Thursday, December 4, 2003 10:51 AM Jan Tielens

Consuming Webservices over HTTPS (SSL)

When Webservices are used, a common concern is security: SOAP messages are transferred in plain text over the network, so anyone with a sniffer could intercept the SOAP message and read it. In my opinion this could happen also to binary data, but probably it requires a little bit more hacker skills. So a solution is to use HTTPS (SSL) instead of HTTP, so the communication is encrypted. To accomplish this, you need to get and install a certificate (issued by a Certificate Authority) on your webserver. In a production environment you would buy a certificate from Verisign or another well known CA, or you would install your own CA, which is a component of Windows Server. If you only want to play with HTTPS, SSL and certificates or your project is in the development phase, you can also generate a test certificate using the MakeCert.exe tool (included in the .NET Framework SDK). After that you have to add this certificate to a website in IIS, and set a port which HTTPS should use.

When you browse to a HTTPS site, you probably get a dialog window asking you if you want to trust the certificate provided by the webserver. So the responsibility of accepting the certificate is handled by the user. Let's get back to the webservice scenario, if you want to invoke a webservice located on a webserver which uses SSL and HTTPS there is a problem. When you make the call from code, there is no dialog window popping up, and asking if you trust the certificate (luckily because this would be pretty ugly in server-side scenarios); probably you'll get following exception:
An unhandled exception of type 'System.Net.WebException' occurred in system.dll

Additional information: The underlying connection was closed: Could not establish trust relationship with remote server.

But there is a solution for this problem, you can solve this in your code by creating your own CertificatePolicy class (which implements the ICertificatePolicy interface). In this class you will have to write your own CheckValidationResult function that has to return true or false, like you would press yes or no in the dialog window. For development purposes I've created the following class which accepts all certificates, so you won't get the nasty WebException anymore:
public class TrustAllCertificatePolicy : System.Net.ICertificatePolicy
{
 public TrustAllCertificatePolicy()
 {}

 public bool CheckValidationResult(ServicePoint sp,
  X509Certificate cert,WebRequest req, int problem)
 {
  return true;
 }
}

As you can see the CheckValidationResult function always returns true, so all certificates will be trusted. If you want to make this class a little bit more secure, you can add additional checks using the X509Certificate parameter for example. To use this CertificatePolicy, you'll have to tell the ServicePointManager to use it:
System.Net.ServicePointManager.CertificatePolicy = new TrustAllCertificatePolicy();
This must be done (one time during the application life cycle) before making the call to your webservice.

Comments

# re: Consuming Webservices over HTTPS (SSL)

Monday, December 8, 2003 3:19 PM by Eran

can you give mo details

# re: Consuming Webservices over HTTPS (SSL)

Tuesday, December 9, 2003 4:03 PM by Jan

What kind of details are you looking for??

# re: Consuming Webservices over HTTPS (SSL)

Wednesday, December 10, 2003 11:20 AM by cristina

Sorry, but I try your solution and it doesn´t work.

Do you know what can be happening?

My code is:
public __gc class MyCertificateValidation : public ICertificatePolicy
{
public:

bool CheckValidationResult(ServicePoint* , X509Certificate* ,
WebRequest* request, int problem)
{
return true;
};
};


System::Net::ServicePointManager::CertificatePolicy = new MyCertificateValidation();

HttpWebRequest* wrq = static_cast<HttpWebRequest*> (WebRequest::Create(url));

HttpWebResponse* hwr = static_cast<HttpWebResponse*>(wrq->GetResponse());
Stream* strm = hwr->GetResponseStream();
FileStream* fs = new FileStream(fpath,FileMode::Create,FileAccess::Write);
BinaryWriter* br = new BinaryWriter(fs);
int b;
while((b=strm->ReadByte()) != -1)
{
br->Write(Convert::ToByte(b));
}
br->Close();
strm->Close();

# re: Consuming Webservices over HTTPS (SSL)

Sunday, December 14, 2003 8:17 AM by John



Hi,

Your blog contains good info. Keep it up.

# re: Consuming Webservices over HTTPS (SSL)

Monday, January 5, 2004 10:43 AM by kinsley

I've been trying to use the webservices over SSL and have also been having problems. I only get a problem when I do an iisreset and don't use the webservice straight away. If I start up another site (or if another site gets used before the webservice is called) then the webservice fails with either a proxy authentication error 407 (behind proxy on the development machine) or a "Could not establish secure channel for SSL/TLS" on the external server.
I'm using .net 1.0 sp2 with C# and I have an internal webservice calling an external webservice over SSL. The webservice works fine for the most part but it obviously a problem if it happens at all. And I've also tried creating a test certificate and getting the same error with that. Many thanks

# re: Consuming Webservices over HTTPS (SSL)

Tuesday, January 6, 2004 11:22 AM by Jan Tielens

Mmm, I don't know what could be the problem... I suggest you post your question in the IIS or ASP.NET newsgroup.

