Menu
I have a project where I need to send a datafile through a web request. We need to setup Two-way authentication also known as mutual authentication. We are not sure if we need a special cert or not but we know that it needs to be level 3.
I am having trouble finding sample code for this case. I don't know where to add our cert information. With this code a Underlying connection is closed error is thrown when we try to read the response stream and ServicePointManager.ServerCertificateValidationCallback is never called. Here is what I have:
ServicePointManager.ServerCertificateValidationCallback = New Security.RemoteCertificateValidationCallback(AddressOf MyCertValidationCb)
httpReq = CType(System.Net.HttpWebRequest.Create(url), HttpWebRequest)
For Each cert As String In certs
X509cert = X509Certificate2.CreateFromCertFile(cert)
X509cert2 = New X509Certificate2(X509cert)
httpReq.ClientCertificates.Add(X509cert2)
Next
httpReq.Method = "POST" ' Post method
httpReq.ContentType = "text/xml" ' content type
' Wrap the request stream with a text-based writer
writer = New StreamWriter(httpReq.GetRequestStream())
' Write the XML text into the stream
reader = New StreamReader(filename.Name)
ret = reader.ReadToEnd()
reader.Close()
' Send the data to the webserver
writer.WriteLine(ret)
writer.Close()
' Wait for response
Dim httpRsp As System.Net.HttpWebResponse = CType(httpReq.GetResponse(), HttpWebResponse)
sr = New StreamReader(httpRsp.GetResponseStream)
responseText = sr.ReadToEnd
If httpReq IsNot Nothing Then
httpReq.GetRequestStream().Close()
End If
If httpRsp IsNot Nothing Then
httpRsp.GetResponseStream().Close()
End If
Any tips or links to blogs with sample code would be great. Thanks.
868
SSL authentication stands for Secure Sockets Layer and is a protocol for creating a secure connection for user-server interactions. All web interactions involve both a server and a user. Users often enter or have sensitive, personal information on sites that leave people and systems vulnerable.
In Two-Way SSL authentication, the client and server need to authenticate and validate each others identities. The authentication message exchange between client and server is called an SSL handshake, and it includes the following steps: A client requests access to a protected resource.
You don't need a 'special' certificate. Your client needs its own certificate and use it in the connection to tell the server its identity. That is called a Client Certificate. The server should handle this properly.
The following MSDN article talks about how to set your ClientCertificate: http://msdn.microsoft.com/en-us/library/ms732391.aspx?cs-save-lang=1&cs-lang=vb#code-snippet-2
124
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
