programs → Administrative Tools → Internet Services
Manager in order to load the IIS console.
2. Navigate to the Web page where the ManufacturerB virtual directory exists. If
you followed prior instructions, this would be in the Default Web Site virtual
root.
3. Right-click Default Web Site and select Properties.
4. Click the Directory Security tab and click View Certificate.
5. Click the Details tab and click Copy to file.
6. Click Next to bypass the welcome dialog box to the Certificate Export Wizard.
7. Choose Yes, export the private key and click Next.
Attention: Provided with the sample code for this Redbook is a key database
file that the runtime scenarios reference when sending SSL-secured
messages to Manufacturer A, B, and C. Therefore, the database (saved as a
.kdb file) contains the certificates required to connect to ManufacturerA,
ManufacturerB, and ManufacturerC
If you have implemented the runtime scenarios in this book and followed the
instructions for creating a .NET Web service in this Appendix, you can use that
key database to complete SSL-enablement, effectively nullifying your need to
complete the following steps.
However, if you are implementing this .NET Web service independent of the
runtime scenarios in this book, then these instructions must be followed to
allow clients to access the Web service.
Tip: If your Microsoft .NET Web service is received requests directly from a
Web browser, then these steps are not necessary because the Web browser
will automatically prompt you to accept the certificate directly from the Web
server. However, if this Microsoft .NET Web service is being sent requests
from a Web service client, then the certificates must be imported into a key
database that the client can use because the user will never be prompted to
accept the certificates for the client’s sake.
Get Patterns: Extended Enterprise SOA and Web Services now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
