https communication error with Webservice

Asked

Viewed 3,518 times

0

I have a problem communicating with webservice of eSocial, my certificate is correct, however, still can not establish a secure connection, displays the following message:

Error making HTTP request to https://webservices.producaorestrita.esocial.gov.br/servicos/empregador/enviarloteeventos/WsEnviarLoteEventos.svc?wsdl. This may be related to the fact that the server certificate is not properly configured with HTTP.SYS in the HTTPS case. This may also have been caused by an incompatibility of the security association between the client and the server.

c# esocial

2 answers

3

I found the solution. Just add the security protocol to be used.

Import: using System.Net;

And add code before request:

// No caso do eSocial é o Tls11
ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls11;

0

Glauco, your question is identical to Gabriel Rech’s question:

Communication problems with the government-provided web service

So I’m going to replicate here the same answer that I wrote there to Gabriel with a few minor changes.

I believe you were unable to access the service because the URL you are using is incorrect. When you add the parameter ?wsdl at the end of the service URL, you are requesting the WSDL of the eSocial service, which is the contract service. That is, this URL you posted would be the one you would use to add the reference to the service within Visual Studio, and the same URL without the parameter ?wsdl would be the one you would use to access the actual service.

So, to access the service, the URL must be this:

https://webservices.producaorestrita.esocial.gov.br/servicos/empregador/enviarloteeventos/WsEnviarLoteEventos.svc

In addition, according to eSocial Developer Guidance Manual v1.6.3, page 83, item '7.9. Digital certification', it is also necessary to install on the machine that will access the service to Chain of Certificates issued on 02/06/2017 by Serpro, which are 3 certificates that can be obtained at this address:

https://certificados.serpro.gov.br/serproacf/certificate-chain

According to item 02.03 from the eSocial Portal FAQ page, the certificates must be installed in the order they are displayed on this Serpro page, and:
The Brazilian Root Certification Authority v5 must be installed in the root AC repository. The SERPRO v4 Certification Authority and SERPRO Final v5 Certification Authority shall be installed in the intermediate AC repository.

Remembering that it is also necessary to have installed on the computer that will access the web service a valid digital certificate (A1 or A3, e-CNPJ or e-CPF), which must be used to access the service. A tip: When I started tests with eSocial, I spent almost a week banging my head to get the first access, when I finally discovered that in my case (e-CNPJ A1), it was necessary to select the option Mark this key as exportable (Mark this key as Exportable) and install my certificate in the repository (store) Personal (Personal), of Current User (Current User).

Regarding the code used to access the service, you must configure the Binding service (I used BasicHttpBinding or BasicHttpsBinding) to use Securitymode = Transport (for the HTTPS) and Clientcredentialtype = Certificate (to specify a certificate), more or less so:

 var urlServicoEnvio = @"https://webservices.producaorestrita.esocial.gov.br/servicos/empregador/enviarloteeventos/WsEnviarLoteEventos.svc";
 var address = new EndpointAddress(urlServicoEnvio);
 var binding = new BasicHttpsBinding();  //Disponível desde .NET Framework 4.5
 // ou:
 //var binding = new BasicHttpBinding(BasicHttpsSecurityMode.Transport);
 binding.Security.Transport.ClientCredentialType = HttpClientCredentialType.Certificate;

 var wsClient = new WsEnviar.ServicoEnviarLoteEventosClient(binding, address);
 wsClient.ClientCredentials.ClientCertificate.Certificate = x509Cert;

 var retornoEnvioXElement = wsClient.EnviarLoteEventos(loteEventosXDoc.Root);
 wsClient.Close();

If you do so, there is no need to inform the protocol as TLS 1.1 (I also tried this way at the time that I was unable to access the service and then saw that it was not necessary, but, if I’m not mistaken, I had come to the conclusion that the necessary protocol was TLS 1.2, rather than TLS 1.1).

As for class WsEnviar.ServicoEnviarLoteEventosClient used in the code, it was created by Visual Studio when adding a Service Reference, using a URL similar to the one you tried to use to access the service (with the difference that I used the parameter ?singleWsdl instead of ?wsdl):

https://webservices.producaorestrita.esocial.gov.br/servicos/empregador/enviarloteeventos/WsEnviarLoteEventos.svc?singleWsdl

In VS it is also possible to add a reference to the service directly using the file Wsenviar loteeventos-v1_1_0.wsdl made available on eSocial Communication Package (latest version 1.4.1), which can be found on the eSocial Portal technical documentation page.

That tool, Add Service Reference of VS, will create a client class to consume the web service, in the case of the example WsEnviar.ServicoEnviarLoteEventosClient, who inherits the class System.ServiceModel.Clientbase.

It is also possible to use the command line tool svcutil.exe, which, likewise, will create a client class inheriting the class System.ServiceModel.Clientbase. Alternatively it is also possible to use the command line tool wsdl.exe, older, for services from the time of . NET Framework 2, based on ASMX, which will also create a client class, but this time inheriting the class System.Web.Services.Protocols.Soaphttpclientprotocol. But in that case the code to consume the service would be a little different.

Following all these steps, accessing the eSocial web service should work.

  • This does not answer the question. When you have reputation enough, you’ll be able to leave comments on any post but until then, write only answer that no depend on more information of who asked. - Of Revision

  • Leandro, have you already accessed the eSocial web service? What would answer the question then? Because, if the question is saying that there is an error when accessing the web service, and the URL being used is wrong, if I point to the correct URL, so that the connection to the web service works, I can’t see where my message does not answer the question! And another moderator, Math, directed me to put a link to this other similar question, which I had already answered. What I can is doing so wrong, that everyone is negative my answers here at Stackoverflow?

  • @Pedrogasparlobofx, the question is not to present the relevant content in the body of the answer, if the content is arranged in an external link, as in your answer to the other question. This makes the answer "fragile", because there is no guarantee that this content will be available in the future or that it contains the same information present today. And "There is already a question..." is not an answer but a possible duplicate signaling.

  • Yes, but first that answer wasn’t a link to another answer, I had replicated exactly the same text of the other answer here, which in my view was a possible answer to the original question, and could help other people with the same problem, but, I was negative, and the moderator Math, in that other similar post, said that I had already given an identical answer here and suggested that I put a duplicate link.... That’s what I did, and now you’re telling me that I shouldn’t do this.

  • I closed the other one as a duplicate

  • I gave +1 the answer because I believe it is better formulated now. In the old post, you inserted a comment, not a reply. This made the response with a very low quality. Unfortunately you acquired some negativities in that time. But this answer, as it stands, is of great importance to the OS.

  • 1

    Thank you for the "ear tugs" of yesterday, to all of you, I think you have contributed to me spending time and writing much better answers, in fact!

Show 2 more comments

Browser other questions tagged c# esocial

You are not signed in. Login or sign up in order to post.