# re: Consuming Webservices over HTTPS (SSL)

Thursday, January 15, 2004 10:11 AM by Brad

I have been getting a "Could not establish secure channel for SSL/TLS" error, as well. The interesting thing is that it only happens on an XP machine running the client app. I install and run the same web service client on my 2000 Pro machine with no problem. The web service is hosted on a 2000/IIS5 machine.

We are using a proxy server but both machines access the same one.

Has anyone found a solution to this? Thanks.

# re: Consuming Webservices over HTTPS (SSL)

Friday, January 16, 2004 5:09 PM by bob

I used this with a WebClient that wasn't accepting a certificate and it worked fine. Great blog!!!

# re: Consuming Webservices over HTTPS (SSL)

Tuesday, February 3, 2004 1:02 PM by Josh

Do you have this code in VB somewhere? We're using VB.Net for our ASP.Net pages and I can't get a decent conversion for this

# re: Consuming Webservices over HTTPS (SSL)

Thursday, February 19, 2004 6:42 PM by Mark

This post was very helpful! Thanks!

# re: Consuming Webservices over HTTPS (SSL)

Saturday, February 28, 2004 3:17 PM by Jan

Larry, yes my solution is for .NET. I don't know how to accomplish this in VB6...

# re: Consuming Webservices over HTTPS (SSL)

Monday, March 1, 2004 12:59 PM by Andrea

I am developing a client that consumes a webservice over https.
The web server is set up to require client certificate.
how should I select the client certificate and provide it to the webservice
?

Thanks
Andrea

# re: Consuming Webservices over HTTPS (SSL)

Tuesday, March 2, 2004 1:33 AM by Jan

You can use the ClientCertificates.Add method of the proxy class.

# re: Consuming Webservices over HTTPS (SSL)

Sunday, March 14, 2004 5:57 AM by qqq

Very good! solved my problem

# re: Consuming Webservices over HTTPS (SSL)

Thursday, March 18, 2004 5:19 PM by Niels

Yes, works like a charm! For that one webservice that you want secured but no want to pay $400 dollar for every year.

Like a charm! Thanks!

# re: Consuming Webservices over HTTPS (SSL)

Saturday, March 27, 2004 9:46 PM by Milton

With C# this work beatifull, but i need something like this in FoxPro 8, some body can help me??

# re: Consuming Webservices over HTTPS (SSL)

Friday, April 9, 2004 3:20 PM by Rico

Well anyone out their interested in a consulting job because we could sure use some help with the webservices client we have to design.

This is what I need. A form that consumes a .NET Webservice. Let me explain: We have a page with Wireless Service Providers, once an agent selects a Service Provider it will take them to another page that displays the PINs denomination choices. Once the agent chooses what PIN denomination the customer wants, it calls the webservice using the PG_GetPin procedure to request a single PIN by product SKU, the system will reply with a PIN on a confirmation page and our SQL Server 'CCS_Wireless' table is updated. The company has provided the guidelines for developing the project but I don't have a clue where to start.

Can anyone help? Supposedly, it is simple but when you have no experience it doesn't look that simple. Please email me at ceo@sc.rr.com.

Thanks for any assistance.

# re: Consuming Webservices over HTTPS (SSL)

Thursday, April 22, 2004 3:30 PM by Max

Does anyone have the solution for the C++.
pSoapClient->MSSoapInit2(
_variant_t(g_bsWSDLFile),
_T(""),
g_bsSoapService,
g_bsSoapPort,
g_bsSoapNamespace);

this call fails when g_bsWSDLFile is "https://.../.../x.jws?wsdl"

its successful when g_bsWSDLFile is "http://.../.../a.jws?wsdl"

I tried to use the ConnectorProperty of "UseSSL" but that's possible only after my initialization succeeds.

Any help is greatly appreciated. Thanks

# re: Consuming Webservices over HTTPS (SSL)

Friday, April 30, 2004 11:15 AM by Ian

We just started getting this problem talking to a partners webservice.

We had a problem with our own webservice with keep-alives - where load balancers would interfere with the keepalive and hose the connection.

Could this be another form of the keepalive problem?

# re: Consuming Webservices over HTTPS (SSL)

Monday, May 10, 2004 9:44 AM by Thore

Hi all!

