Login/Register
Two-way authentication using ssl in dotnet
Asked Answered
vb.netauthenticationssl-certificatetwo-wayssl-security
L

1

7

I have a project where I need to send a datafile through a web request. We need to setup Two-way authentication also known as mutual authentication. We are not sure if we need a special cert or not but we know that it needs to be level 3.

I am having trouble finding sample code for this case. I don't know where to add our cert information. With this code a Underlying connection is closed error is thrown when we try to read the response stream and ServicePointManager.ServerCertificateValidationCallback is never called. Here is what I have:

ServicePointManager.ServerCertificateValidationCallback = New Security.RemoteCertificateValidationCallback(AddressOf MyCertValidationCb)
            httpReq = CType(System.Net.HttpWebRequest.Create(url), HttpWebRequest)
            For Each cert As String In certs
                X509cert = X509Certificate2.CreateFromCertFile(cert)
                X509cert2 = New X509Certificate2(X509cert)
                httpReq.ClientCertificates.Add(X509cert2)
            Next
            httpReq.Method = "POST"        ' Post method
            httpReq.ContentType = "text/xml"               ' content type

            ' Wrap the request stream with a text-based writer
            writer = New StreamWriter(httpReq.GetRequestStream())
            ' Write the XML text into the stream
            reader = New StreamReader(filename.Name)
            ret = reader.ReadToEnd()
            reader.Close()
            ' Send the data to the webserver
            writer.WriteLine(ret)
            writer.Close()
            ' Wait for response
            Dim httpRsp As System.Net.HttpWebResponse = CType(httpReq.GetResponse(), HttpWebResponse)
            sr = New StreamReader(httpRsp.GetResponseStream)
            responseText = sr.ReadToEnd

            If httpReq IsNot Nothing Then
                httpReq.GetRequestStream().Close()
            End If
            If httpRsp IsNot Nothing Then
                httpRsp.GetResponseStream().Close()
            End If

Any tips or links to blogs with sample code would be great. Thanks.

Lyra answered 14/12, 2010 at 21:45 Comment(1)
Do you have a particular requirement that prevents using WS-Security on SOAP? Between .NET and IIS, i.e., WCF, this would handle SSL transport and repudiation using a shared cert. Switching up to TLS and/or message encryption is a matter of setting flags. No need for a Class 3 then, just a Class 1 PKCS12, with private key, no need for a trusted chain root, would work.Seritaserjeant
A
1

You don't need a 'special' certificate. Your client needs its own certificate and use it in the connection to tell the server its identity. That is called a Client Certificate. The server should handle this properly.

The following MSDN article talks about how to set your ClientCertificate: http://msdn.microsoft.com/en-us/library/ms732391.aspx?cs-save-lang=1&cs-lang=vb#code-snippet-2

Adenectomy answered 14/12, 2012 at 12:49 Comment(0)

© 2022 - 2024 — McMap. All rights reserved.