Solved

How to use .net 1.1 HttpWebRequest class to post the data to a secured server (https)?

Posted on 2008-10-13
3
380 Views
Last Modified: 2013-12-17
Following code I am using to post data to an external server. The url is like "http://www.microsoft.com".
How can I post to a secured server (https) like  "https://www.microsoft.com" and how to test?
       
     public static string sendWebRequest(string URL, string Query)
            {
                  try
                  {
                        HttpWebRequest httpRequest = (HttpWebRequest)WebRequest.Create(URL);
                        httpRequest.Method = "POST";
                        httpRequest.ContentLength = Query.Length;
           
                        System.Net.ServicePointManager.CertificatePolicy = new TrustAllCertificatePolicy();

                        httpRequest.ContentType = "application/x-www-form-urlencoded";
                 
                        Stream httpRequestStream = httpRequest.GetRequestStream();
                        byte[] b = System.Text.Encoding.ASCII.GetBytes(Query);
                        httpRequestStream.Write(b, 0, b.Length);
                        httpRequestStream.Close();

                        Stream streamResponse = httpRequest.GetResponse().GetResponseStream();
                 
                        StreamReader      streamReader = new StreamReader(streamResponse);
                        string strResponse = streamReader.ReadToEnd();
                        streamReader.Close();
                        return strResponse;
                  }
                  catch (System.Net.WebException e)
                  {
                        throw e;
                  }
            }
0
Comment
Question by:rsrajendran69
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
3 Comments
 
LVL 4

Expert Comment

by:novynov
ID: 22707565
I may be misundertanding your question or missing something, but I don't believe there is any difference. You should be able to use HttpWebRequest against an https url with no problems and no additional coding (i.e. no need to mess with certificates, etc. - it just works).

One problem I have seen mention of regarded using HttpWebRequest from within an ASP.NET application. I believe the root of the problem had to do with the account that IIS was running under - and not having access to the key store in order to authenticate the server credentials during the SSL handshake.

Have you tried just using HttpWebRequest as is? Did you run into a problem? If so, what?

I hope this helps.
0
 

Author Comment

by:rsrajendran69
ID: 22708483
Thank you very much for your reply, I did go thru microsoft documentation saying that HttpWebRequest will work on 'https url' without any change. I have not tried yet.

My question was, how to test https URL, just change the url from http-->https and try or is there any certificates needs to be installed on the web server to test 'https' url?. I am not really very sure how the 'https' works. Any URL can be changed to https ?
please clarrify.  Excuse me if asked stupid question.
0
 
LVL 4

Accepted Solution

by:
novynov earned 250 total points
ID: 22710360
OK...now I understand more....and it isn't a stupid question. For you to use SSL on your webserver, yes you need a server certificate installed.

Assuming you are using IIS, this is a matter of generating a certificate request, getting it signed, installing the certificate, and then setting up IIS to use/require SSL in the apps/virtual directories of your choice.

Configuring IIS to do the above is fairly straightforward, though I believe there may be some slight differences in the specfic steps between IIS 6.0 and 7.0. A quick Google will give you some specific walkthroughs.

The biggest rock sometimes can be getting your certificate. A production ready certificate costs money and requires that you know the domain that you are going to be using - certs are issued on a per domain basis.

What many developers do is obtain a "self signed" certificate. There are a number of ways of doing this, including setting up your own certificate authority server, using the SelfSSL tool included in the IIS 6.0 resource kit or using tools like openssl (http://www.openssl.org/related/binaries.html). A Google search of "self signed ssl" should point you at a number of options.

Once you have your test certificate installed, you may also need to install a certificate on the client machine you'll be testing on. This certificate is normally that of the signer of your server certificate (i.e. the Certificate Authority). Doing this instructs your browser to trust all certificates that have been signed by the particular CA. If you don't do this step, many browsers will complain that the server's certificate may not be trustworthy. In many cases, you can still use the website - but you'll just have to deal with the annoying browser complaints.

I hope this helps. Here are some links to some reading that may help you as you ramp up in this area:

How the SSL handshake works: http://support.microsoft.com/kb/257591
How SSL works: https://www.securetrust.com/resources/how-ssl-works
Overview of public/private keys and server certs: http://www.nusphere.com/products/library/ssl.htm
Creating an SSL cert request in IIS 6.0: http://www.ravand.com/ssliis6.cfm
How SSL works from Verisign, a company that sells certs: http://www.verisign.com/ssl/ssl-information-center/how-ssl-security-works/
IIS 6.0 resource kit tools: http://www.microsoft.com/downloads/details.aspx?FamilyID=56fc92ee-a71a-4c73-b628-ade629c89499&DisplayLang=en

Let me know if I can be of more assistance.
0

Featured Post

Ready to get started with anonymous questions?

It's easy! Check out this step-by-step guide for asking an anonymous question on Experts Exchange.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Welcome my friends to the second instalment and follow-up to our Minify and Concatenate Your Scripts and Stylesheets (http://www.experts-exchange.com/Programming/Languages/.NET/ASP.NET/A_4334-Minify-and-Concatenate-Your-Scripts-and-Stylesheets.html)…
In my previous two articles we discussed Binary Serialization (http://www.experts-exchange.com/A_4362.html) and XML Serialization (http://www.experts-exchange.com/A_4425.html). In this article we will try to know more about SOAP (Simple Object Acces…
Michael from AdRem Software explains how to view the most utilized and worst performing nodes in your network, by accessing the Top Charts view in NetCrunch network monitor (https://www.adremsoft.com/). Top Charts is a view in which you can set seve…
Monitoring a network: why having a policy is the best policy? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the enormous benefits of having a policy-based approach when monitoring medium and large networks. Software utilized in this v…

617 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question