I'd like to solve exactly the same problem. But whatever I try it doesn't work.

I am trying to read a webpage using the HttpWebRequest methods. When the URL is not secured (http://) it works fine, using the HTTPS protocol I get the

"The underlying connection was closed: Could not establish trust relationship with remote server."

error.

I implemented the class TrustAllCertificatePolicy like shown here. But also this did not help... Is there anyone with another idea?



# re: Consuming Webservices over HTTPS (SSL)

Friday, May 14, 2004 10:17 AM by Dan

I have a problem when trying to using:

xmlhttp.setRequestHeader( "Content-Type", "application/x-www-form-urlencoded" );

If I try to attach a french character ie ç. The server can't seem to understand it.

Please Help!

# re: Consuming Webservices over HTTPS (SSL)

Tuesday, June 1, 2004 10:45 AM by Laurent

The web server is set up to require client certificate.
How should I select the client certificate and provide it to the webservice ?

With C# ou VB.NET this work beatifull, but i need something like this in FoxPro 6 or 8 or VB6 , some body can help me please??

# re: Consuming Webservices over HTTPS (SSL)

Wednesday, June 2, 2004 4:23 PM by Manish

To: Jan (the blog owner)

Thanks a ton!!!

Your solution saved my a**!
For the last 2 days, I have been banging my head against the wall and my problem was "exactly" the same as the post attempts to solve. This was a perfect, natural fit for my problem.

As soon as I implemented the ICertificatePolicy interface and used the ServicePointManager class, the certificate issue went away. None of this is easy to glean from the MSDN documentation.

I am sure that even a couple years from now, there will be folks who will find this info. useful.

Thanks again.

# Consuming , adding webreference to Webservices over HTTPS (SSL)

Thursday, June 10, 2004 1:10 AM by Ramki

I could not all a web reference using Visual Studio.NET to a webservice running in SSL. Iam getting an error stating
"The proxy settings on this computer are not configured correctly for web discovery. Click the Help button for more information."

Can someone tell me the steps for adding webreference a Webservice running in SSL.

# re: Consuming Webservices over HTTPS (SSL)

Tuesday, June 22, 2004 10:26 AM by stewart bourke

I have added the following class to my code for consuming a webservice (I added it to the form1.cs). I
want to be able to accept all certificates for testing etc..

public class TrustAllCertificatePolicy : System.Net.ICertificatePolicy
{
public TrustAllCertificatePolicy()
{}

public bool CheckValidationResult(ServicePoint sp,
X509Certificate cert,WebRequest req, int problem)
{
return true;
}
}

However, when I try to build the application, I get the build error:

'TrustAllCertificatePolicy' does not implement interface member
'System.Net.ICertificatePolicy.CheckValidationResult(System.Net.ServicePoint
, System.Security.Cryptography.X509Certificates.X509Certificate,
System.Net.WebRequest, int)'

# re: Consuming Webservices over HTTPS (SSL)

Monday, July 12, 2004 10:59 PM by Jerry Shea

thanks very much for the tip, Jan

# re: Consuming Webservices over HTTPS (SSL)

Tuesday, July 13, 2004 1:27 PM by Patricio

Hello everybody

i have the following code to access an application via https:

---------------------------------------------
System.Net.ServicePointManager.CertificatePolicy = new TrustAllCertificatePolicy();

httpWebRequest = (HttpWebRequest)WebRequest.Create(url);

X509Certificate cer = X509Certificate.CreateFromCertFile(@"c:\CertificadoCliente.cer");

httpWebRequest.ClientCertificates.Add(cer);
httpWebRequest.Method = "POST";
httpWebRequest.ContentLength = stringPost.Length;

streamWriter = new StreamWriter(httpWebRequest.GetRequestStream());

streamWriter.Write(stringPost);
streamWriter.Close();

HttpWebResponse httpWebResponse = (HttpWebResponse)httpWebRequest.GetResponse();
StreamReader streamReader = new StreamReader(httpWebResponse.GetResponseStream());
respuesta = streamReader.ReadToEnd();
streamReader.Close();
---------------------------------------------

Although the connection is created (i think the certificates are correctly installed), i got an exception when i try to close the streamWriter:

"Cannot access a disposed object named \"System.Net.TlsStream\"."

As you can see i have created the TrustAllCertificatePolicy class, but i still get that exception. Could anyone help me?

Thanks in advance. Patricio.

# re: Consuming Webservices over HTTPS (SSL)

Tuesday, July 13, 2004 7:16 PM by .Net Newb

Very helpful. Thanks so much!

