Error https communication with WebService
I am having a problem communicating with the webService of the eSocial , my certificate is correct, but it still can not establish a secure connection, it presents the following message:
Error making HTTP request to https://webservices.producaorestrita.esocial.gov.br/servicos/empregador/enviarloteeventos/WsEnviarLoteEventos.svc?wsdl. this may be related to the fact that the server certificate is not correctly configured with HTTP.SYS in the HTTPS case. This may also have been caused by a security Association mismatch between the client and the server.
2 answers
Found the solution. Simply add the security protocol to be used.
Import: using System.Net;
And add the code before the request:
// No caso do eSocial é o Tls11
ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls11;
Glaucus, your question is identical to that question of Gabriel Rech:
Problems in communicating with the webService provided by the government
So I will replicate here the same answer I wrote there, for Gabriel, with a few minor changes.
I believe you have not been able to access the service because the URL you are using is incorrect. When do you add the parameter ?wsdl at the end of the service URL, you you are requesting the WSDL of the eSocial service, which is the contract of the service. That is, Would that URL you posted Be the one you would use to add the reference to the service within Visual Studio, and the same URL without the parameter ?wsdl would be the one you would use to access the service in fact.
So to access the service, the URL must be this:
Also, according to the eSocial developer Guidance Manual v1.6. 3, page 83, item '7.9. Digital certification', it is also necessary to install on the machine that will access the service to chain of certificates issued on 06/02/2017 by Serpro, which are 3 certificates that can be obtained at this address:
Https://certificados.serpro.gov.br/serproacf/certificate-chain
According to item 02.03 from the eSocial Portal FAQ page, certificates must be installed in the order that they are arranged on that Serpro page, and:
the Brazilian Root Certificate Authority v5 must be installed in the root AC repository. The SERPRO V4 Certificate Authority and SERPRO Final V5 Certificate Authority must be installed in the intermediate AC repository.
Remembering that it is also necessary to have installed on the computer that will access the web service a valid digital certificate (A1 or A3, e-CNPJ or e-CPF), which must be used to access the service. A tip: When I started testing with eSocial, I spent almost a week banging my head to get the first access, when I finally discovered that in my case (E-CNPJ A1) it was necessary to select the option mark this key as exportable (Mark this key as exportable) and install my certificate in the repository ( store) personnel (Personal ), from current user (current user ).
Regarding the code used to access the service, you must configure the service's binding (I used BasicHttpBinding or BasicHttpsBinding) to use SecurityMode = Transport (for HTTPS) and ClientCredentialType = Certificate (to specify a certificate), something like this:
var urlServicoEnvio = @"https://webservices.producaorestrita.esocial.gov.br/servicos/empregador/enviarloteeventos/WsEnviarLoteEventos.svc";
var address = new EndpointAddress(urlServicoEnvio);
var binding = new BasicHttpsBinding(); //Disponível desde .NET Framework 4.5
// ou:
//var binding = new BasicHttpBinding(BasicHttpsSecurityMode.Transport);
binding.Security.Transport.ClientCredentialType = HttpClientCredentialType.Certificate;
var wsClient = new WsEnviar.ServicoEnviarLoteEventosClient(binding, address);
wsClient.ClientCredentials.ClientCertificate.Certificate = x509Cert;
var retornoEnvioXElement = wsClient.EnviarLoteEventos(loteEventosXDoc.Root);
wsClient.Close();
If you do so, there is no need to report the protocol as being TLS 1.1 (I also tried that way at the time that I was not able to access the service and then saw that it was not necessary, but, if I am not mistaken, I had come to the conclusion that the required protocol was TLS 1.2, rather than
As for the Class WsEnviar.ServicoEnviarLoteEventosClient used in the code, it was created by Visual Studio by adding a Service Reference , using a URL similar to the one you tried to use to access the service (with the difference that I used the parameter?singleWsdl instead of ?wsdl):
In VS it is also possible to add a reference to the service directly using the file Wsendloteevents-v1_1_0.wsdl available in the Esocial communication package (latest version 1.4.1), which is on the technical documentation page of the Esocial Portal.
This tool, add service Reference from VS, will create a client class to consume the web service, in the case of example WsEnviar.ServicoEnviarLoteEventosClient, which inherits the class System.ServiceModel.ClientBase .
You can also use the command line tool svcutil.exe , which will similarly create a client class inheriting the System class.ServiceModel.ClientBase . Alternatively you can also use the command line tool wsdl.exe, older, for services from the time of .NET Framework 2, based on ASMX, which will also create a client class, but this time inheriting the class System .Web.Services.Protocols.SoapHttpClientProtocol . But in this case the code to consume the service would be a little different.
Following all these steps, the access to the esocial web service should work.