Wednesday, April 3, 2013

OData: attach a client certificate through Fiddler when connecting to an OData service

At a customer, we had to use a 3th party OData service. Using OData feeds in .NET is simple, but this one was a little bit harder to use because it was secured using a client certificate.

We first wanted to browse through the OData feed using LinqPad but we couldn’t find a way to configure LinqPad to add the certificate to each request.

Use Fiddler to include a client certificate with each request

We decided to follow a different route and use Fiddler to include the certificate for us. Fiddler is a web debugging proxy that can intercept all the HTTP traffic we are doing on our system.

Here are the steps you need to take:

  • Get the client certificate.
  • If you have a .pfx file including the private key, extract it and install the certificate in your personal certificate store.
  • Download and install Fiddler in case you didn’t have it.
  • Start Fiddler.
  • Go to Tools –> Fiddler Options
  • Go to the HTTPS Tab and check the checkbox next to Decrypt HTTPS traffic.
  • Fiddler will ask you to install a new root certificate, click Yes if asked for confirmation. (Installing this certificate implies a security risk, so remove it after you’re done)
  • Go to the C:\Users\{UserName}\Documents\Fiddler2 folder.
  • Copy the client certificate to this folder and rename it to ClientCertificate.cer
  • That’s it.

If you now try to connect to your OData service, Fiddler will capture the traffic, attach the client certificate and forward the request to the service.

No comments: