Pranam SARAVANAN
-----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of [email protected] Sent: 06 February 2013 5:30 PM To: [email protected] Subject: Mono-aspnet-list Digest, Vol 48, Issue 2 Send Mono-aspnet-list mailing list submissions to [email protected] To subscribe or unsubscribe via the World Wide Web, visit http://lists.ximian.com/mailman/listinfo/mono-aspnet-list or, via email, send a message with subject or body 'help' to [email protected] You can reach the person managing the list at [email protected] When replying, please edit your Subject line so it is more specific than "Re: Contents of Mono-aspnet-list digest..." Today's Topics: 1. "No application found" errors from mod_mono (Richard Birkby) 2. Re: WebRequest POST with client certificate (Stefan Kadow) ---------------------------------------------------------------------- Message: 1 Date: Tue, 5 Feb 2013 14:52:47 +0000 From: Richard Birkby <[email protected]> To: [email protected] Subject: [Mono-aspnet-list] "No application found" errors from mod_mono Message-ID: <cao+vd0gmoq6z0rm3wnjrk3fqb5vmxkfoyq63xe+flpjtd5g...@mail.gmail.com> Content-Type: text/plain; charset="iso-8859-1" Hi, I'm moving a website from a SheevaPlug appliance (Debian ARM) to a Raspberry Pi (Raspbian/Wheezy). Apache works fine, but whenever I make a request to a .aspx page, error.log gets an entry saying: [error] No application found for XXXX.aspx I believe I've configured everything in the same way as on the SheevaPlug (mod_mono_auto), but I can't get past this message. It looks like mod-mono-server4 has been started as it's in my process list, and I've also made sure the MonoServerPath is set correctly (as it seemed to default to mod-mono-server2). /tmp/mod_mono_server_global and /tmp/mod_mono_server_global_<number> both exist. Where can I look next? What other debugging options will help me drill down further? Thanks, Richard -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.ximian.com/pipermail/mono-aspnet-list/attachments/20130205/5ee 570ac/attachment-0001.html> ------------------------------ Message: 2 Date: Tue, 05 Feb 2013 17:44:28 +0100 From: Stefan Kadow <[email protected]> To: [email protected] Subject: Re: [Mono-aspnet-list] WebRequest POST with client certificate Message-ID: <[email protected]> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Now, I have a version which works with mono (2.6.7 and 2.10.8) on Linux and mono (2.10.9) on Windows, but not with .NET This time I used the SslStream-class for the HTTP-request. It is important to use a LocalCertificateSelectionCallback method, which will be called while the ssl-renegotiation! What I do not understand is the property sslStream.IsMutuallyAuthenticated, which will allways be false! The following code (HTTP "POST") runs successful on mono (Linux & Windows), but throws an excpection with .NET: static void postSslStream() { string hostname = "server.net"; byte[] contentBytes = Encoding.UTF8.GetBytes("<?xml version=\"1.0\" encoding=\"utf-8\"?><message/>"); StringBuilder headerSB = new StringBuilder(); headerSB.AppendLine("POST /mvc/contr/action HTTP/1.1"); headerSB.Append("Host: ").AppendLine(hostname); headerSB.AppendLine("Content-Type: text/xml; charset=utf-8"); headerSB.Append("Content-Length: ").Append(contentBytes.Length).AppendLine(); headerSB.AppendLine(); byte[] headerBytes = Encoding.UTF8.GetBytes(headerSB.ToString()); X509Certificate2Collection certColl = new X509Certificate2Collection(); certColl.Import("certfile.p12", string.Empty, X509KeyStorageFlags.DefaultKeySet); TcpClient client = new TcpClient(hostname, 443); try { using (SslStream sslStream = new SslStream(client.GetStream(), false, new RemoteCertificateValidationCallback(RemoteCertificateValidation), new LocalCertificateSelectionCallback(LocalCertificateSelection))) { sslStream.AuthenticateAsClient(hostname, certColl, System.Security.Authentication.SslProtocols.Tls, false); sslStream.Write(headerBytes); sslStream.Write(contentBytes); sslStream.Flush(); StreamReader reader = new StreamReader(sslStream); Console.WriteLine(reader.ReadToEnd()); } } finally { client.Close(); } } public static bool RemoteCertificateValidation(object sender, X509Certificate certificate, X509Chain chain, SslPolicyErrors sslPolicyErrors) { return (sslPolicyErrors == SslPolicyErrors.None); } public static X509Certificate LocalCertificateSelection(Object sender, string