# re: Consuming Webservices over HTTPS (SSL)

Thursday, July 15, 2004 5:50 AM by Patricio

I have found the solution by myself, the problem was that i have the client certificate installed only for the machine account. I have also installed it for the current user and now all it´s working fine.

Thanks a lot.

Patricio

# re: Consuming Webservices over HTTPS (SSL)

Friday, August 6, 2004 2:19 PM by Asaf

Hi,

When using "System.Net.ServicePointManager.CertificatePolicy = new TrustAllCertificatePolicy();"

Is there a need to call to CheckValidationResult function? If yes where in the code? Because there is no call to this function from your example.

Does it works for SSL HTTP POST?

Thanks,
Asaf

# It does not work!

Friday, August 6, 2004 2:54 PM by Asaf

Hi,

When doing HTTP POST to SSL I a getting
Cannot access a disposed object named "System.Net.TlsStream".
Object name: "System.Net.TlsStream".

Is there a way to solve this?

Asaf

# re: Consuming Webservices over HTTPS (SSL)

Thursday, May 25, 2006 7:33 AM by Moritz

Thanks, for this information! It was very helpful!

Here's the .NET 2.0 version:

       public static bool TrustAllCertificateCallback(object sender,
           X509Certificate cert, X509Chain chain, SslPolicyErrors errors)
       {
           return true;
       }

The following line needs to be called once before the web service is accessed (for example in main or the constructor of your main object):
           ServicePointManager.ServerCertificateValidationCallback = TrustAllCertificateCallback;

# re: Consuming Webservices over HTTPS (SSL)

Monday, May 29, 2006 10:51 AM by guostong

It works in management envirorment, but how to handle it in umanagement envirorment with c++

# re: Consuming Webservices over HTTPS (SSL)

Monday, June 5, 2006 8:43 AM by shivaraj

Dear All,

Please tell me .. what should i pass for

sp,cert,req and problem in

public bool CheckValidationResult(ServicePoint sp,
X509Certificate cert,WebRequest req, int problem)

regards,

shivaraj

# re: Consuming Webservices over HTTPS (SSL)

Wednesday, June 7, 2006 4:19 PM by Ramond

hi, after "System.Net.ServicePointManager.CertificatePolicy = New MyCertificateValidation" (i am using vb.net2003), do i need to call the function CheckValidationResult()?
If yes, what are the actual parameters to pass?

I am still the error

[EntryPointNotFoundException: ?]
  System.Net.NativeNTSSPI.EnumerateSecurityPackagesW(Int32& pkgnum, IntPtr& arrayptr) +0
  System.Net.SSPISecureChannelType.EnumerateSecurityPackages(Int32& pkgnum, IntPtr& arrayptr)
  System.Net.SSPIWrapper.EnumerateSecurityPackages(SSPIInterface SecModule)
  System.Net.SSPIWrapper.GetSupportedSecurityPackages(SSPIInterface SecModule)
  System.Net.SecureChannel..cctor()

[TypeInitializationException: The type initializer for "System.Net.SecureChannel" threw an exception.]
  System.Net.SecureChannel..ctor(String hostname, X509CertificateCollection clientCertificates) +0
  System.Net.TlsStream.Handshake(ProtocolToken message)

[WebException: The underlying connection was closed: Could not establish secure channel for SSL/TLS.]
  System.Net.HttpWebRequest.CheckFinalStatus()
  System.Net.HttpWebRequest.EndGetRequestStream(IAsyncResult asyncResult)
  System.Net.HttpWebRequest.GetRequestStream()
  System.Web.Services.Protocols.SoapHttpClientProtocol.Invoke(String methodName, Object[] parameters)
  TP.CisMis.Opal.Web.ProvideLetterProxy.ProvideLetter.MyInitialize(String a, String b, String c, String d, String e) in C:\_MyDocs\Opal\OpalSoln\Web\Web References\ProvideLetterProxy\Reference.vb:83
  TP.CisMis.Opal.Web.Login.btnSignIn_Click(Object sender, EventArgs e) in C:\_MyDocs\Opal\OpalSoln\Web\Login.aspx.vb:114
  System.Web.UI.WebControls.Button.OnClick(EventArgs e)
  System.Web.UI.WebControls.Button.System.Web.UI.IPostBackEventHandler.RaisePostBackEvent(String eventArgument)
  System.Web.UI.Page.RaisePostBackEvent(IPostBackEventHandler sourceControl, String eventArgument)
  System.Web.UI.Page.RaisePostBackEvent(NameValueCollection postData)
  System.Web.UI.Page.ProcessRequestMain()

# re: Consuming Webservices over HTTPS (SSL)

Monday, June 12, 2006 9:04 AM by Rick

Thanks for a very useful post.

# re: Consuming Webservices over HTTPS (SSL)

Wednesday, June 21, 2006 5:23 AM by Jorge

Moritz, do you have any idea of how to do the same in .NET Compact Framework 2.0?
In CF 2.0 the property CertificatePolicy of ServicePointManager is obsolete, and the ServerCertificateValidationCallback is supported in .NET Framework 2.0 but not in .NET Compact Framework 2.0.

Any idea of how resolve the problem?

Thanks in advance.
Jorge.

# re: Consuming Webservices over HTTPS (SSL)

Wednesday, June 21, 2006 7:39 PM by Dave

Thank you.  Both the original version of the code in the post and the .NET 2.0 version work great.  I am supporting both .NET 2003 and .NET 2005 so I needed both.

# re: Consuming Webservices over HTTPS (SSL)

Monday, June 26, 2006 5:54 AM by Tim

Your post proved very useful.

Thanks!

# re: Consuming Webservices over HTTPS (SSL)

Tuesday, June 27, 2006 5:34 AM by Subhadip

How to call
public bool CheckValidationResult(System.Net.ServicePoint srvPoint, System.Security.Cryptography.X509Certificates.X509Certificate certificate, System.Net.WebRequest request, int certificateProblem) ?
How and what to pass as srvPoint, certificate, request, certificateProblem?
Please inform on this

# re: Consuming Webservices over HTTPS (SSL)

Tuesday, July 4, 2006 8:06 AM by dirt cheap tickets

# re: Consuming Webservices over HTTPS (SSL)

Wednesday, July 5, 2006 12:50 AM by ativan

# re: Consuming Webservices over HTTPS (SSL)

Wednesday, July 5, 2006 9:32 AM by dirt cheap tickets

# re: Consuming Webservices over HTTPS (SSL)

Thursday, July 6, 2006 12:31 PM by Andrew

Hi, I've tried this and it does seem to remove the webexception about server trust as mentioned, except I now get something new, it now returns:

System.Net.WebException: The request failed with the error message: -- <HTML><BODY>Redirecting...</BODY></HTML>

Any ideas?

# re: Consuming Webservices over HTTPS (SSL)

Friday, July 7, 2006 5:57 PM by cheap flight

# re: Consuming Webservices over HTTPS (SSL)

Friday, July 7, 2006 5:58 PM by cheap airline tickets

# re: Consuming Webservices over HTTPS (SSL)

Saturday, July 8, 2006 4:37 AM by cheap airfare

# re: Consuming Webservices over HTTPS (SSL)

Saturday, July 8, 2006 2:22 PM by dirt cheap airline tickets

# re: Consuming Webservices over HTTPS (SSL)

Saturday, July 8, 2006 2:47 PM by cheep tickets

# re: Consuming Webservices over HTTPS (SSL)

Saturday, July 8, 2006 6:17 PM by flight las vegas

# re: Consuming Webservices over HTTPS (SSL)

Saturday, July 8, 2006 6:17 PM by cheap ticket

# re: Consuming Webservices over HTTPS (SSL)

Sunday, July 9, 2006 2:35 PM by cheap tickets russia

# re: Consuming Webservices over HTTPS (SSL)

Sunday, July 9, 2006 2:36 PM by cheap airfare

# re: Consuming Webservices over HTTPS (SSL)

Monday, July 10, 2006 11:30 AM by cheap flight

# re: Consuming Webservices over HTTPS (SSL)

Tuesday, July 11, 2006 3:58 AM by handbag

<a href="http://replica-handbag.coz.in">replica">http://replica-handbag.coz.in">replica handbag</a>

[url=http://replica-handbag.coz.in]replica handbag[/url]

# re: Consuming Webservices over HTTPS (SSL)

Saturday, July 15, 2006 3:08 AM by sunglasses

# re: Consuming Webservices over HTTPS (SSL)

Wednesday, August 9, 2006 4:49 PM by RandomSolutions

For the record, this is how you do it in .Net 2.0

   Private callback As New System.Net.Security.RemoteCertificateValidationCallback(AddressOf RemoteCertificateValidationCallback)

   Private Function RemoteCertificateValidationCallback(ByVal sender As Object, ByVal cert As System.Security.Cryptography.X509Certificates.X509Certificate, ByVal chain As System.Security.Cryptography.X509Certificates.X509Chain, ByVal sslPolicyErrors As System.Net.Security.SslPolicyErrors) As Boolean

