469,575 Members | 1,327 Online
Bytes | Developer Community
New Post

Home Posts Topics Members FAQ

Post your question to a community of 469,575 developers. It's quick & easy.

Problem establishing SSL connection in code-behind

Sorry for the cross-post. I do have this posted in the aspnet security
group. I notice there are a lot of "persecution" spams over there and
I am afraid my post will be innundated. So, here it is.

In my web application, I need to establish an SSL connection to a
remote web site and authenticate a user using Integrated Windows
Authentication.

The remote website only allows this authentication method, and it has
only one web page: index.html, which simply says: hola, amigo.

Please note that I can check out that remote website in IE through
HTTPS connection without a problem.

I put together the following code after I did some google search. I
know it scares people away at the sight of a lengthy pasted code. But
the idea is really simple: Simply accept all certificates. That's why
ServerCertificateValidationCallback in my code always return true.

I thought that this logic is correct, but when I debug it, the VS2005
shows that the Exception message (ex.Message) says:

The remote server returned an error: (401) Unauthorized

The really simple and easy-to-read code is as follows. Please share a
little wisdom of yours. Thanks.

using System;
using System.Data;
using System.Data.SqlClient;
using System.DirectoryServices;
using System.Configuration;
using System.Collections;
using System.Collections.Generic;
using System.Security.Cryptography.X509Certificates;
using System.Net;
using System.IO;
using System.Web;
using System.Web.Security;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Web.UI.WebControls.WebParts;
using System.Web.UI.HtmlControls;

public partial class Login : System.Web.UI.Page
{
protected void Page_Load(object sender, EventArgs e)
{
// Do nothing.
}

protected void btnLogin_Click(object s, EventArgs e)
{
string userName = txtUserName.Text.Trim().ToLower();
string password = txtPassword.Text.Trim().ToLower();
string domain = "mydomain.com";
NetworkCredential userCredential = new
NetworkCredential(userName, password, domain);
string myUri = "https://somehost:8443/index.html"
bool isAuthenticated = GetSecureSocketStream(myUri,
userCredential);

if (isAuthenticated)
{
lblMessage.Text = "You are authenticated.";
return;
}
else
{
lblMessage.Text = "Authentication failed. Please try
again.";
return;
}
}

protected bool GetSecureSocketStream(string uri,
NetworkCredential userCredential)
{
ServicePointManager.ServerCertificateValidationCal lback +=
delegate
(object s, X509Certificate cert, X509Chain chain,
System.Net.Security.SslPolicyErrors errors)
{ return true; };
HttpWebRequest myRequest = null;
HttpWebResponse myResponse = null;
Stream answer = null;
StreamReader streamReader = null;
bool isAuthenticated = false;
string remoteMessage = "";

try
{
myRequest = (HttpWebRequest)WebRequest.Create(uri);
myRequest.Method = "GET";
string postData = "";
myRequest.ContentLength = postData.Length;
myRequest.Credentials = userCredential;
myResponse = (HttpWebResponse)myRequest.GetResponse();
answer = myResponse.GetResponseStream();
streamReader = new StreamReader(answer);
remoteMessage = streamReader.ReadToEnd();

if (remoteMessage.ToLower().Contains("hola, amigo."))
{
isAuthenticated = true;
}
}
catch(Exception ex)
{
Trace.Write(ex.Message);
isAuthenticated = false;
}

return isAuthenticated;
}
}
Jan 2 '08 #1
0 955

This discussion thread is closed

Replies have been disabled for this discussion.

Similar topics

4 posts views Thread by Dave | last post: by
2 posts views Thread by John | last post: by
1 post views Thread by Chris Love | last post: by
1 post views Thread by vgonepudi | last post: by
reply views Thread by Rafa | last post: by
1 post views Thread by Vikram S | last post: by
4 posts views Thread by guiromero | last post: by
By using this site, you agree to our Privacy Policy and Terms of Use.