-----------------------------------------------------------
New Message on BDOTNET
-----------------------------------------------------------
From: s_hashim
Message 2 in Discussion
Consuming Webservices over HTTPS
(SSL)
When Webservices are used, a common
concern is security: SOAP messages are transferred in plain text over the
network, so
anyone with a sniffer could
intercept the SOAP message and read it. In my opinion this could happen also to
binary data, but
probably it requires a little bit
more hacker skills. So a solution is to use HTTPS (SSL) instead of HTTP, so the
communication is encrypted. To
accomplish this, you need to get and install a certificate (issued by a
Certificate Authority)
on your webserver. In a production
environment you would buy a certificate from Verisign or another well known CA,
or you
would install your own CA, which is
a component of Windows Server. If you only want to play with HTTPS, SSL and
certificates
or your project is in the
development phase, you can also generate a test certificate using the
MakeCert.exe tool (included
in the .NET Framework SDK). After
that you have to add this certificate to a website in IIS, and set a port which
HTTPS
should use.
When you browse to a HTTPS site, you
probably get a dialog window asking you if you want to trust the certificate
provided by
the webserver. So the responsibility
of accepting the certificate is handled by the user. Let's get back to the
webservice
scenario, if you want to invoke a
webservice located on a webserver which uses SSL and HTTPS there is a problem.
When you
make the call from code, there is no
dialog window popping up, and asking if you trust the certificate (luckily
because this
would be pretty ugly in server-side
scenarios); probably you'll get following exception:
An unhandled exception
of type 'System.Net.WebException' occurred in system.dll
Additional information: The
underlying connection was closed: Could not establish trust relationship with
remote server.
But there is a solution for this
problem, you can solve this in your code by creating your own CertificatePolicy
class (which
implements the ICertificatePolicy
interface). In this class you will have to write your own CheckValidationResult
function
that has to return true or false,
like you would press yes or no in the dialog window. For development purposes
I've created
the following class which accepts
all certificates, so you won't get the nasty WebException anymore:
public class
TrustAllCertificatePolicy : System.Net.ICertificatePolicy
{
public
TrustAllCertificatePolicy()
{}
public bool
CheckValidationResult(ServicePoint sp,
X509Certificate
cert,WebRequest req, int problem)
{
return
true;
}
}
As you can see the
CheckValidationResult function always returns true, so all certificates will be
trusted. If you want to
make this class a little bit more
secure, you can add additional checks using the X509Certificate parameter for
example. To
use this CertificatePolicy, you'll
have to tell the ServicePointManager to use
it:
System.Net.ServicePointManager.CertificatePolicy = new
TrustAllCertificatePolicy();
This must be done (one time during the
application life cycle) before making the call to your webservice.
**********
Keep Smiling,
Regards.
Sayad Hashim Ali Kazi
Microsoft India
Community Star.
***********************
SQL Star International Ltd.
SQL House, #13,Infocity,Madhapur,
Hyderabad 500 081.
Tel: +91-40-2310 1650(Off) +91-40-55683272(Resi)
http://www.mugh.net
http://SayadHashim.blogspot.com
http://dotnetjunkies.com/WebLog/SayadHashim/
***********************************
-----Original Message-----
From: SivaDotNet
[mailto:[EMAIL PROTECTED]
Sent: Thursday, July 29, 2004 9:05
AM
To: BDOTNET
Subject: Web Service
problem
New Message on BDOTNET
Web
Service problem
Reply
Reply to Sender Recommend
Message 1 in
Discussion
From: SivaDotNet
Hi All,
I am using web service in one of my application. The
Application is working fine when being used
with http but not working with https. Do i need to
explicitly handle any cases in order make application which
uses web services to work in https also.
Kindly advice,
Cheers!!
Siva Kumar
View other groups in this
category.
-----------------------------------------------------------
To stop getting this e-mail, or change how often it arrives, go to your E-mail
Settings.
http://groups.msn.com/bdotnet/_emailsettings.msnw
Need help? If you've forgotten your password, please go to Passport Member Services.
http://groups.msn.com/_passportredir.msnw?ppmprop=help
For other questions or feedback, go to our Contact Us page.
http://groups.msn.com/contact
If you do not want to receive future e-mail from this MSN group, or if you received
this message by mistake, please click the "Remove" link below. On the pre-addressed
e-mail message that opens, simply click "Send". Your e-mail address will be deleted
from this group's mailing list.
mailto:[EMAIL PROTECTED]