       Return True

   End Function

System.Net.ServicePointManager.ServerCertificateValidationCallback = callback

# re: Consuming Webservices over HTTPS (SSL)

Saturday, August 12, 2006 6:10 PM by Manish

Thanks that helps. Just a note that in .NET 2.0 System.Net.ServicePointManager.CertificatePolicy is obsolete and instead, you are expected to define the ServicePointManager.ServerCertificateValidationCallback callback method to do the same thing. This callback has the same signature as ICertificatePolicy.CheckValidationResult, but with the use of parameter-less anonymous methods, you can simply do the following to achieve the same result:

System.Net.ServicePointManager.ServerCertificateValidationCallback = delegate { return true; };

# re: Consuming Webservices over HTTPS (SSL)

Wednesday, August 16, 2006 10:48 PM by wangyong

This post was very helpful! Thank you very much!

# re: Consuming Webservices over HTTPS (SSL)

Thursday, August 17, 2006 8:20 AM by Rony

Hi,

I am trying to download a file from ssl protected link , with WebRequest.

I tried to use your class but the stream that i am geting is empty.

Can you tell me please if i am doing something wrong?

The Code :

ServicePointManager.CertificatePolicy = new  TrustAllCertificatePolicy();

HttpWebRequest webRequest1 = WebRequest.Create(d) as HttpWebRequest;

webRequest1.KeepAlive = true;

webRequest1.CookieContainer = cookies;

webRequest1.Accept = "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5";

webRequest1.Headers.Set("Accept-Language", "en-us,en;q=0.5");

webRequest1.Headers.Set("Accept-Encoding", "gzip,deflate");

webRequest1.Headers.Set("Accept-Charset", "ISO-8859-1,utf-8;q=0.7,*;q=0.7");

webRequest1.Headers.Set("Keep-Alive", "300");

WebResponse myResponse1 = webRequest1.GetResponse();

Stream ReceiveStream1 = myResponse1.GetResponseStream();

SaveStreamToFile(@"C:\file.csv", ReceiveStream1);

Thanks,Rony

# re: Consuming Webservices over HTTPS (SSL)

Thursday, August 17, 2006 8:32 PM by cheapflightti

# re: Consuming Webservices over HTTPS (SSL)

Friday, September 8, 2006 10:29 AM by wolftooth

Thanks very much ! 非常感谢!

# re: Consuming Webservices over HTTPS (SSL)

Wednesday, September 27, 2006 4:53 PM by Kwang

works great. Thanks~

# re: Consuming Webservices over HTTPS (SSL)

Thursday, September 28, 2006 6:37 AM by Mahesh Sase

Hey, Great work man...

I just copied it and it worked !

# re: Consuming Webservices over HTTPS (SSL)

Monday, October 16, 2006 9:31 AM by uschi

works great ... thanks 4 solving that problem

# re: Consuming Webservices over HTTPS (SSL)

Thursday, November 9, 2006 8:27 PM by John

Manish was right.   A few years later and this blog post is still helping.

Thanks Jan.  It really did work.

And besides, you can do you're own code inside of the CheckValidationResult method, instead of simply returning 'True'.

# re: Consuming Webservices over HTTPS (SSL)

Friday, November 10, 2006 8:58 AM by burrist

The posted code works great, my question is about selecting the ClientCertificate that should be put into the request.  I have a windows application that uses many Web Services that use SSL. Is there a way i can make the Internet Explorer Certificate selection box popup so the user can choose the certificate they want to use?  I wrote my own dialog box which shows all the certificates in the user's Personal store, and they can choose which one to use from that.  The problem with my own dialog box is that, unlike IE, I don't know how to filter out which certificates are not valid based on the certificate the server is using.  So my dialog box might have 4 Certificates listed in it, but only 2 will work for the server.  I don't know what logic IE uses to eliminate the others.  I would have thought that the server Cert and the client cert would have to have identical CA's but that does not appear to be the case.  So I either need the logic that should be used, or more preferably, i'd like to show the dialog box that IE shows so that they can select their cert from there. can you help?

# re: Consuming Webservices over HTTPS (SSL)

Monday, January 8, 2007 12:34 AM by Rick Knight

Thanks heaps, - just what I was looking for :)

# re: Consuming Webservices over HTTPS (SSL)

Thursday, January 25, 2007 11:55 AM by Michael Knudsen

1000 Thanks. This was just what I was searching for

# re: Consuming Webservices over HTTPS (SSL)

Thursday, February 1, 2007 2:54 PM by Rizwan Merchant.

Thanks a lot. This was a good solution to the problems we faced.

