HttpWebRequest and client certs?

EMonaco

Is there any way to programmaticall y select a particular client certificate
and associate it with an HttpWebRequest instance? I know using WinINet this
was possible.
Erin.

Nov 15 '05 #1

Subscribe Reply

12933

Trebek

Erin,

Sure.

System.Security .Cryptography.X 509Certificates .X509Certificat e cert =

System.Security .Cryptography.X 509Certificates .X509Certificat e.CreateFromCer t
File(@certPath) ;
ServicePointMan ager.Certificat ePolicy = new CertPolicy();
HttpWebRequest tuReq = (HttpWebRequest )WebRequest.Cre ate(addr + "?" + TU);
tuReq.ClientCer tificates.Add(c ert);

tuReq.ContentTy pe = "applicatio n/x-www-form-urlencoded";

tuReq.Method = "GET";

Make sure you have a class (either your class or another) that implements
ICertificatePol icy or your app will hang because of the untrusted cert
issue.

EX:

class CertPolicy: ICertificatePol icy

{

public bool CheckValidation Result(ServiceP oint srvPoint, X509Certificate
certificate,

WebRequest request, int certificateProb lem)

{

return true;

}

}

Alex

"EMonaco" <er********@nos pam.net> wrote in message
news:Oo******** ******@tk2msftn gp13.phx.gbl...

Is there any way to programmaticall y select a particular client certificate and associate it with an HttpWebRequest instance? I know using WinINet this was possible.
Erin.

Nov 15 '05 #2

EMonaco

Trebek,

Thanks, was able to dig up an ASP.NET example code and came up with

httpreq = (HttpWebRequest ) HttpWebRequest. Create(this.tbU RL.Text);

httpreq.Method = sMethod;
// Has a client certificate file been given?

if(this.tbCERTP ATH.Text.Length >0)

{

try

{

httpreq.ClientC ertificates.Add (System.Securit y.Cryptography. X509Certificate s
..X509Certifica te.CreateFromCe rtFile(this.tbC ERTPATH.Text));

}

catch(System.Ex ception pe)

{

System.Diagnost ics.Debug.Write Line(pe.ToStrin g());

}

}

I assume I need an implemented ICertificatePol icy if the server certificate
is not trusted on the given client?

Erin.

"Trebek" <tr****@inthefo rmofaquestion.c om> wrote in message
news:3f******** *************** @nnrp.fuse.net. ..

Erin,

Sure.

System.Security .Cryptography.X 509Certificates .X509Certificat e cert =

System.Security .Cryptography.X 509Certificates .X509Certificat e.CreateFromCer t File(@certPath) ;
ServicePointMan ager.Certificat ePolicy = new CertPolicy();
HttpWebRequest tuReq = (HttpWebRequest )WebRequest.Cre ate(addr + "?" + TU);
tuReq.ClientCer tificates.Add(c ert);

tuReq.ContentTy pe = "applicatio n/x-www-form-urlencoded";

tuReq.Method = "GET";

Make sure you have a class (either your class or another) that implements
ICertificatePol icy or your app will hang because of the untrusted cert
issue.

EX:

class CertPolicy: ICertificatePol icy

{

public bool CheckValidation Result(ServiceP oint srvPoint, X509Certificate
certificate,

WebRequest request, int certificateProb lem)

{

return true;

}

}

Alex

"EMonaco" <er********@nos pam.net> wrote in message
news:Oo******** ******@tk2msftn gp13.phx.gbl...
Is there any way to programmaticall y select a particular client

certificate
and associate it with an HttpWebRequest instance? I know using WinINet

this
was possible.
Erin.

Nov 15 '05 #3

Trebek

Yes, even if the client IS trusted, I suggest doing it because the in the
early releases (Beta and maybe 1.0 - can't remember), this was buggy and
never really worked as intended.

Alex

"EMonaco" <er********@nos pam.net> wrote in message
news:%2******** *******@TK2MSFT NGP10.phx.gbl.. .

