Certificate authentication on secure channel

[ChillyGonzales]

Hello,

I am running authentication tests using the .NET demo server and the Getting started client available in the Unified Automation package.
With the client I can successfully:
- Authenticate on a secure channel (signed messages) with username and password (credentials of the demo server)
- Authentication on unsecure channel with a certificate that has been previously added to the server trust list.

However I am not able to authenticate with a certificate and with security turned on at the same time. I only use a .pfx file and not the certificate store.

I always get the "Key not valid for use in specified state" error (see below).



Am I missing something or is this a feature not supported by the demo server ?

Thank you,

--
Sergueï

[Support Team]

Hello,

There is bug in the example code.
Please replace the lines

Code: Select all

fs = System.IO.File.OpenRead(X509_Certificate.Text);
byte[] bytes = new byte[fs.Length];
fs.Read(bytes, 0, Convert.ToInt32(fs.Length));

// Add the certificate to the user identity.
m_session.UserIdentity.Certificate = SecurityUtils.LoadCertificate(bytes);

// Set the UserIdentityType.
m_session.UserIdentity.IdentityType = UserIdentityType.Certificate;

by

Code: Select all

// Add the certificate to the user identity.
m_session.UserIdentity.Certificate = Certificate.LoadPrivateKey(X509_Certificate.Text, null);

// Set the UserIdentityType.
m_session.UserIdentity.IdentityType = UserIdentityType.Certificate;

[ChillyGonzales]

Works perfectly.
Thank you !

[Poledog]

I tried the solution above but I cannot get it to work.
Get error "The current endpoint does not support the specified user identity token."

Certificate authentication on secure channel is really puzzling me.