# re: Consuming Webservices over HTTPS (SSL)

Wednesday, February 7, 2007 6:13 AM by Lifesaver

This certificatePolicy overriding was such a lifesaver here at the corp. Thanks a zillion!

Jorge Silva,

PG Stream.

# re: Consuming Webservices over HTTPS (SSL)

Tuesday, February 13, 2007 5:16 PM by aku@zenona.net

Happy bear wanna fear

# re: Consuming Webservices over HTTPS (SSL)

Thursday, February 22, 2007 3:13 PM by Gardner Roe

Implemented this with no problems... Thanks!  

I encountered this problem when working with a 3rd party dev environment and conditionally set the certificate policy based on the #if DEBUG directive so I wouldn't have to worry about it when moving to production.

I appreciate the tip!

- g  

# re: Consuming Webservices over HTTPS (SSL)

Friday, February 23, 2007 8:48 AM by Virendra Jhala

Hi,

I am facing a problem with SSL on my website. My solution is divided in three part. 1. One web application and 2. Two Web Services(Business and Data web services).

Webapplication is hosted on one machine and two web services are hosted on another machine.

I installed the certificate on the Web Application machine only.

When I am browsing my website I am getting follwing exception in my log file but my pages are displayed properly without any problem.

"the underlying connection was closed. could not establish trust relationship for the SLL/TLS secure channel"

Can anyone help me?

Regards,

Virendra Jhala

# re: Consuming Webservices over HTTPS (SSL)

Sunday, February 25, 2007 8:09 PM by ow@newyear.com

Brunettes vs blondies, who is more clever?

# re: Consuming Webservices over HTTPS (SSL)

Monday, February 26, 2007 10:18 PM by Reno

Hi,

I am trying to create a class (which accepts all certs) like so in VB.NET:

Public Class CertificatePolicy

   Implements System.Net.ICertificatePolicy

   Public Sub New()

   End Sub

   Public Function CheckValidationResult(ByVal sp As System.Net.ServicePoint, ByVal cert As System.Security.Cryptography.X509Certificates.X509Certificate, ByVal req As System.Net.WebRequest, ByVal problem As Integer) As Boolean

       Return True

   End Function

End Class

I am getting a compile time error:

Class 'CertificatePolicy' must implement 'Function CheckValidationResult(srvPoint As ServicePoint, certificate As Security.Cryptography.X509Certificates.X509Certificate, request As WebRequest, certificateProblem As Integer) As Boolean' for interface 'System.Net.ICertificatePolicy'.

If anyone has any idea please let me know,

Cheers.

# re: Consuming Webservices over HTTPS (SSL)

Monday, March 5, 2007 9:23 PM by Jas

Reno :

Try changing the Class name to something like MyCertificateValidation instead of CertificatePolicy

Hopefully that will fix it.

# re: Consuming Webservices over HTTPS (SSL)

Tuesday, March 6, 2007 2:56 AM by ...

luogo interessante, soddisfare interessante, buon!

# re: Consuming Webservices over HTTPS (SSL)

Saturday, March 10, 2007 11:49 PM by ...

Luogo molto buon:) Buona fortuna!

# re: Consuming Webservices over HTTPS (SSL)

Wednesday, April 25, 2007 6:44 AM by Hi Sam! Photos i send on e-mail. Green,Green

Hi Sam! Photos i send on e-mail.

Green,Hi Sam! Photos i send on e-mail.

Green

# re: Consuming Webservices over HTTPS (SSL)

Wednesday, April 25, 2007 5:04 PM by Ruth

Hi there, i have a problem a have to consume a webservice located on a webserver which uses SSL and HTTPS and I do not what to do, please could you help me!

# re: Consuming Webservices over HTTPS (SSL)

Wednesday, July 18, 2007 8:06 AM by Aaron Forman

should look like this in VB:

Public Class MyCertificateValidation

   Implements ICertificatePolicy

   ' Default policy for certificate validation.

   Public Shared DefaultValidate As Boolean = False

   Public Function CheckValidationResult(ByVal srvPoint As ServicePoint, _

   ByVal cert As X509Certificate, ByVal request As WebRequest, ByVal problem As Integer) _

      As Boolean Implements ICertificatePolicy.CheckValidationResult

       Return True

   End Function

End Class

then to make the call:

       ServicePointManager.CertificatePolicy = New MyCertificateValidation

# re: Consuming Webservices over HTTPS (SSL)

Friday, July 20, 2007 4:48 PM by Harvey

Very interisting thead, but I have an additional problem, I want to call a web service (over HTTPS) from a UserControl from within IE. In this case the following call  fails :

       System.Net.ServicePointManager.ServerCertificateValidationCallback = RemoteCertificateValidationCallback;

I get a :

+ ex {"Request for the permission of type 'System.Security.Permissions.SecurityPermission, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089' failed."} System.Exception {System.Security.SecurityException}

Does someone have an idea ?