Trebek,

Thanks, was able to dig up an ASP.NET example code and came up with

httpreq = (HttpWebRequest ) HttpWebRequest. Create(this.tbU RL.Text);

httpreq.Method = sMethod;
// Has a client certificate file been given?

if(this.tbCERTP ATH.Text.Length >0)

{

try

{

httpreq.ClientC ertificates.Add (System.Securit y.Cryptography. X509Certificate s .X509Certificat e.CreateFromCer tFile(this.tbCE RTPATH.Text));

}

catch(System.Ex ception pe)

{

System.Diagnost ics.Debug.Write Line(pe.ToStrin g());

}

}

I assume I need an implemented ICertificatePol icy if the server certificate is not trusted on the given client?

Erin.

"Trebek" <tr****@inthefo rmofaquestion.c om> wrote in message
news:3f******** *************** @nnrp.fuse.net. ..
Erin,

Sure.

System.Security .Cryptography.X 509Certificates .X509Certificat e cert =

System.Security .Cryptography.X 509Certificates .X509Certificat e.CreateFromCer t

File(@certPath) ;
ServicePointMan ager.Certificat ePolicy = new CertPolicy();
HttpWebRequest tuReq = (HttpWebRequest )WebRequest.Cre ate(addr + "?" + TU);

tuReq.ClientCer tificates.Add(c ert);

tuReq.ContentTy pe = "applicatio n/x-www-form-urlencoded";

tuReq.Method = "GET";

Make sure you have a class (either your class or another) that implements ICertificatePol icy or your app will hang because of the untrusted cert
issue.

EX:

class CertPolicy: ICertificatePol icy

{

public bool CheckValidation Result(ServiceP oint srvPoint, X509Certificate
certificate,

WebRequest request, int certificateProb lem)

{

return true;

}

}

Alex

"EMonaco" <er********@nos pam.net> wrote in message
news:Oo******** ******@tk2msftn gp13.phx.gbl...
Is there any way to programmaticall y select a particular client

certificate
and associate it with an HttpWebRequest instance? I know using WinINet

this
was possible.
Erin.

Nov 15 '05 #4

Similar topics

1837

[slightly OT] PHP/SSL - client certs how to distribute ?

by: Richard Shea | last post by:

Hi - Hoped someone who's done this could provide some pointers. I'm interested in developing a script which would make use of openssl_x509_read to read a certificate presented in the HTTP headers when accessing an SSL page. But here's the question ... what are ways of distributing certificates to the clients ? Imagine I have 3 customers in total but when foo.php is requested I only want 2 of them to see a full response. I could go...

PHP

11063

Slow HttpWebRequest using https

by: Soeren S. Joergensen | last post by:

Hi, From a win-service I do a HttpWebRequest to a secure url with some parameters to get some simple data from a remote system used later on in a worker thread. When making the request from my code it takes about 10-12 secs to complete, but doing same request in my browser takes less than 1 sec. Can anyone explain this delay from within my code ??

C# / C Sharp

2816

ASPNET To Web Service using SSL w/Client Certs

by: Tim Burris | last post by:

At the top here i will put a quick description of my problem followed by the long description. This way you want get bored reading! : short version what is the best/recommended way for ASPNET apps to call web services that REQUIRE Client Certificates via SSL long version our company has new requirements, all servers must REQUIRE SSL and Server/client certificates i have setup a test Win2003 server to issue certs so i have a full test...

ASP.NET

11048

HttpWebRequest & HttpWebResponse Cookies

by: Cheung, Jeffrey Jing-Yen | last post by:

I have a windows form application that generates a request, downloads an image, and waits the user to enter in login info. Unfortunately, this image is dynamic and based on session data. I have read documents on the CookieCollection property of HttpWebRequest. Currently, I have the functionality in my code to be able to accept cookies, and return them upon a new HttpWebRequest; however, upon further inspection of the returning...

Visual Basic .NET

4916

HTTP Post and HttpWebRequest object

by: JansenH | last post by:

We have implemented a 'HTTP Post' client in C# that posts Xml documents to a webserver. This is working fine if the post rate is one post for every 20 seconds. But if the post rate is increased to one post for every 10 seconds the client start getting error 403 'forbidden' from the webserver after a short period of time. The webserver is IIS. The choking of the client/server communication when doing high frequency posting is due to that we...

