Social Icons

twitter google plus linkedin rss feed

Pages

4.1.12

Configuring Silverlight and Web Services with SSL and Self Signed Certificates

I had a SharePoint server working perfectly or at least as well as it works in HTTP, but suddenly I felt the urge to make it HTTPS. I extended the web application etc., and I was able to access everywhere, but Oh surprise!, my silverlights were not working.

I changed the <security mode="Transport" /> in the ServiceReferences.ClientConfig but I was always getting the infamous:
An error occurred while trying to make a request to URI 'https://MyURL/_vti_bin/Service.asmx'. This could be due to attempting to access a service in a cross-domain way without a proper cross-domain policy in place, or a policy that is unsuitable for SOAP services. You may need to contact the owner of the service to publish a cross-domain policy file and to ensure it allows SOAP-related HTTP headers to be sent. This error may also be caused by using internal types in the web service proxy without using the InternalsVisibleToAttribute attribute.
There were a couple things to fix here.

The first thing is to add a proper self signed certificate to your site.
C:\Program Files\Microsoft SDKs\Windows\v7.1>MakeCert.exe -r -pe -n "CN=MyURL" -sky exchange -ss my
The MyURL is very important. You can’t use any self signed certificate, you should use one that suits the URL of your site.
The certificate is stored in your personal certificates, so to export it you should execute MMC.exe, and there:
File –> Add/Remove Snap-In –> Certificates –> My user account –> Finish –> OK
Then you will be able to see your certificates. The one you just created is going to be at:
Certificates – Current User –> Personal –> Certificates –> MyURL
There you should do:
Right Click –> All Tasks –> Export
And there make sure you export the private key with the certificate. This will give you as a result a .pfx file.

Now we can go to the server we want to make SSL, if we were not there yet, and copy the .pfx file somewhere we are going to remember later.

Then we open the IIS Manager select the Home node and then click in the Server Certificates image.

On the right column you should click Import and then select the .pfx file you just created. After the import you should be able to see the new certificate on the Server Certificates list.

Then we will click on the 443 site collection node (Mine is called SharePoint – 443) there, again in the right column, select Bindings. Select Https (add a new one if you don’t have it) and click edit. On the SSL Certificate drop down list select the new certificate you just uploaded.

Well, we have done de hard part, now everything is easier.

Now we’ll add the crossdomain.xml and the clientaccesspolicy.xml files to both the 80 and the 443 folders. (c:\inetpub\…\443)
The content of this files is:

crossdomain.xml
<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
  <allow-access-from domain="*"/>
  <allow-http-request-headers-from domain="*" headers="SOAPAction"/>
</cross-domain-policy>

clientaccesspolicy.xml
<?xml version="1.0" encoding="utf-8"?>
<access-policy>
  <cross-domain-access>
    <policy>
      <allow-from http-request-headers="SOAPAction">
        <domain uri="http://*"/>
        <domain uri="https://*"/>
      </allow-from>
      <grant-to>
        <resource path="/" include-subpaths="true"/>
      </grant-to>
    </policy>
  </cross-domain-access>
</access-policy>

And now the even easier part. Configuring the browser.
We should navigate to https://MyURL and you will see something like this:
image

There you should continue to that web page (is recommended). And after that you’ll see URL bar turn red. Good.
Click on the Certificate Error button and then in the View certificates link:
image

After that click on:
Install Certificate… –> Next –> image & Next –> Finish –> Yes –> Ok.
Now close the browser and access again to your https://myurl. Now you should see the URL bar in white and the Lock Icon besides:
image

We are doing well. Now we’ll delete the cookies and everything else, why not?:
image

For the finishing touches we will reset the IIS and jump three times on one foot.

Now you should finally be able to connect to your SSL web services and to debug them from the Visual Studio.