PHPFixing
  • Privacy Policy
  • TOS
  • Ask Question
  • Contact Us
  • Home
  • PHP
  • Programming
  • SQL Injection
  • Web3.0

Tuesday, November 22, 2022

[FIXED] How to perform SOAP API client call via X509Certificate2 with 2-way mutual authentication in C#

 November 22, 2022     api, c#, soap     No comments   

Issue

I've been handed a project that involves creating a SOAP API call to Lufthansa's myIdTravel API. (Including the Lufthansa company name here in case anyone with specific experience with the Lufthansa API can jump in. All the API information is public knowledge, and I have obfuscated any private info, like "password".)

While I have plenty of ReST API experience using OAuth2, I have no SOAP experience at all, and I am finding the experience quite frustrating.

I was provided, by Lufthansa, a client.pfx file, and the following example SOAP XML body:

<soapenv:Envelope   xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" 
                    xmlns:ser="http://service.login.myidtravel.com" 
                    xmlns:bos="http://bos.login.myidtravel.com" 
                    xmlns:ser1="http://service.wsgateway-v2.myidtravel.lhsystems.com">
   <soapenv:Header/>
   <soapenv:Body>
      <ser:StaffProfilesUploadRequest ac="YY">
         <ser:updateRecord>
            <ser:employee ptc="ZEA" lastname="Test" firstname="emp" middlename="midd" salutation="MR" title="Dr." gender="M" laborGroup="pilot" dob="1990-01-01">
               <bos:employment eID="uploadTest" doj="2000-01-01" />
               <bos:accounting costCenter="123" />
               <bos:contact emailAddress="abc@myidtravel.com" phone1="1234" phone2="23456" mobileNumber="545454"/>
               <bos:entitled-person ptc="ZSP" lastname="test" firstname="entit" middlename="spouse" salutation="MR" dob="1995-01-01" externalPersonID="2" />
               <bos:employment-status startDate="2000-01-01" status="retired"/>
         </ser:employee>
         </ser:updateRecord>
      </ser:StaffProfilesUploadRequest>
   </soapenv:Body>
</soapenv:Envelope>

Through trial and error, I have come up with the following C# code, that is at least contacting the API, but is returning a "500 internal server error". It is also using XML tailored to my specific needs.

HttpWebRequest request = (HttpWebRequest)HttpWebRequest.Create("https://integration.myidtravel.com/services/Gateway_V2");

request.Method = "POST";
request.ContentType = "text/xml;charset=\"utf-8\"";
request.Accept = "text/xml, application/xhtml+xml, */*";

var cert = new X509Certificate2(@"C:\client.pfx", "password");

request.ClientCertificates.Add(cert);

XmlDocument xml = new XmlDocument();

xml.LoadXml(
    @"<soapenv:Envelope xmlns:soapenv='http://schemas.xmlsoap.org/soap/envelope/' xmlns:ser='http://service.login.myidtravel.com' xmlns:bos='http://bos.login.myidtravel.com'>
        <soapenv:Header>
        </soapenv:Header>
        <soapenv:Body>
            <ser:StaffProfilesUploadRequest ac='XX'>
                <ser:updateRecord>
                    <ser:employee ptc='ZEA' lastname='Wallace' firstname='Kirby' middlename='L.' dob='1999-01-01'>
                        <bos:employment eID='123456'/>
                    </ser:employee>
                </ser:updateRecord>
            </ser:StaffProfilesUploadRequest>
        </soapenv:Body>
    </soapenv:Envelope>"
);

using (Stream stream = request.GetRequestStream()) {
    xml.Save(stream);
}

using (StreamReader reader = new StreamReader(request.GetResponse().GetResponseStream())) { // <--- ERROR HERE
    string response = reader.ReadToEnd();
}

By the time the error is thrown on request.GetReponse(), the cert is loaded and appears to be a valid X509 cert. cert.Thumbprint, cert.PrivateKey, cert.PublicKey, cert.NotBefore, and cert.NotAfter (and all other properties) seem to have valid values in them.

But the API is returning 500 Internal Server Error upon .GetResponse().

What steps am I missing, or what else do I need to do?


Solution

In case my unusual situation helps anyone else, let me explain what caused this. I do not know the steps needed to fix it, but I do know what caused it and worked around it.

By looking at the response headers and certificates provided by SoapUI, I discovered that my company is doing something on the network that stripped off my SSL certificate, and substituted an SSL cert of their own. So, my request was arriving at the remote API minus the SSL it was supposed to provide for the Mutual Authentication handshake.

Hope that helps someone else in the future. Especially if you are working behind a company firewall.



Answered By - KWallace
Answer Checked By - Senaida (PHPFixing Volunteer)
  • Share This:  
  •  Facebook
  •  Twitter
  •  Stumble
  •  Digg
Newer Post Older Post Home

0 Comments:

Post a Comment

Note: Only a member of this blog may post a comment.

Total Pageviews

Featured Post

Why Learn PHP Programming

Why Learn PHP Programming A widely-used open source scripting language PHP is one of the most popular programming languages in the world. It...

Subscribe To

Posts
Atom
Posts
Comments
Atom
Comments

Copyright © PHPFixing