ASP.NET

1098

Client Certificate Selection

by: lnap | last post by:

Hey everybody, I've got what I hope to be a simple question. I'm currently working on a project that uses IIS to request a Client Cert (X509) from a CAC/Smart Card. However, we want to get away from IIS mandating this requirement and have ASP.NET (C#) request this cert from the client. Is there anyway in .NET to force the Client Cert request dialog as IIS would do it? Or even automatically select a client cert from the supplied certs? (The...

.NET Framework

3871

XML-RPC SSL and client side certs?

by: Eli Criffield | last post by:

Does anyone have an example setup of a XML-RPC sever using client side certs for authentication? And instead of having a list of certs allowed to connect, I'd like to allow any cert signed by my CA. It doesn't seem like it would be to hard to do and I'll probably spend some time setting it up here soon, but would be interested if anyone else has already written a solution like this or has used one (in python of course).

Python

5910

C# DLL - Used in VB Project - Certificate Store gathering certs for use in httpwebrequest

by: Joe | last post by:

Hello, I'm currently using a C# class library which is also converted quickly to a console app by adding a MAIN and adjusting the building configuration. I'm using this page as a reference to the code. http://support.microsoft.com/kb/895971 . I am using the CryptoAPI calls instead of a *.cer file. The only reason i'm using this method instead is because now a large project of mine no longer will work properly when using an exported...

ASP.NET

3479

.Net 2.0 issue with HttpWebRequest/Proxy breaking WebService

by: =?Utf-8?B?TGFycnlLdXBlcm1hbg==?= | last post by:

Our WebDev team seems to have found a problem that exposes a bug in .NET 2.0. This problem can be shown when trying to access a WebService using SSL and through a proxy server after using the HttpWebRequest object. Under normal circumstances I am able to use the webservice without any problems. But after using an HttpWebRequest object to make a call to a website all subsequent attempts to use the WebService will fail with a 401...

ASP.NET

8604

Changing the language in Windows 10

by: Hystou | last post by:

Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can effortlessly switch the default language on Windows 10 without reinstalling. I'll walk you through it. First, let's disable language synchronization. With a Microsoft account, language settings sync across devices. To prevent any complications,...

Windows Server

9157

Problem With Comparison Operator <=> in G++

by: Oralloy | last post by:

Hello folks, I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>". The problem is that using the GNU compilers, it seems that the internal comparison operator "<=>" tries to promote arguments from unsigned to signed. This is as boiled down as I can make it. Here is my compilation command: g++-12 -std=c++20 -Wnarrowing bit_field.cpp Here is the code in...

C / C++

8895

The easy way to turn off automatic updates for Windows 10/11

by: Hystou | last post by:

Overview: Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows Update option using the Control Panel or Settings app; it automatically checks for updates and installs any it finds, whether you like it or not. For most users, this new feature is actually very convenient. If you want to control the update process,...

Windows Server

8861

Discussion: How does Zigbee compare with other wireless protocols in smart home applications?

by: tracyyun | last post by:

Dear forum friends, With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each protocol has its own unique characteristics and advantages, but as a user who is planning to build a smart home system, I am a bit confused by the choice of these technologies. I'm particularly interested in Zigbee because I've heard it does some...

General

6518

Access Europe - Using VBA to create a class based on a table - Wed 1 May

by: isladogs | last post by:

The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM). In this session, we are pleased to welcome a new presenter, Adolph Dupré who will be discussing some powerful techniques for using class modules. He will explain when you may want to use classes instead of User Defined Types (UDT). For example, to manage the data in unbound forms. Adolph will...

Microsoft Access / VBA

5860

Couldn’t get equations in html when convert word .docx file to html file in C#.

by: conductexam | last post by:

I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and then checking html paragraph one by one. At the time of converting from word file to html my equations which are in the word document file was convert into image. Globals.ThisAddIn.Application.ActiveDocument.Select();...

C# / C Sharp

4619

Windows Forms - .Net 8.0

by: adsilva | last post by:

A Windows Forms form does not have the event Unload, like VB6. What one acts like?

Visual Basic .NET

3046

transfer the data from one system to another through ip address

by: 6302768590 | last post by:

Hai team i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated we have to send another system

C# / C Sharp

2330

How to add payments to a PHP MySQL app.

by: muto222 | last post by:

How can i add a mobile payment intergratation into php mysql website.

PHP