I've used HttpWebRequests to post data to HTTPS websites before, and I've never had todo anything different than a regular HTTP Post.
Does anyone know if there are any tricks involved that I missed to ensure that this is done properly?
I've used HttpWebRequests to post data to HTTPS websites before, and I've never had todo anything different than a regular HTTP Post.
Does anyone know if there are any tricks involved that I missed to ensure that this is done properly?
HTTPS requests are the same as HTTP (only using SSL certificates).
However you should manually ensure that the certificates do not have errors (even warnings), or the request will probably fail.
Check for certification errors, this i a common issue http://www.west-wind.com/weblog/posts/48909.aspx
After a little searching, it looks like you don't have to do anything if the certificate is valid.
If you want to examine the certificate yourself, you can do this:
System.Net.ServicePointManager.ServerCertificateValidationCallback +=
delegate(object sender, System.Security.Cryptography.X509Certificates.X509Certificate certificate,
System.Security.Cryptography.X509Certificates.X509Chain chain,
System.Net.Security.SslPolicyErrors sslPolicyErrors)
{
return true; // **** Always accept
};
The above code came from a comment on Rick Stralhs blog, and will force always accepting the client cert.
You can also validate the cert there in that delegate.
Cool stuff!
I think https is a hosting issue, you have to configure the keystore with your certificates (or certificate chains), setup your ssl/tls, map your dns settings (also done for http) and go ahead. I don't see any reason why a session/transport layer issue should affect the application.
How ever, I there was one instance where we had to detect a smart card removal and close the session. To do this, we had to inspect SSO token for every request and check the validity. This is more to do with Smart card aspect of the architecture and not https though.