HTTPS using VB.NET application

Re: HTTPS using VB.NET application

Your lucky, I just blogged about this topic! See


When Webservices are used, a common concern is security: SOAP messages are
transferred in plain text over the network, so anyone with a sniffer could
intercept the SOAP message and read it. In my opinion this could happen also
to binary data, but probably it requires a little bit more hacker skills. So
a solution is to use HTTPS (SSL) instead of HTTP, so the communication is
encrypted. To accomplish this, you need to get and install a certificate
(issued by a Certificate Authority) on your webserver. In a production
environment you would buy a certificate from Verisign or another well known
CA, or you would install your own CA, which is a component of Windows
Server. If you only want to play with HTTPS, SSL and certificates or your
project is in the development phase, you can also generate a test
certificate using the MakeCert.exe tool (included in the .NET Framework
SDK). After that you have to add this certificate to a website in IIS, and
set a port which HTTPS should use.

When you browse to a HTTPS site, you probably get a dialog window asking you
if you want to trust the certificate provided by the webserver. So the
responsibility of accepting the certificate is handled by the user. Let's
get back to the webservice scenario, if you want to invoke a webservice
located on a webserver which uses SSL and HTTPS there is a problem. When you
make the call from code, there is no dialog window popping up, and asking if
you trust the certificate (luckily because this would be pretty ugly in
server-side scenarios); probably you'll get following exception:
An unhandled exception of type 'System.Net.Web Exception' occurred in
system.dll

Additional information: The underlying connection was closed: Could not
establish trust relationship with remote server.

But there is a solution for this problem, you can solve this in your code by
creating your own CertificatePoli cy class (which implements the
ICertificatePol icy interface). In this class you will have to write your own
CheckValidation Result function that has to return true or false, like you
would press yes or no in the dialog window. For development purposes I've
created the following class which accepts all certificates, so you won't get
the nasty WebException anymore:
public class TrustAllCertifi catePolicy : System.Net.ICer tificatePolicy
{
public TrustAllCertifi catePolicy()
{}

public bool CheckValidation Result(ServiceP oint sp,
X509Certificate cert,WebRequest req, int problem)
{
return true;
}
}

As you can see the CheckValidation Result function always returns true, so
all certificates will be trusted. If you want to make this class a little
bit more secure, you can add additional checks using the X509Certificate
parameter for example. To use this CertificatePoli cy, you'll have to tell
the ServicePointMan ager to use it:
System.Net.Serv icePointManager .CertificatePol icy = new
TrustAllCertifi catePolicy();
This must be done (one time during the application life cycle) before making
the call to your webservice.


--
Greetz,
Jan
_______________ _______________ ____
Read my weblog: http://weblogs.asp.net/jan

"Ashutosh Bhalerao" <ashubhalerao@y ahoo.com> schreef in bericht
news:b02e5e9e.0 312050753.5eceb 3c9@posting.goo gle.com...[color=blue]
> Hi all,
>
> I am trying to write a VB.Net application which communicates over SSL
> with an IIS server. I have got a temporary certificate from Verisign
> and installed it on IIS.
>
> I am using HttpWebRequest to send the request across. I get an
> exception "Could not establish trust relationship with remote server."
> Can anyone guide me as how I can complete this request and get a
> response? Do I need to do something to accept all certificates which
> come from this server and get on with the application? How do I
> accept a certificate that comes to a plain VB.Net application like one
> normally does in IE ?
>
> Any help will be greatly appreciated.
>
> Thanks and Regards
> Ashu[/color]