Consuming Web Services over SSL in .NET

Security is a general concern with web services because SOAP (request and response) messages are exchanged (between web service and client) in a plain text format. Though with WSE 2.0/3.0 and WCF, it is very much possible to encrypt the sensitive information in the message, it is a commonly accepted practice to use SSL (HTTPS) communication.

To implement SSL on your web service, you need to get and install a certificate issued by a Certificate Authority (CA) on your web server (IIS). Mostly this certificate is used only in production environments. When it comes to development and test environments, a self-signed certificate (test certificate) is being used. You can generate a test certificate using MakeCert.exe tool (included in the .NET Framework SDK) or using (IIS) 6.0 Resource Kit Tools.


When you are accessing the web service through your C# code, you should do the same as what you have done in the browser – Trust the certificate!!. But there is no message window for you to accept it when you are accessing it programmatically. So you just need to simulate the message windows and ask it to trust the certificate.

Here is code to simulate the message window.

Add the following code just before invoking a web service method:

= delegate(Object obj, X509Certificate certificate, X509Chain
chain, SslPolicyErrors errors) {
return (true); };

Update the web.config file and setting the security tag’s mode attribute from None to Transport;

<binding name="WSHttpBinding_IWSHttpService" closeTimeout="00:01:00"
openTimeout="00:01:00" receiveTimeout="00:10:00" sendTimeout="00:01:00"
bypassProxyOnLocal="false" transactionFlow="false" hostNameComparisonMode="StrongWildcard"
maxBufferPoolSize="524288" maxReceivedMessageSize="65536"
messageEncoding="Text" textEncoding="utf-8" useDefaultWebProxy="true"
<readerQuotas maxDepth="32" maxStringContentLength="8192" maxArrayLength="16384"
maxBytesPerRead="4096" maxNameTableCharCount="16384" />
<reliableSession ordered="true" inactivityTimeout="00:10:00"
enabled="false" />
<security mode="Transport">
<transport clientCredentialType="None" proxyCredentialType="None"
realm="" />
<message clientCredentialType="None" negotiateServiceCredential="true"
algorithmSuite="Default" establishSecurityContext="true" />

Problem #2

Sometimes even after implementing Solution , you might get the following error:

Server was unable to process request. ---> Unable to generate a temporary
class (result=1).
error CS2001: Source file 'C:\WINDOWS\TEMP\zezde3bz.0.cs' could not be found
error CS2008: No inputs specified

Root Cause of Problem #2

Two different settings can cause this problem:

  1. ASPNET and IUSR users in your system do not have read/write access to ‘C:\WINDOWS\TEMP\.
  2. Your work station is in a different network domain and its WORKGORUP is different. Trust me on this!! In corporate environments where we work in multiple domains (clients and our employers), it is very much possible that you are logging into the system with your employer domain login credentials and your IP address is in your client domain.

Solution to Problem #2

Needless to say, the solution is straight forward:

  1. The permission problem can be caused by an improper .NET Framework installation. You can re-install the framework or you can just add permissions to ASPNET and IUSR users on ‘C:\WINDOWS\TEMP\.
  2. In the second case, what worked for me is either you should use a local login and your work station is not in any workgroup or your workstation is in the same workgroup as that of its network domain.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s