Remoting through Authenticating Proxy using SSL
- From: Roberto <Roberto@xxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Thu, 21 Feb 2008 09:51:01 -0800
I have a .NET 2.0 client application that accesses a remoting endpoint hosted
in IIS. The client is located on a network that has an authenticating proxy
server. The client has the following code which it calls once when the app
is started
WebRequest.DefaultWebProxy.Credentials = new NetworkCredential(userName,
password);
The userName and password variables are initialized to the appropriate
values before this call is made.
The error I get is:
System.Net.WebException: The underlying connection was closed: Could not
establish trust relationship for the SSL/TLS secure channel. --->
System.Security.Authentication.AuthenticationException: The remote
certificate is invalid according to the validation procedure.
at System.Net.Security.SslState.StartSendAuthResetSignal(ProtocolToken
message, AsyncProtocolRequest asyncRequest, Exception exception)
Based on the network trace file the root cause is:
System.Net Information: 0 : [1652] SecureChannel#33145663 - Remote
certificate has errors:
System.Net Information: 0 : [1652] SecureChannel#33145663 - The revocation
function was unable to check revocation for the certificate.
System.Net Information: 0 : [1652] SecureChannel#33145663 - The revocation
function was unable to check revocation because the revocation server was
offline.
The server certificate is issued by Entrust and is valid. The revocation
server also appears to be online because calling the website through IE opens
without any issue or warning.
The network trace also shows that the proxy authentication negotiation is
successful so the credentials are being sent and accepted by the proxy.
System.Net Information: 0 : [1652] Connection#9040679 - Received status
line: Version=1.1, StatusCode=407, StatusDescription=Proxy Authentication
Required.
....
System.Net Warning: 0 : [1652] HttpWebRequest#41364769::() - Resubmitting
request.
....
System.Net Information: 0 : [1652] ConnectStream#40550573 - Sending headers
{
Proxy-Authorization: Basic d2ViY29kaW5nOmFjY29yZGlz
Host: mcx.precyse.net:443
}.
System.Net.Sockets Verbose: 0 : [1652] Socket#53703870::Receive()
System.Net.Sockets Verbose: 0 : [1652] Data from Socket#53703870::Receive
System.Net.Sockets Verbose: 0 : [1652] 00000000 : 48 54 54 50 2F 31 2E 31-20
32 30 30 20 43 6F 6E : HTTP/1.1 200 Con
System.Net.Sockets Verbose: 0 : [1652] 00000010 : 6E 65 63 74 69 6F 6E 20-65
73 74 61 62 6C 69 73 : nection establis
System.Net.Sockets Verbose: 0 : [1652] 00000020 : 68 65 64 0D 0A 0D 0A
: hed....
System.Net.Sockets Verbose: 0 : [1652] Exiting Socket#53703870::Receive()
-> 39#39
System.Net Information: 0 : [1652] Connection#22896952 - Received status
line: Version=1.1, StatusCode=200, StatusDescription=Connection established.
But then once the actual POST is attempted the certificate revocation check
fails. My guess is that the proxy credentials aren't being sent when the
call to the revocation server is made internally by the framework.
Any ideas?
.
- Prev by Date: RE: System.Delegate.Remove fialed on remote delegates
- Next by Date: programmatically configure enterprise library appication logging
- Previous by thread: 400 Bad Request problem (repost from microsoft.public.inetserver.iis)
- Next by thread: programmatically configure enterprise library appication logging
- Index(es):
Relevant Pages
|