targetHost, X509CertificateCollection localCertificates, X509Certificate remoteCertificate, string[] acceptableIssuers) { if (remoteCertificate.Issuer == localCertificates[0].Issuer) return localCertificates[0]; return null; } Am 14.01.2013 00:36, schrieb Stefan Kadow: > Hello, > I have a MVC2 web application running on Debian squeeze with Apache > 2.2.16, OpenSSL 0.9.8 and mono 2.6.7. I want to secure the access with > SSL client certificates, for identification and authorization. > > The client programm running on another machine uses the HttpWebRequest > class for accessing the server with HTTP methods "GET" and "POST". On > windows machines the client program runs fine using .NET 3.5. > On Linux machines the client program runs only with HTTP method "GET". > A WebRequest with HTTP method "POST" throws an exception. I tried the > following code on client machines with Debian squeeze (mono 2.6.7) and > Debian wheezy (mono 2.10.8). > > The following code (HTTP "GET") runs successful on Windows and Linux: > HttpWebRequest request = (HttpWebRequest) > WebRequest.Create("https://server.net/mvc/contr/action";); > > X509Certificate2Collection certColl = > new X509Certificate2Collection(); > certColl.Import("certfile.p12", "123", > X509KeyStorageFlags.Exportable); > request.ClientCertificates.AddRange(certColl); > > HttpWebResponse response = (HttpWebResponse)request.GetResponse(); > Console.WriteLine(response.StatusDescription); > > Stream responseStream = response.GetResponseStream(); StreamReader > reader = new StreamReader(responseStream); > Console.WriteLine(reader.ReadToEnd()); > > > The following code (HTTP "POST") runs successful on Windows, but > throws an excpection on Linux: > HttpWebRequest request = (HttpWebRequest) > WebRequest.Create("https://server.net/mvc/contr/action";); > > X509Certificate2Collection certColl = > new X509Certificate2Collection(); > certColl.Import("certfile.p12", "123", > X509KeyStorageFlags.Exportable); > request.ClientCertificates.AddRange(certColl); > > string postData = @"<?xml version=\"1.0\" encoding=\"utf-8\"?> > <message/>"; byte[] byteArray = Encoding.UTF8.GetBytes(postData); > request.Method = "POST"; request.ContentType = "text/xml"; > request.ContentLength = byteArray.Length; request.KeepAlive = false; > // needed for POST-requests(?) > > Stream requestStream = request.GetRequestStream(); > requestStream.Write(byteArray, 0, byteArray.Length); // exception > requestStream.Close(); > > HttpWebResponse response = (HttpWebResponse)request.GetResponse(); > Console.WriteLine(response.StatusDescription); > > Stream responseStream = response.GetResponseStream(); StreamReader > reader = new StreamReader(responseStream); > Console.WriteLine(reader.ReadToEnd()); > > > The exception thrown is: > System.Net.WebException: Error getting response stream (ReadDone1): > ReceiveFailure ---> System.IO.IOException: The authentication or > decryption has failed. ---> Mono.Security.Protocol.Tls.TlsException: > The authentication or decryption has failed. > > Apache error log lists: > [error] Re-negotiation handshake failed: Not accepted by client!? > > Apache configuration: > # mono.security needs old/insecure re-negotiation: > SSLInsecureRenegotiation on > <Directory /var/www/bin/mvc> > SSLVerifyClient require > SSLVerifyDepth 1 > SSLUserName SSL_CLIENT_S_DN_CN > SSLOptions +StdEnvVars +ExportCertData +OptRenegotiate </Directory> > > The server certificate is signed by GeoTrust, the GeoTrust root > certificate is installed with certmgr.exe in Trust store. The > self-signed CA certificate, which signed the client certificates is > part of the pkcs12-file and additionally installed in Trust store, too. > But, the certificates can not be the problem, because the WebRequests > with HTTP method GET are running fine on Linux client machines. > _______________________________________________ > Mono-aspnet-list mailing list > [email protected] > http://lists.ximian.com/mailman/listinfo/mono-aspnet-list > > > ------------------------------ _______________________________________________ Mono-aspnet-list mailing list [email protected] http://lists.ximian.com/mailman/listinfo/mono-aspnet-list End of Mono-aspnet-list Digest, Vol 48, Issue 2 *********************************************** _______________________________________________ Mono-aspnet-list mailing list [email protected] http://lists.ximian.com/mailman/listinfo/mono-aspnet-list
