Solved

How to use .net 1.1 HttpWebRequest class to post the data to a secured server (https)?

Posted on 2008-10-13
3
373 Views
Last Modified: 2013-12-17
Following code I am using to post data to an external server. The url is like "http://www.microsoft.com".
How can I post to a secured server (https) like  "https://www.microsoft.com" and how to test?
       
     public static string sendWebRequest(string URL, string Query)
            {
                  try
                  {
                        HttpWebRequest httpRequest = (HttpWebRequest)WebRequest.Create(URL);
                        httpRequest.Method = "POST";
                        httpRequest.ContentLength = Query.Length;
           
                        System.Net.ServicePointManager.CertificatePolicy = new TrustAllCertificatePolicy();

                        httpRequest.ContentType = "application/x-www-form-urlencoded";
                 
                        Stream httpRequestStream = httpRequest.GetRequestStream();
                        byte[] b = System.Text.Encoding.ASCII.GetBytes(Query);
                        httpRequestStream.Write(b, 0, b.Length);
                        httpRequestStream.Close();

                        Stream streamResponse = httpRequest.GetResponse().GetResponseStream();
                 
                        StreamReader      streamReader = new StreamReader(streamResponse);
                        string strResponse = streamReader.ReadToEnd();
                        streamReader.Close();
                        return strResponse;
                  }
                  catch (System.Net.WebException e)
                  {
                        throw e;
                  }
            }
0
Comment
Question by:rsrajendran69
  • 2
3 Comments
 
LVL 4

Expert Comment

by:novynov
ID: 22707565
I may be misundertanding your question or missing something, but I don't believe there is any difference. You should be able to use HttpWebRequest against an https url with no problems and no additional coding (i.e. no need to mess with certificates, etc. - it just works).

One problem I have seen mention of regarded using HttpWebRequest from within an ASP.NET application. I believe the root of the problem had to do with the account that IIS was running under - and not having access to the key store in order to authenticate the server credentials during the SSL handshake.

Have you tried just using HttpWebRequest as is? Did you run into a problem? If so, what?

I hope this helps.
0
 

Author Comment

by:rsrajendran69
ID: 22708483
Thank you very much for your reply, I did go thru microsoft documentation saying that HttpWebRequest will work on 'https url' without any change. I have not tried yet.

My question was, how to test https URL, just change the url from http-->https and try or is there any certificates needs to be installed on the web server to test 'https' url?. I am not really very sure how the 'https' works. Any URL can be changed to https ?
please clarrify.  Excuse me if asked stupid question.
0
 
LVL 4

Accepted Solution

by:
novynov earned 250 total points
ID: 22710360
OK...now I understand more....and it isn't a stupid question. For you to use SSL on your webserver, yes you need a server certificate installed.

Assuming you are using IIS, this is a matter of generating a certificate request, getting it signed, installing the certificate, and then setting up IIS to use/require SSL in the apps/virtual directories of your choice.

Configuring IIS to do the above is fairly straightforward, though I believe there may be some slight differences in the specfic steps between IIS 6.0 and 7.0. A quick Google will give you some specific walkthroughs.

The biggest rock sometimes can be getting your certificate. A production ready certificate costs money and requires that you know the domain that you are going to be using - certs are issued on a per domain basis.

What many developers do is obtain a "self signed" certificate. There are a number of ways of doing this, including setting up your own certificate authority server, using the SelfSSL tool included in the IIS 6.0 resource kit or using tools like openssl (http://www.openssl.org/related/binaries.html). A Google search of "self signed ssl" should point you at a number of options.

Once you have your test certificate installed, you may also need to install a certificate on the client machine you'll be testing on. This certificate is normally that of the signer of your server certificate (i.e. the Certificate Authority). Doing this instructs your browser to trust all certificates that have been signed by the particular CA. If you don't do this step, many browsers will complain that the server's certificate may not be trustworthy. In many cases, you can still use the website - but you'll just have to deal with the annoying browser complaints.

I hope this helps. Here are some links to some reading that may help you as you ramp up in this area:

How the SSL handshake works: http://support.microsoft.com/kb/257591
How SSL works: https://www.securetrust.com/resources/how-ssl-works
Overview of public/private keys and server certs: http://www.nusphere.com/products/library/ssl.htm
Creating an SSL cert request in IIS 6.0: http://www.ravand.com/ssliis6.cfm
How SSL works from Verisign, a company that sells certs: http://www.verisign.com/ssl/ssl-information-center/how-ssl-security-works/
IIS 6.0 resource kit tools: http://www.microsoft.com/downloads/details.aspx?FamilyID=56fc92ee-a71a-4c73-b628-ade629c89499&DisplayLang=en

Let me know if I can be of more assistance.
0

Featured Post

How our DevOps Teams Maximize Uptime

Our Dev teams are like yours. They’re continually cranking out code for new features/bugs fixes, testing, deploying, responding to production monitoring events and more. It’s complex. So, we thought you’d like to see what’s working for us. Read the use case whitepaper.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article describes relatively difficult and non-obvious issues that are likely to arise when creating COM class in Visual Studio and deploying it by professional MSI-authoring tools. It is assumed that the reader is already familiar with the cla…
More often than not, we developers are confronted with a need: a need to make some kind of magic happen via code. Whether it is for a client, for the boss, or for our own personal projects, the need must be satisfied. Most of the time, the Framework…
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…

756 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question