J
jens Jensen
Hello,
I was given the task to build a .Net client that will talk to IBM
integration server via HTTP post.
The idea is that each http packet exchange should be authenticated via X09
"client authentication and not "server authentification"
The code i wrote is quite straight forward. (See listing below)
With server authentication, the server's application will contain a
certificate created specifically for that server. The client application
will contain a list of CA's. When the client application requests an SSL
connection to that server, the server will send its certificate to the PC.
The client application will then check its list of CA's for one that trusts
the server certificate. If it finds one, the SSL server authenticated
connection is established. If not, the SSL connection will fail. Most
SSL-enabled client software (e.g., Express client, Microsoft Internet
Explorer, and Netscape Navigator) is shipped with a built-in list of
well-known CA's such as Verisign and Thawte. Therefore, if a server
certificate was created and purchased from Verisign, most client software
will be able to use the SSL server authentication out-of-the-box without
further SSL configuration.
Client authentication is the second method in which SSL uses the trust
relationship. Client authentication is optional and server applications can
be programmed to choose whether it is necessary to require it. With client
authentication, the client will contain a certificate created specifically
for that client. The server application will contain a list of CA's. When
the client application requests an SSL connection to that server, the server
will send its certificate to the PC and an indication that the PC must send
its client certificate to the server. The client application will then check
its list of CAs for one that trusts the server certificate. If it finds one,
the client will send its certificate to the server. Then, the server
application will check its list of CAs for one that trusts the client
certificate. If it finds one and both sides determine that each other's
certificate is trustworthy, the SSL client-authenticated connection is
established. If not, the SSL connection will fail.
public void Post_Message())
{
X509Certificate2 Certificate = null;
// StoreName.CertificateAuthority
X509Store store = new X509Store(StoreName.AddressBook,
StoreLocation.CurrentUser);
store.Open(OpenFlags.ReadOnly | OpenFlags.OpenExistingOnly);
try
{
X509Certificate2Collection collection =
(X509Certificate2Collection)store.Certificates;
X509Certificate2Collection fcollection =
(X509Certificate2Collection)collection.Find(X509FindType.FindByTimeValid,
DateTime.Now, false);
if (fcollection.Count == 0)
throw new Exception("Unable to find certificate!");
else
{
Certificate = fcollection[0];
// Certificate.
HttpWebRequest req =
(HttpWebRequest)HttpWebRequest.Create(ConfigurationManager.AppSettings["URI"]);
req.ClientCertificates.Add(Certificate);
// req.Proxy = new
System.Net.WebProxy(ConfigurationManager.AppSettings["ProxyString"], true);
req.ContentType = "application/x-www-form-urlencoded";
req.Method = "POST";
byte[] bytes = System.Text.Encoding.ASCII.GetBytes(message);
req.ContentLength = bytes.Length;
System.Net.WebResponse resp = req.GetResponse();
// if (req == null) return null;
System.IO.StreamReader sr = new
System.IO.StreamReader(resp.GetResponseStream());
// return ;
Save_Irw_Response(Utility.ConvertMessagetoUTF8(sr.ReadToEnd().Trim()));
}
}
catch(Exception except)
{
Console.Write(except.Message);
}
finally
{
store.Close();
}
Well i'm asking for expert advices as the IBM people dont have any
experience with dotnet intereop on this matter and before i lunch my test,
i would like to have experts support weather i'm on the right way or weather
i have gone totally mad
)
many thanks in advance
JJ
I was given the task to build a .Net client that will talk to IBM
integration server via HTTP post.
The idea is that each http packet exchange should be authenticated via X09
"client authentication and not "server authentification"
The code i wrote is quite straight forward. (See listing below)
With server authentication, the server's application will contain a
certificate created specifically for that server. The client application
will contain a list of CA's. When the client application requests an SSL
connection to that server, the server will send its certificate to the PC.
The client application will then check its list of CA's for one that trusts
the server certificate. If it finds one, the SSL server authenticated
connection is established. If not, the SSL connection will fail. Most
SSL-enabled client software (e.g., Express client, Microsoft Internet
Explorer, and Netscape Navigator) is shipped with a built-in list of
well-known CA's such as Verisign and Thawte. Therefore, if a server
certificate was created and purchased from Verisign, most client software
will be able to use the SSL server authentication out-of-the-box without
further SSL configuration.
Client authentication is the second method in which SSL uses the trust
relationship. Client authentication is optional and server applications can
be programmed to choose whether it is necessary to require it. With client
authentication, the client will contain a certificate created specifically
for that client. The server application will contain a list of CA's. When
the client application requests an SSL connection to that server, the server
will send its certificate to the PC and an indication that the PC must send
its client certificate to the server. The client application will then check
its list of CAs for one that trusts the server certificate. If it finds one,
the client will send its certificate to the server. Then, the server
application will check its list of CAs for one that trusts the client
certificate. If it finds one and both sides determine that each other's
certificate is trustworthy, the SSL client-authenticated connection is
established. If not, the SSL connection will fail.
public void Post_Message())
{
X509Certificate2 Certificate = null;
// StoreName.CertificateAuthority
X509Store store = new X509Store(StoreName.AddressBook,
StoreLocation.CurrentUser);
store.Open(OpenFlags.ReadOnly | OpenFlags.OpenExistingOnly);
try
{
X509Certificate2Collection collection =
(X509Certificate2Collection)store.Certificates;
X509Certificate2Collection fcollection =
(X509Certificate2Collection)collection.Find(X509FindType.FindByTimeValid,
DateTime.Now, false);
if (fcollection.Count == 0)
throw new Exception("Unable to find certificate!");
else
{
Certificate = fcollection[0];
// Certificate.
HttpWebRequest req =
(HttpWebRequest)HttpWebRequest.Create(ConfigurationManager.AppSettings["URI"]);
req.ClientCertificates.Add(Certificate);
// req.Proxy = new
System.Net.WebProxy(ConfigurationManager.AppSettings["ProxyString"], true);
req.ContentType = "application/x-www-form-urlencoded";
req.Method = "POST";
byte[] bytes = System.Text.Encoding.ASCII.GetBytes(message);
req.ContentLength = bytes.Length;
System.Net.WebResponse resp = req.GetResponse();
// if (req == null) return null;
System.IO.StreamReader sr = new
System.IO.StreamReader(resp.GetResponseStream());
// return ;
Save_Irw_Response(Utility.ConvertMessagetoUTF8(sr.ReadToEnd().Trim()));
}
}
catch(Exception except)
{
Console.Write(except.Message);
}
finally
{
store.Close();
}
Well i'm asking for expert advices as the IBM people dont have any
experience with dotnet intereop on this matter and before i lunch my test,
i would like to have experts support weather i'm on the right way or weather
i have gone totally mad
)many thanks in advance
JJ