# re: Consuming Webservices over HTTPS (SSL)

Monday, August 20, 2007 11:58 PM by Denny

The code doesn't look right.

Here's how the callback stuff works in VB --

   Private Function AcceptAllCerts( _

   ByVal sender As Object, _

   ByVal cert As Security.Cryptography.X509Certificates.X509Certificate, _

   ByVal chain As Security.Cryptography.X509Certificates.X509Chain, _

   ByVal SslPolicyErrors As System.Net.Security.SslPolicyErrors) As Boolean

       Return True

   End Function

Elsewhere in the code...

System.Net.ServicePointManager.ServerCertificateValidationCallback = New System.Net.Security.RemoteCertificateValidationCallback(AddressOf AcceptAllCerts)

# re: Consuming Webservices over HTTPS (SSL)

Saturday, August 25, 2007 3:00 AM by Aguilar

I have developed a web service that call another web service which need a SSL connection.

I use the wizard in Visual Studio 2006

Therefore I pass, to be able to connect, I pass credential and certificate

All ok.

I see the functions of the called webservice, but the error that I get is:

The request was aborted: Could not create SSL/TLS secure channel.

How I can resolve the problem?

Tanks

# re: Consuming Webservices over HTTPS (SSL)

Tuesday, September 11, 2007 7:45 AM by Nouman Khalid

it worked beautifully. keep it up. good info.

# re: Consuming Webservices over HTTPS (SSL)

Friday, September 21, 2007 1:32 PM by Robert

High Five to you.

Thanks - this saved a lot of troubleshooting time for me!

# re: Consuming Webservices over HTTPS (SSL)

Wednesday, October 3, 2007 12:13 AM by mehdi

Thanks! Great Forum!!!

# re: Consuming Webservices over HTTPS (SSL)

Tuesday, October 16, 2007 10:40 AM by Thank you a lot!

Thanks a lot, this forum is very helpful!

# re: Consuming Webservices over HTTPS (SSL)

Thursday, October 25, 2007 11:34 AM by JasonN

Exactly what we were looking for! Thanks!

# re: Consuming Webservices over HTTPS (SSL)

Sunday, November 4, 2007 12:31 PM by SKK

System.Net.ServicePointManager.ServerCertificateValidationCallback = delegate { return true; };

Just add this string to your code and you wiill not need to redefine CertificatePolicy class ...

# re: Consuming Webservices over HTTPS (SSL)

Monday, November 19, 2007 10:48 AM by Nishant

Hi,

    I face a problem while adding web reference to a web service  hosted on a secure server ( https:// ).

    When I try to add reference from this URL i get a error which reads as follows:-

Unable to download following files.

https://.................?wsdl

Do you want to skip these files and continue?

If I continue with it then the reference is added but the wsdl and the reference.cs which get added automatically are not available.

Those are the ones which I need to modify and put the soap authentication code in.

I have to put something generic because I work on local machine but my code will be put on some other machine for execution so local changes won't solve my problem.

Can anyone help please?

# re: Consuming Webservices over HTTPS (SSL)

Thursday, November 29, 2007 9:18 PM by Hugely Grateful

Moritz's solution seems to be working.

Thank you all for pitching solutions to this!

# re: Consuming Webservices over HTTPS (SSL)

Friday, December 7, 2007 7:07 AM by Zahir Khan

WOW....... This one is perfect.... I got my problem resolved.... The biggest thing is this was the first webservice of my life and I put it on SSL with the help of this :)

Damn good man :)

# re: Consuming Webservices over HTTPS (SSL)

Friday, December 7, 2007 1:52 PM by Brian

OK, I've implemented the callback delegate which is supposed to validate the certificate (and seemingly does for many here)

ServicePointManager.ServerCertificateValidationCallback += delegate(object sender, X509Certificate certificate, X509Chain chain, SslPolicyErrors sslPolicyErrors)

{return true;};

Problem is, the callback is never invoked. And the end result is the same "The ServicePointManager does not support proxies of https scheme"

Any ideas?

# re: Consuming Webservices over HTTPS (SSL)

Wednesday, December 12, 2007 10:57 AM by Jason

Great tip! I have a very controlled setup and I know the SSL site I'm downloading from is always trustable, and certificates suddenly became an issue. This nicely fixed that, thanks!