Test the BWS accessibility with PowerShell

event_note October 21, 2012

The BWS client certificate can be tested with a simple command line request in Windows Powershell. The commandlet Invoke-WebRequest allows to send a POST request to the web service endpoint via HTTPS. You may need to install the Windows Management Framework 3.0 if you have an older Version of the Windows Power Shell to use Invoke-WebRequest. You can check if the commandlet is already installed with the command get-command Invoke-Webrequest.

Preparation

First install the certificate on your development workstation. You can check if the certificate is installed with following command using the thumbprint of the certificate:

PS C:\>get-childitem Cert:\CurrentUser\My\EC3D92ED490C41C1Y60CF20B0EC3C465313E192F
 
    Directory: Microsoft.PowerShell.Security\Certificate::CurrentUser\My
 
 
Thumbprint                                Subject
----------                                -------
EC3D92ED490C41C1Y60CF20E0BC3C465313E192F  CN=BWS Trial Cert, O=BioID GmbH, S=Bavaria, C=DE

Next you have to prepare a SOAP envelope filestatus.xml

to POST to the BioID Web Service. This is a simple ASCII text file with the following content:

status.xml
<?xml version="1.0" encoding="utf-8" ?>
<soap:Envelope  xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
 <soap:Body>
   <Status xmlns="http://www.bioid.com/2011/12/bws">
        <Status />
  </Status>
</soap:Body>
</soap:Envelope>


Accessing the BioID Web Service

Now you can invoke the SOAP request with the envelope file.

Invoke-WebRequest -Uri https://bws.bioid.com/BioIDWebService.svc `
 -CertificateThumbprint EC3D92ED490C41C1Y60CF20E0BC3C465313E192F `
 -Method Post -ContentType "text/xml" `
 -Headers @{SOAPAction="http://www.bioid.com/2011/12/bws/IBioIDWebService/Status"} `
 -InFile status.xml

If the parameter -OutFile is used (e.g.-OutFile foo.xml) then the output will be saved as a XML file.OutputIf everything worked well you'll get an output similar to

StatusCode        : 200
StatusDescription : OK
Content           : <s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/"><s:Body><StatusResponse
                    xmlns="http://www.bioid.com/2011/12/bws"><StatusResult>true</StatusResult><status><?xml
                    version="1.0" encodin...
RawContent        : HTTP/1.1 200 OK
                    Content-Length: 917
                    Content-Type: text/xml; charset=utf-8
                    Date: Tue, 13 Nov 2012 09:05:37 GMT
                    Server: Microsoft-IIS/7.5
                    X-Powered-By: ASP.NET

                    <s:Envelope xmlns:s="http://schema...
Forms             : {}
Headers           : {[Content-Length, 917], [Content-Type, text/xml; charset=utf-8], [Date, Tue, 13 Nov 2012 09:05:37
                    GMT], [Server, Microsoft-IIS/7.5]...}
Images            : {}
InputFields       : {}
Links             : {}
ParsedHtml        : mshtml.HTMLDocumentClass
RawContentLength  : 917


If the certificate with the thumbprint used in the request is not installed on the local Workstation then the output will be similar to

Invoke-WebRequest : Unable to retrieve certificates because the thumbprint is not valid. Verify the thumbprint and
retry.

The certificate is a valid client certificate but not registered at the BioID Web Service:

Invoke-WebRequest : <s:Envelope
xmlns:s="http://schemas.xmlsoap.org/soap/envelope/"><s:Body><s:Fault><faultcode>s:Client</faultcode><faultstring
xml:lang="en-US">Access to the requested service operation has been denied.</faultstring><detail><BioIDWebServiceFault
xmlns="http://schemas.bioid.com/2011/12/bws"
xmlns:i="http://www.w3.org/2001/XMLSchema-instance"><Code>AccessDenied</Code><Message>The client does not have the
necessary claims assigned to access the requested
resources.</Message></BioIDWebServiceFault></detail></s:Fault></s:Body></s:Envelope>

The client certificate is invalid, e.g. expired:

Invoke-WebRequest : Server Error
403 - Forbidden: Access is denied.
You do not have permission to view this directory or page using the credentials that you supplied.