Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

.NET client connecting to ssl Web API

Tags:

I have a ASP.NET Web API which I'd like to use with ssl. Currently the server is using a self-signed cert, and at this moment both http and https are allowed. I have a very basic test client which works fine for http, but does not work for https. I'd like to know how to modify the client code below so that it will work with https. Currently IE, Firefox, and Chrome can all connect to the Web API using both http and https (with cert warnings), so this makes me believe that I should not have to modify anything on the server, just in the client code. Here's the client code:

static void Main(string[] args) {     try     {         if (args.Length != 1)         {             Console.WriteLine("Please provide a url, and only a url.");             return;         }          var url = new Uri(args[0]);         var urlAuthority = url.GetLeftPart(UriPartial.Authority);         var urlPathQuery = args[0].Substring(urlAuthority.Length);         HttpClient client = new HttpClient();         client.BaseAddress = new Uri(urlAuthority);         HttpResponseMessage response = client.GetAsync(urlPathQuery).Result;         if (response.IsSuccessStatusCode)             Console.WriteLine(response.Content.ReadAsAsync<string>().Result); // expecting scalar results only         else             Console.WriteLine("{0} ({1})", (int)response.StatusCode, response.ReasonPhrase);     }     catch (Exception ex)     {         Exception tempEx = ex;         while (tempEx != null)         {             Console.WriteLine(tempEx.Message);             tempEx = tempEx.InnerException;         }     } } 

When I run the above code with my http url, it works fine. When I change the url to https the following errors are printed:

One or more errors occurred. An error occurred while sending the request. The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel. The remote certificate is invalid according to the validation procedure. 

One question I have is if the client must manually send a public key to the server so it knows how to send back an encrypted response, or if this happens automatically behind the scenes? And second, now after seeing the last error I'm wondering if I also have to do something else within the client to ignore cert warnings and just trust that this cert is OK to proceed with?

like image 660
TTT Avatar asked Mar 04 '13 16:03

TTT


People also ask

How do I pass a client certificate to Web API?

Click the site node in the tree view. Double-click the SSL Settings feature in the middle pane. Under Client Certificates, select one of these options: Accept: IIS will accept a certificate from the client, but does not require one.

How do I enable SSL for a .NET project in Visual Studio?

Start Visual Studio 2019 and select Create a new project. In the Create a new project dialog, select ASP.NET Web Application (. NET Framework) > Next. In the Configure your new project dialog, enter SSLSample for Project name.


2 Answers

Take a look at the C# Ignore certificate errors SO question. I believe you can add a certificate validation handler using ServicePointManager to circumvent certificate validation. It would probably be a good idea to use a signed certificate within your production environment though.

ServicePointManager     .ServerCertificateValidationCallback +=      (sender, cert, chain, sslPolicyErrors) => true; 
like image 169
Oppositional Avatar answered Oct 20 '22 21:10

Oppositional


This worked for me. Just add the following before the call to GetAsync.

ServicePointManager.ServerCertificateValidationCallback = delegate { return true; }; 

This will ignore the SSL errors. This is only recommended in an intranet environment or other closed network where server identities can't be forged.

like image 45
Rick Arthur Avatar answered Oct 20 '22 20:10

Rick Arthur