We've recently been looking into helping our customers implement two factor authentication with client certificates.
This was going very well, until writing the help to consume our ASP.NET soap web services with a client certificate.
Here's the problem... It seems that the New-WebServiceProxy cmdlet does not support passing client certificates when it generates the compiled WSDL.
The following error is returned
This limitation is confusing because the following command would help, however the cmdlet requires that a connection is immediately made, which is then too late to add the certificate
This is somewhat annoying given that the Invoke-WebRequest cmdlet does have client cetificate functionality built in
Workaround
The only workaround we've managed to find is to save the WSDL from the web service in a web browser and manually add the certificate
This was going very well, until writing the help to consume our ASP.NET soap web services with a client certificate.
Here's the problem... It seems that the New-WebServiceProxy cmdlet does not support passing client certificates when it generates the compiled WSDL.
$uri="https://centrel-ws02/xiaconfiguration/webservice/xiaconfiguration.asmx"
$proxy=New-WebServiceProxy$uri-UseDefaultCredential
The following error is returned
New-WebServiceProxy : The request failed with HTTP status 403: Forbidden.
This limitation is confusing because the following command would help, however the cmdlet requires that a connection is immediately made, which is then too late to add the certificate
$proxy.ClientCertificates.Add($certificate)
This is somewhat annoying given that the Invoke-WebRequest cmdlet does have client cetificate functionality built in
$reqest=Invoke-WebRequest-Uri$uri-UseDefaultCredentials-CertificateThumbprint"FD68506860158BA2B878E0322094E5A6092EDDE6"
Workaround
The only workaround we've managed to find is to save the WSDL from the web service in a web browser and manually add the certificate
$proxy=New-WebServiceProxy"file://c:\temp\my.wsdl"
$certificate=Get-ChildItemCert:\CurrentUser\My\FD68506860158BA2B878E0322094E5A6092EDDE6
$proxy.ClientCertificates.Add($certificate)
Write-Host$proxy.SomeMethod()