views:

928

answers:

5

I've used HttpWebRequests to post data to HTTPS websites before, and I've never had todo anything different than a regular HTTP Post.

Does anyone know if there are any tricks involved that I missed to ensure that this is done properly?

A: 

HTTPS requests are the same as HTTP (only using SSL certificates).

However you should manually ensure that the certificates do not have errors (even warnings), or the request will probably fail.

Ady
And how would we go about verifying a certificate if it's an ssl request?
Joel Coehoorn
The .NET framework (or the HTTP sub layer) will handle the SSL certificates for you, however if you manually need verify the certificate yourself you can just load the request in you browser and look at the certificate.
Ady
+1  A: 

Check for certification errors, this i a common issue http://www.west-wind.com/weblog/posts/48909.aspx

Oscar Cabrero
+3  A: 

After a little searching, it looks like you don't have to do anything if the certificate is valid.

If you want to examine the certificate yourself, you can do this:

System.Net.ServicePointManager.ServerCertificateValidationCallback +=
    delegate(object sender, System.Security.Cryptography.X509Certificates.X509Certificate certificate,
                            System.Security.Cryptography.X509Certificates.X509Chain chain,
                            System.Net.Security.SslPolicyErrors sslPolicyErrors)
        {
            return true; // **** Always accept
        };

The above code came from a comment on Rick Stralhs blog, and will force always accepting the client cert.

You can also validate the cert there in that delegate.

Cool stuff!

FlySwat
+1  A: 

I think https is a hosting issue, you have to configure the keystore with your certificates (or certificate chains), setup your ssl/tls, map your dns settings (also done for http) and go ahead. I don't see any reason why a session/transport layer issue should affect the application.

How ever, I there was one instance where we had to detect a smart card removal and close the session. To do this, we had to inspect SSO token for every request and check the validity. This is more to do with Smart card aspect of the architecture and not https though.

questzen
A: 

I'm trying to use HttpWebRequest with SSL also... I can succeed using the IE Browser (POST), but get Protocol error 500 when I use HttpWebRequest POST. It works using HttpWebRequest GET... Any ideas?