Re: Validating client cert from request
From: Curtis Justus (cjustus-nospam_at_ser.nospam.itis.com)
Date: 06/10/04
- Next message: Curtis Justus: "Valid Certificate Authority"
- Previous message: DotNetJunkies User: "Re: Problem using HttpWebRequest/HttpWebResponse with HTTPS"
- In reply to: Joe Kaplan \(MVP - ADSI\): "Re: Validating client cert from request"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 10 Jun 2004 09:13:53 -0500
Joe,
Thanks for the link. It pointed me where I needed to go.
Take care,
cj
"Joe Kaplan (MVP - ADSI)" <joseph.e.kaplan@removethis.accenture.com> wrote
in message news:%23pKAKRqTEHA.1244@TK2MSFTNGP10.phx.gbl...
> Actually, if they want you to verify their certificate, that would be the
> server certificate, not the client certificate. The client certificate
> would be the cert you provide BEFORE you connect that they would validate
on
> their end (if they want that).
>
> Luckily, you may not need to do much to validate the server certificate at
> all as .NET is notoriously picky about SSL server cert problems and will
> generally throw an exception if there is anything wrong with the server
cert
> (such as expired, untrusted, invalid, doesn't match host name, etc.).
>
> You can get some more control over this behavior by creating a class that
> implements System.Net.ICertificatePolicy and adding that to the
> ServicePointManager.CertificatePolicy property.
> ICertificatePolicy::CheckValidationResult will give you a copy of the
> certificate, the request and an integer value indicating the cert problem
> that you can inspect. You can return true or false based on those
results.
> There is a sample in the SDK docs here:
>
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/cpref/html/frlrfSystemNetICertificatePolicyClassTopic.asp?frame=true
>
> Joe K.
>
> "Curtis Justus" <sure@you.wont.spam.me.org> wrote in message
> news:%23DN3pUmTEHA.2544@TK2MSFTNGP10.phx.gbl...
> > Hello,
> >
> > I didn't know where else to post this. If this isn't the right group,
> could
> > somebody point me in the right direction?
> >
> > We are using the HttpWebRequest object within a winform app to connect
to
> a
> > vendor. This vendor requires us to perform some validation on the
client
> > certificate from their server. This is supposed to authenticate that it
> is
> > coming from the correct server and isn't being spoofed.
> >
> > How can I accomplish this? After making a request to their site
> > (https://...), the .ClientCertificates collection of the HttpWebRequest
> > object does not have anything in the collection?
> >
> > Does anybody have any thoughts?
> >
> > Thanks,
> > cj
> >
> >
>
>
- Next message: Curtis Justus: "Valid Certificate Authority"
- Previous message: DotNetJunkies User: "Re: Problem using HttpWebRequest/HttpWebResponse with HTTPS"
- In reply to: Joe Kaplan \(MVP - ADSI\): "Re: Validating client cert from request"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
