Test the BWS accessibility with PowerShell
The BWS client certificate can be tested with a simple command line request in Windows Powershell. The commandlet Invoke-WebRequest allows to send a POST request to the web service endpoint via HTTPS. You may need to install the Windows Management Framework 3.0 if you have an older Version of the Windows Power Shell to use Invoke-WebRequest. You can check if the commandlet is already installed with the command get-command Invoke-Webrequest.
Preparation
First install the certificate on your development workstation. You can check if the certificate is installed with following command using the thumbprint of the certificate:
PS C:\>get-childitem Cert:\CurrentUser\My\EC3D92ED490C41C1Y60CF20B0EC3C465313E192F Directory: Microsoft.PowerShell.Security\Certificate::CurrentUser\My Thumbprint Subject ---------- ------- EC3D92ED490C41C1Y60CF20E0BC3C465313E192F CN=BWS Trial Cert, O=BioID GmbH, S=Bavaria, C=DE
Next you have to prepare a SOAP envelope filestatus.xml
to POST to the BioID Web Service. This is a simple ASCII text file with the following content:
<?xml version="1.0" encoding="utf-8" ?> <soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema"> <soap:Body> <Status xmlns="http://www.bioid.com/2011/12/bws"> <Status /> </Status> </soap:Body> </soap:Envelope>
Accessing the BioID Web Service
Now you can invoke the SOAP request with the envelope file.
Invoke-WebRequest -Uri https://bws.bioid.com/BioIDWebService.svc ` -CertificateThumbprint EC3D92ED490C41C1Y60CF20E0BC3C465313E192F ` -Method Post -ContentType "text/xml" ` -Headers @{SOAPAction="http://www.bioid.com/2011/12/bws/IBioIDWebService/Status"} ` -InFile status.xml
If the parameter -OutFile is used (e.g.-OutFile foo.xml) then the output will be saved as a XML file.OutputIf everything worked well you'll get an output similar to
StatusCode : 200 StatusDescription : OK Content : <s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/"><s:Body><StatusResponse xmlns="http://www.bioid.com/2011/12/bws"><StatusResult>true</StatusResult><status><?xml version="1.0" encodin... RawContent : HTTP/1.1 200 OK Content-Length: 917 Content-Type: text/xml; charset=utf-8 Date: Tue, 13 Nov 2012 09:05:37 GMT Server: Microsoft-IIS/7.5 X-Powered-By: ASP.NET <s:Envelope xmlns:s="http://schema... Forms : {} Headers : {[Content-Length, 917], [Content-Type, text/xml; charset=utf-8], [Date, Tue, 13 Nov 2012 09:05:37 GMT], [Server, Microsoft-IIS/7.5]...} Images : {} InputFields : {} Links : {} ParsedHtml : mshtml.HTMLDocumentClass RawContentLength : 917
If the certificate with the thumbprint used in the request is not installed on the local Workstation then the output will be similar to
Invoke-WebRequest : Unable to retrieve certificates because the thumbprint is not valid. Verify the thumbprint and retry.
The certificate is a valid client certificate but not registered at the BioID Web Service:
Invoke-WebRequest : <s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/"><s:Body><s:Fault><faultcode>s:Client</faultcode><faultstring xml:lang="en-US">Access to the requested service operation has been denied.</faultstring><detail><BioIDWebServiceFault xmlns="http://schemas.bioid.com/2011/12/bws" xmlns:i="http://www.w3.org/2001/XMLSchema-instance"><Code>AccessDenied</Code><Message>The client does not have the necessary claims assigned to access the requested resources.</Message></BioIDWebServiceFault></detail></s:Fault></s:Body></s:Envelope>
The client certificate is invalid, e.g. expired:
Invoke-WebRequest : Server Error 403 - Forbidden: Access is denied. You do not have permission to view this directory or page using the credentials that you supplied.