Solved

How to use .net 1.1 HttpWebRequest class to post the data to a secured server (https)?

Posted on 2008-10-13
3
369 Views
Last Modified: 2013-12-17
Following code I am using to post data to an external server. The url is like "http://www.microsoft.com".
How can I post to a secured server (https) like  "https://www.microsoft.com" and how to test?
       
     public static string sendWebRequest(string URL, string Query)
            {
                  try
                  {
                        HttpWebRequest httpRequest = (HttpWebRequest)WebRequest.Create(URL);
                        httpRequest.Method = "POST";
                        httpRequest.ContentLength = Query.Length;
           
                        System.Net.ServicePointManager.CertificatePolicy = new TrustAllCertificatePolicy();

                        httpRequest.ContentType = "application/x-www-form-urlencoded";
                 
                        Stream httpRequestStream = httpRequest.GetRequestStream();
                        byte[] b = System.Text.Encoding.ASCII.GetBytes(Query);
                        httpRequestStream.Write(b, 0, b.Length);
                        httpRequestStream.Close();

                        Stream streamResponse = httpRequest.GetResponse().GetResponseStream();
                 
                        StreamReader      streamReader = new StreamReader(streamResponse);
                        string strResponse = streamReader.ReadToEnd();
                        streamReader.Close();
                        return strResponse;
                  }
                  catch (System.Net.WebException e)
                  {
                        throw e;
                  }
            }
0
Comment
Question by:rsrajendran69
  • 2
3 Comments
 
LVL 4

Expert Comment

by:novynov
Comment Utility
I may be misundertanding your question or missing something, but I don't believe there is any difference. You should be able to use HttpWebRequest against an https url with no problems and no additional coding (i.e. no need to mess with certificates, etc. - it just works).

One problem I have seen mention of regarded using HttpWebRequest from within an ASP.NET application. I believe the root of the problem had to do with the account that IIS was running under - and not having access to the key store in order to authenticate the server credentials during the SSL handshake.

Have you tried just using HttpWebRequest as is? Did you run into a problem? If so, what?

I hope this helps.
0
 

Author Comment

by:rsrajendran69
Comment Utility
Thank you very much for your reply, I did go thru microsoft documentation saying that HttpWebRequest will work on 'https url' without any change. I have not tried yet.

My question was, how to test https URL, just change the url from http-->https and try or is there any certificates needs to be installed on the web server to test 'https' url?. I am not really very sure how the 'https' works. Any URL can be changed to https ?
please clarrify.  Excuse me if asked stupid question.
0
 
LVL 4

Accepted Solution

by:
novynov earned 250 total points
Comment Utility
OK...now I understand more....and it isn't a stupid question. For you to use SSL on your webserver, yes you need a server certificate installed.

Assuming you are using IIS, this is a matter of generating a certificate request, getting it signed, installing the certificate, and then setting up IIS to use/require SSL in the apps/virtual directories of your choice.

Configuring IIS to do the above is fairly straightforward, though I believe there may be some slight differences in the specfic steps between IIS 6.0 and 7.0. A quick Google will give you some specific walkthroughs.

The biggest rock sometimes can be getting your certificate. A production ready certificate costs money and requires that you know the domain that you are going to be using - certs are issued on a per domain basis.

What many developers do is obtain a "self signed" certificate. There are a number of ways of doing this, including setting up your own certificate authority server, using the SelfSSL tool included in the IIS 6.0 resource kit or using tools like openssl (http://www.openssl.org/related/binaries.html). A Google search of "self signed ssl" should point you at a number of options.

Once you have your test certificate installed, you may also need to install a certificate on the client machine you'll be testing on. This certificate is normally that of the signer of your server certificate (i.e. the Certificate Authority). Doing this instructs your browser to trust all certificates that have been signed by the particular CA. If you don't do this step, many browsers will complain that the server's certificate may not be trustworthy. In many cases, you can still use the website - but you'll just have to deal with the annoying browser complaints.

I hope this helps. Here are some links to some reading that may help you as you ramp up in this area:

How the SSL handshake works: http://support.microsoft.com/kb/257591
How SSL works: https://www.securetrust.com/resources/how-ssl-works
Overview of public/private keys and server certs: http://www.nusphere.com/products/library/ssl.htm
Creating an SSL cert request in IIS 6.0: http://www.ravand.com/ssliis6.cfm
How SSL works from Verisign, a company that sells certs: http://www.verisign.com/ssl/ssl-information-center/how-ssl-security-works/
IIS 6.0 resource kit tools: http://www.microsoft.com/downloads/details.aspx?FamilyID=56fc92ee-a71a-4c73-b628-ade629c89499&DisplayLang=en

Let me know if I can be of more assistance.
0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

Flash (http://en.wikipedia.org/wiki/Adobe_Flash) has evolved over the years to where it has become a masterful tool for displaying content screen.  It has excellent layout placement, UI precision as well as rendering capabilities. This, along with t…
Welcome my friends to the second instalment and follow-up to our Minify and Concatenate Your Scripts and Stylesheets (http://www.experts-exchange.com/Programming/Languages/.NET/ASP.NET/A_4334-Minify-and-Concatenate-Your-Scripts-and-Stylesheets.html)…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
When you create an app prototype with Adobe XD, you can insert system screens -- sharing or Control Center, for example -- with just a few clicks. This video shows you how. You can take the full course on Experts Exchange at http://bit.ly/XDcourse.

772 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now