HttpWebRequest and client certificates over HTTPS

Wed, 07 Apr 2010 15:26:57 -0700 

I need to send a client certificate over HTTPS to a URL to authenticate
against some data which I am POSTing.
It seems like I just can't get the client certificate to be sent over the
channel.

This is the code I'm using, it's been hacked a fair bit to just try to get
it working.

----------

            pathToCertificate = "C:\blah\blah\mycertificate.cer";
            System.Net.HttpWebRequest webRequest =
(System.Net.HttpWebRequest)System.Net.HttpWebRequest.Create(requestUri);

            webRequest.Method = "POST";
            webRequest.ContentLength = contentLength;
            webRequest.ContentType = contentType;

            if (requestData != null && contentLength > 0)
            {
                webRequest.GetRequestStream().Write(requestData, 0,
contentLength);
            }

            if (clientCertificates.Count > 0)
            {
                webRequest.Credentials = CredentialCache.DefaultCredentials;
                webRequest.PreAuthenticate = true;
                webRequest.ClientCertificates.Add(new
X509Certificate2(pathToCertificate));

 
System.Net.ServicePointManager.ServerCertificateValidationCallback +=
delegate(object sender,
System.Security.Cryptography.X509Certificates.X509Certificate certificate,
System.Security.Cryptography.X509Certificates.X509Chain chain,
System.Net.Security.SslPolicyErrors sslPolicyErrors)
                {
                    return true; // **** Always accept
                };
            }

            System.Net.HttpWebResponse webResponse =
(System.Net.HttpWebResponse)webRequest.GetResponse();

---------------

Using Fiddler it looks like it doesn't send the client certificate!
This is what Fiddler outputs:


CONNECT http://<endpoint>:443 HTTP/1.1
Host: <endpoint>
Proxy-Connection: Keep-Alive

HTTP/1.1 200 DecryptTunnel Established
Timestamp: 18:32:34:7696
FiddlerGateway: Direct

This is a HTTPS CONNECT Tunnel. Secure traffic flows through this
connection.

Secure Protocol: Tls
Cipher: Rc4 128bits
Hash Algorithm: Md5 128bits
Key Exchange: RsaKeyX 1024bits

== Client Certificate ==========
None.

== Server Certificate ==========
<Removed from email>

POST https://<endpoint> HTTP/1.1
Content-Type: application/x-www-form-urlencoded
Host: <endpoint>
Content-Length: 129
Expect: 100-continue

<MyPostData>

HTTP/1.0 403 Forbidden
Server: <EndServer>/1.1
Connection: Keep-Alive
Content-Length: 33

Error 403: Missing authentication




HELP! 

Regards,

Michael Lyons

Reply via email to