Please Help with HttpWebRequest problem

[TJO]

I cannot post login user name and password data to an SSL web form without
the following error.
"The underlying connection was closed: Could not establish secure channel
for SSL/TLS."

I have looked hi and low for the reason why but each time i try something
different i get the same error. It also appears that this problem has been
posted numerous time without a complete answer. MS PLEASE HELP HERE.

I don't know if this is correct but I have created mycert.cer by going into
the Certification Manager MMC and exporting the cert from this particular
site. (Specific help in creating the cer file would be greatly appreciated
also. )


postData = "uid=myuserid&currpassword=mypassword";

objRequest2 =
(HttpWebRequest)System.Net.HttpWebRequest.Create(cmbo_uri.Text);
objRequest2.Method = "POST";
objRequest2.AllowAutoRedirect = true;
objRequest2.ContentLength = postData.Length;
objRequest2.ContentType = "application/x-www-form-urlencoded";
objRequest2.Timeout = 100000;
objRequest2.CookieContainer = new CookieContainer();
objRequest2.AllowWriteStreamBuffering = true;

ServicePointManager.CertificatePolicy = new AcceptAllCertificatePolicy();

X509Certificate x509 = X509Certificate.CreateFromCertFile
(@"C:\mycert.cer");

objRequest2.ClientCertificates.Add(x509);

try
{
myWriter = new StreamWriter(objRequest2.GetRequestStream());
myWriter.Write(postData);
txt_header.Text = "Sent Request Stream\n " + postData;

}
catch (Exception e2)
{
txt_errormsg.Text = "Error Writing Request: " + e2.Message + "\n" +
e2.ToString();
}
finally
{
if(myWriter != null)
myWriter.Close();
}

try
{
objResponse2 = (HttpWebResponse)objRequest2.GetResponse();


StreamReader sr = new StreamReader(objResponse2.GetResponseStream());

result = sr.ReadToEnd();

// Close and clean up the StreamReader
sr.Close();


txt_header.Text = objResponse2.Headers.ToString();
txt_response.Text = result;
}
catch (Exception re)
{
txt_errormsg.Text = "Error Getting Response: " + "\n" + re.ToString();
}

}


sealed class AcceptAllCertificatePolicy : ICertificatePolicy
{
public bool CheckValidationResult(ServicePoint srvPoint,
X509Certificate certificate, WebRequest request,
int certificateProblem)
{
// Just accept.
return true;
}

}

 

[George Zacharias]

I've done some research/troubleshooting on this issue. Firstly, is this an
SSL connection using two-way client certificates? Otherwise you don't really
need the .cer file - just doing an https request will do the
trick. Otherwise, you have to export the X509 certificate and use that file.
Also you have to ensure that a proper certificate is *imported* and
installed in the certificate store. If the certificate in the certificate
store is incomplete (it allows you to import a cert without a private key
and it'll even show up in the "Personal" cert store, but it cannot decrypt
the information coming back so it fails.

Assuming that it's an SSL connection using client certificates:
You also have to ensure that the aspnet process has access to the
certificate store. This is a big issue - to have access to the certificate
store, the process needs higher privileges and it really is not advisable to
give higher privileges to the ASPNET process. A possible solution is to have
a COM+ (serviced component in .NET slang) to act as an intermediary between
the asp page and whatever is called (another page or web service). See this
article - this might help.
http://msdn.microsoft.com/library/en-us/dnnetsec/html/SecNetHT13.asp

I haven't really tried your approach (HTTP request), but I've tried it for
calling a web service and ended up with the serviced component solution.

Hope this helps at least point you in the right direction.

Regards,
George Zacharias.

 

[TJO]

Thank you very much for you help here.

Firstly, the web site i am trying to access does not need two-way
certificates from what I can tell. It is simply a web site that has an https
URL. I am not exactly sure about the terminology here but if by "two-way"
you mean that my client browser requires a certificate then what I am trying
to do is not "two-way." I am not using a client certificate nor do I need
one when accessing the site using IE Explorer. I am glad to hear that I can
avoid the issue of attaching a .cer file to my request.

Second, I am writing this code as a windows application and eventually want
to encapsulate my code into its own class that I can instantiate numerous
times.

So it seems like this issues leads me back to my code from my original
posting in this thread without the need for the three lines of code
instantiating a X509Certificate and adding it to my HttpWebRequest.

So given the following code why do I get the error "The underlying
connection was closed: Could not establish secure channel for SSL/TLS" ?

objRequest1 =
(HttpWebRequest)System.Net.HttpWebRequest.Create(cmbo_uri.Text);
objRequest1.Method = "GET";
objRequest1.ContentType = "text/html";
objRequest1.CookieContainer = new CookieContainer();

objResponse1 = (HttpWebResponse)objRequest1.GetResponse(); // ERROR HERE

 

[Joerg Jooss]

"TJO" spoke:

I cannot post login user name and password data to an SSL web form
without the following error.
"The underlying connection was closed: Could not establish secure
channel for SSL/TLS."

I have looked hi and low for the reason why but each time i try
something different i get the same error. It also appears that this
problem has been posted numerous time without a complete answer. MS
PLEASE HELP HERE.

I don't know if this is correct but I have created mycert.cer by
going into the Certification Manager MMC and exporting the cert from
this particular site. (Specific help in creating the cer file would
be greatly appreciated also. )


postData = "uid=myuserid&currpassword=mypassword";

objRequest2 =
(HttpWebRequest)System.Net.HttpWebRequest.Create(cmbo_uri.Text);
objRequest2.Method = "POST";
objRequest2.AllowAutoRedirect = true;
objRequest2.ContentLength = postData.Length;
objRequest2.ContentType = "application/x-www-form-urlencoded";
objRequest2.Timeout = 100000;
objRequest2.CookieContainer = new CookieContainer();
objRequest2.AllowWriteStreamBuffering = true;

ServicePointManager.CertificatePolicy = new
AcceptAllCertificatePolicy();

X509Certificate x509 = X509Certificate.CreateFromCertFile
(@"C:\mycert.cer");

Hmmm... you're assigning the policy after creating the WebRequest. I've
always assumed that this should happen *before* creating the request.
What happens if you try that?

Cheers,

 

[ron phillips]

Make sure you don't need a proxy server. If you are using a proxy server
in your environment you need to specify that in your WebRequest

e.g.

myrequest.Proxy = new WebProxy("http://myproxyserver");

let me know if this helps - I quite nearly went nuts trying to get this
to work until someone reminded me that there was a proxy server in
place.