Anatoly Lubarsky Logo
programming, design, integration, games, music

Webservice(s) via HTTPS - Trust Relationship Using ICertificatePolicy

If you ever tried to consume a web resource progrmmatically via SSL/HTTPS it is possible that you would get the following error:


"The underlying connection was closed: Could not establish trust relationship with remote server."


The problem is that your application does not accept certificates that the remote service sends in order to establish connection. If you browse the web via HTTPS (SSL), sometimes you could see that annoying HTTPS confirmation dialog. When you don't browse it manually but try to establish the connection programmatically - you just have to simulate that dialog.


All credit for the solution goes to Jan Tielens. System.Net namespace in .NET Framework provides ICertificatePolicy interface with a single method called CheckValidationResult, so we can decide whether we trust the certificate or not by overloading this method. The most simple implementation would be the following "acceptall" class:


public class TrustAllCertificatePolicy : System.Net.ICertificatePolicy
{
    public TrustAllCertificatePolicy() {}
    public bool CheckValidationResult(ServicePoint sp, 
        X509Certificate cert,
        WebRequest req, 
        int problem)
    {
        return true;
    }
}

So before establishing HTTPS connection (either via WebRequest, WebServices or other) to remote server just call:


System.Net.ServicePointManager.CertificatePolicy = new TrustAllCertificatePolicy();

Enjoy


Related Posts:

Saturday, May 01, 2004 2:49 AM

Comments

# re: HowTo: WebServices via HTTPS
so we can decide whether we trust the certificate or not. what should i do to trust only the specified client.

can u mail me at niki_kadu@yahoo.co.in

8/17/2004 5:24 PM by Nikhil Kadu

# re: HowTo: WebServices via HTTPS
Hi,

I got lots of mails asking me about "WebServices via HTTPS". So here is my approach in brief.

1.Create a class inherited from ICertificatePolicy class.
2.Implement the function 'CheckValidationResult'
3.Check if 'certificate.GetIssuerName()' is the one u want to trust
Have a look at the code below:-

public class myclass : ICertificatePolicy
{
public myclass () {}

// Default value for certificate validation.
public static bool DefaultValidate = false;
public bool CheckValidationResult(ServicePoint srvPoint, X509Certificate certificate,WebRequest request, int certificateProblem)
{
long certProb = (long)certificateProblem;
if (certificateProblem == 0 || certProb == 0x800c010f)
{
return certificate.GetIssuerName().Equals("C=<country ID>, S=<state>, L=<location>, O=<office>, OU=<office unit>, CN=<host name>, E=email id") && request.RequestUri.Host.Equals(<host name>);

//The above string is available in control panel->IIS->Default website -> properties->Directory security->view certificate->Details -> Issuer
}
else
{
return false;
}
} // end CheckValidationResult



Regards,
Nikhil Kadu (niki_kadu@yahoo.co.in)
PICT
Pune

9/10/2004 6:41 PM by Nikhil Kadu

# re: System.Net: Consuming a WebService via HTTPS
Hi,

The above solution provided by Jan T. works great.
I moved up to VS2005 and the interface is obsoleted.

What the next way to go about this problem..?
Any hints.?

Many thanks,


IvoB

3/3/2006 6:28 PM by Ivo Bouwman

# re: System.Net: Consuming a WebService via HTTPS
Ivo: What error do you get if you do not use it ?

3/3/2006 9:02 PM by Anatoly Lubarsky

# re: System.Net: Consuming a WebService via HTTPS
Hi,

what should i pass for srvPoint,certificate,request and certificateProblem in

public bool CheckValidationResult(ServicePoint srvPoint, X509Certificate certificate,WebRequest request, int certificateProblem)


Please Tell me..

regards,

shivaraj

6/5/2006 3:16 PM by shivaraj

# re: System.Net: Consuming a WebService via HTTPS
shivaraj: Nothing, just create instance of that class...

6/5/2006 7:31 PM by Anatoly Lubarsky

Login

Subscribe via RSS

Article Categories

.Net Framework
ASP.NET Tips
C# Win32 API
HTML, CSS, Web
Javascript Tips
MSSQL Tips
System
System.Net
WebServices

Archives

(02) January, 2018
(01) June, 2013
(03) March, 2013
(02) February, 2013
(01) July, 2012
(01) April, 2012
(01) September, 2011
(01) August, 2011
(03) May, 2011
(01) December, 2010
(01) November, 2010
(01) October, 2010
(01) June, 2010
(01) May, 2010
(02) March, 2010
(01) January, 2010
(02) December, 2009
(03) September, 2009
(03) August, 2009
(09) July, 2009
(04) June, 2009
(03) May, 2009
(02) April, 2009
(03) March, 2009
(02) February, 2009
(02) January, 2009
(04) December, 2008
(04) November, 2008
(05) October, 2008
(04) September, 2008
(05) August, 2008
(04) July, 2008
(05) June, 2008
(07) May, 2008
(04) April, 2008
(03) March, 2008
(02) February, 2008
(03) January, 2008
(03) December, 2007
(05) November, 2007
(04) October, 2007
(05) September, 2007
(12) August, 2007
(11) July, 2007
(14) June, 2007
(13) May, 2007
(13) April, 2007
(10) March, 2007
(11) February, 2007
(14) January, 2007
(14) December, 2006
(12) November, 2006
(08) October, 2006
(09) September, 2006
(06) August, 2006
(08) July, 2006
(10) June, 2006
(09) May, 2006
(22) April, 2006
(25) March, 2006
(12) February, 2006
(14) January, 2006
(19) December, 2005
(17) November, 2005
(16) October, 2005
(16) September, 2005
(12) August, 2005
(14) July, 2005
(09) June, 2005
(12) May, 2005
(12) April, 2005
(20) March, 2005
(11) February, 2005
(12) January, 2005
(18) December, 2004
(13) November, 2004
(12) October, 2004
(14) September, 2004
(09) August, 2004
(23) July, 2004
(19) June, 2004
(29) May, 2004
(19) April, 2004
(16) March, 2004
(09) February, 2004
(06) January, 2004
(02) December, 2003
(01) November, 2003

Post Categories

.Net and C#
Android
Antispam
App. Development
Architecture
ASP.NET
Blogging
Deprecated Projects
Facebook Platform
Fun
Google
iOS
Javascript
Misc.
MSSQL
Music
My Games
Performance
Roller
Social Networks
Tools
Visual Studio
Web 2.0
WebServices

About Me

linkedin Profile
Recs
Who am I

My Sites

Billy Beet
x2line blogs