Re: Getting 403 Forbidden error. Client Cert didn't sent
Hello Abel,
maybe this helps:
http://www.leastprivilege.com/IIS6AndClientCertificates.aspx
---------------------------------------
Dominick Baier - DevelopMentor
http://www.leastprivilege.com
Hi there,
I am getting the 403 Forbidden error when I ran the following code,
which is a very simple Windows application. BTW, I find couple
similar problems posted under dotnet.framework.asp.net.security so I
post this question here.
What I tried to do is to attach a client certificate and post an XML
document to a remote web site which enforces SSL and requires client
certificate.
The client machine has a certificate installed under Certificates
(Local Computer) | Personal | Certificates. I have installed a valid
Thawte certificate and I also generated one using SelfSSL. They both
give me the same error message.
I also tried hitting the remote web site directly from IE. I got a
pop up window with "Choose a digital certificate" title. However, I
don't see any certificate listed under the list. Why? I can see both
SelfSSL generated and the official Thawte certificate. I got a little
bit confused. Is my problem related to my code or certificate
security/setup issue? Could you please help?
Thanks.
Abel Chan
-----------------------
Code extracted
------------------------
Imports System.Xml
Imports System.IO
Imports Microsoft.VisualBasic
Imports System.Diagnostics
Imports System.Net
Imports System.Security.Cryptography.X509Certificates
Public Class Form1
Inherits System.Windows.Forms.Form
Private Sub Button1_Click(ByVal sender As System.Object, ByVal e
As
System.EventArgs) Handles Button1.Click
Dim oWebRequest As Net.HttpWebRequest
Dim oIOStream As System.IO.Stream
Dim oWebResponse As Net.HttpWebResponse
Dim oReader As System.IO.StreamReader
Dim oResponseStream As System.IO.Stream
Dim strData As String
Dim docXMLDoc As New XmlDocument
Dim txtResponse As String
Dim strException As String = ""
Dim myURL As String =
"https://[mywebsite]/[mydir]/[myurl.asp]";
Dim ServerTimeOut As Integer = 60000
Try
Dim Cert As X509Certificate =
X509Certificate.CreateFromCertFile("c:\[Path containing my
cer]\mycer.cer")
'Create TrustAllCertificatePolicy class which will return
TRUE
on all SSL web request.
System.Net.ServicePointManager.CertificatePolicy = New
TrustAllCertificatePolicy
'Load soap envelope
strData = "<MyTestXML>Hi</MyTestXML>"
'Setup request URL
oWebRequest = Net.WebRequest.Create(myURL)
oWebRequest.ClientCertificates.Add(Cert)
'Setup request parameter
oWebRequest.ContentType = "text/xml"
oWebRequest.Method = "POST"
oWebRequest.ContentLength = strData.Length
oWebRequest.KeepAlive = True
oWebRequest.Timeout = ServerTimeOut
'Wrtie to stream
Dim arrData As Byte() =
System.Text.Encoding.ASCII.GetBytes(strData)
oIOStream = oWebRequest.GetRequestStream()
oIOStream.Write(arrData, 0, strData.Length)
oIOStream.Flush()
'Get the response from web address
oWebResponse = oWebRequest.GetResponse()
If (oWebResponse.StatusCode() <> Net.HttpStatusCode.OK)
Then
txtResponse = ""
strException = oWebResponse.StatusDescription()
GoTo exitfcuntion
End If
'Get response stream
oResponseStream = oWebResponse.GetResponseStream()
Catch ex As WebException 'Exception
strException = "Message: " + ex.Message() + " Source: " +
ex.Source()
MsgBox(strException)
Finally
'Close resource
If (False = (oIOStream Is Nothing)) Then oIOStream.Close()
If (False = (oWebResponse Is Nothing)) Then
oWebResponse.Close()
End Try
exitfcuntion:
End Sub
End Class
Public Class TrustAllCertificatePolicy
Implements System.Net.ICertificatePolicy
Public Function CheckValidationResult(ByVal srvPoint As _
System.Net.ServicePoint, ByVal certificate As _
System.Security.Cryptography.X509Certificates.X509Certificate,
ByVal _
request As System.Net.WebRequest, ByVal certificateProblem As
Integer) _
As Boolean Implements
System.Net.ICertificatePolicy.CheckValidationResult
Dim myname As String = certificate.GetName
Return True
End Function
End Class
.
