I've used HttpWebRequests to post data to HTTPS websites before, and I've never had todo anything different than a regular HTTP Post.
Does anyone know if there are any tricks involved that I missed to ensure that this is done properly?
A:
HTTPS requests are the same as HTTP (only using SSL certificates).
However you should manually ensure that the certificates do not have errors (even warnings), or the request will probably fail.
Ady
2008-10-28 17:00:56
And how would we go about verifying a certificate if it's an ssl request?
Joel Coehoorn
2008-10-28 17:03:28
The .NET framework (or the HTTP sub layer) will handle the SSL certificates for you, however if you manually need verify the certificate yourself you can just load the request in you browser and look at the certificate.
Ady
2008-10-28 17:06:49
+1
A:
Check for certification errors, this i a common issue http://www.west-wind.com/weblog/posts/48909.aspx
Oscar Cabrero
2008-10-28 17:08:26
+3
A:
After a little searching, it looks like you don't have to do anything if the certificate is valid.
If you want to examine the certificate yourself, you can do this:
System.Net.ServicePointManager.ServerCertificateValidationCallback +=
delegate(object sender, System.Security.Cryptography.X509Certificates.X509Certificate certificate,
System.Security.Cryptography.X509Certificates.X509Chain chain,
System.Net.Security.SslPolicyErrors sslPolicyErrors)
{
return true; // **** Always accept
};
The above code came from a comment on Rick Stralhs blog, and will force always accepting the client cert.
You can also validate the cert there in that delegate.
Cool stuff!
FlySwat
2008-10-28 17:09:00
+1
A:
I think https is a hosting issue, you have to configure the keystore with your certificates (or certificate chains), setup your ssl/tls, map your dns settings (also done for http) and go ahead. I don't see any reason why a session/transport layer issue should affect the application.
How ever, I there was one instance where we had to detect a smart card removal and close the session. To do this, we had to inspect SSO token for every request and check the validity. This is more to do with Smart card aspect of the architecture and not https though.
questzen
2008-10-28 17:12:31