RE: SSL Certificate Check

From: v-schang@xxxxxxxxxxxxxxxxxxxx (Steven Cheng[MSFT])
Date: Thu, 12 May 2005 05:47:47 GMT

Hi Jmh,

Welcome to ASPNET newsgroup.
>From your description, you are using WebClient class to access a certain
ASP.NET web application which is protected by SSL in IIS. And at the client
application, you'd like to intercept the validation processing for the
Server Certificate , yes?

As for this question, based on my research, when using WebClient (or
HTTPWebRequest) net components to accessing SSL protected resource, the
validation process for the Server Certificate if automatically done by the
default CertificatePolicy(System.Net.DefaultCertificatePolicy). The
DefaultCertificatePolicy class will always make the connection fail if any
problems or errors occur. Then, if we need to manually intercept the
validation process, we can create a custom CertificatePolicy class which
should inplement the ICertificatePolicy interface,

#ICertificatePolicy Interface
http://msdn.microsoft.com/library/en-us/cpref/html/frlrfsystemneticertificat
epolicyclasstopic.asp?frame=true

this interface contains the "CheckValidationResult" method which return a
boolean value to indicate whether the Server Certificate is valid. We can
add our own validation logic in it. The following custom CertificatePolicy
always return true to let the server certificate pass the validation(no
error will occur):

public class MyCertPolicy : System.Net.ICertificatePolicy
{
public MyCertPolicy()
{}

public bool CheckValidationResult(ServicePoint sp,
X509Certificate cert,WebRequest req, int problem)
{

return true;
}
}

And before we use our WebClient instance to access remote SSL protected
app, we need to attache our custom CertificatePolicy instance through the
System.Net.ServicePointManager.CertificatePolicy propety, like:

=======================
ServicePointManager.CertificatePolicy = new MyCertificatePolicy();

try
{
WebRequest myRequest = WebRequest.Create(myUri);
WebResponse myResponse = myRequest.GetResponse();
ProcessResponse(myResponse);
myResponse.Close();
}
catch(WebException e)
{
}
=================

Hope helps. Thanks,

Steven Cheng
Microsoft Online Support

Get Secure! www.microsoft.com/security
(This posting is provided "AS IS", with no warranties, and confers no
rights.)

.

Follow-Ups:
- RE: SSL Certificate Check
  - From: jmhmaine

References:
- SSL Certificate Check
  - From: jmhmaine

Prev by Date: About Duwamish 7.0
Next by Date: Re: Config: Allow Roles does not work as expected
Previous by thread: SSL Certificate Check
Next by thread: RE: SSL Certificate Check
Index(es):
- Date
- Thread

Relevant Pages

Re: IIS 6.0 SITE USING SSL
... It's not possible to set up a site for SSL without a server certificate. ... and neither would IIS. ... your claim about IIS5 supporting https without a server certificate is ...
(microsoft.public.inetserver.iis.security)
Re: SSL
... How did you get the Server Certificate? ... what settings do you have in the "Secure communications" dialog box - ... SSL, without the "HTTPS" prefix I receive the following ... This is good, except when I add the "HTTPS", the browser ...
(microsoft.public.inetserver.iis.security)
Re: SSL on ASP.NET
... SSL is enabled in IIS and is independent of ASP.NET. ... active if you have installed the server certificate properly. ... An error occurred during the processing of a> configuration file required to service this request. ...
(microsoft.public.dotnet.framework.aspnet.security)
SSL problem using Macintosh browser
... SSL works just fine for PC ... won't work for Mac users (browser is Internet ... This is the same server and site and server certificate ... that was used with the ASP app. ...
(microsoft.public.dotnet.framework.aspnet.security)