Google Grupper har inte längre stöd för nya Usenet-inlägg eller -prenumerationer. Historiskt innehåll förblir synligt.
Dismiss

WebRequest to non-trusted server

1 visning
Hoppa till det första olästa meddelandet

Jan Zich

oläst,
7 okt. 2002 07:28:002002-10-07
till
Hello,

I'm trying to connect from aspx to another server using the class
WebRequest. But I'm still getting the the following error:

---------------
System.Net.WebException: The underlying connection was closed: Could not
establish trust relationship with remote server.
---------------

I understant it - the server is not really trusted, or, preciselly its root
cert. authority is not trusted. If I try myself the same request from
Interner Explorer, the standard warning message appears, which informs me
that the server is not trusted and whether want I continue. If I install the
certificate of its root authority, everything works fine in Internet
Explorer.

Can anybody help me, how can I install or supply the certificate of root
authority of the server to ASP.NET or .NET Framework or aspnet_wp user or
whatever during the request? Or, how can I modify the CTL list, which is
used by classes like WebRequest?

Thanks
Jan Zich


Bill Cheng (MS)

oläst,
8 okt. 2002 07:37:012002-10-08
till
Hi Jan,

Installing the cert via IE places it in the current user’s certificate
store. It doesn't make the certificate accessible to other users on the
machine, such as the ASP.NET machine account.

To solve it, install the certificate in the local computer’s certificate
store using the Certificates MMC snap-in.

The other workaround (should be used cautiously) is to create your own
certificate policy and set the ServicePointManager to use that instead of
the default.

For example:

ServicePointManager.CertificatePolicy = new MyCertificatePolicy();

public class MyCertificatePolicy : ICertificatePolicy

{
public bool CheckValidationResult(ServicePoint sp, X509Certificate cert,
WebRequest request, int problem)
{
return true;
}
}

Hope it helps.


This posting is provided "AS IS" with no warranties, and confers no rights.

Regards,

Bill Cheng
Microsoft Support Engineer
--------------------
| From: "Jan Zich" <zi...@kaktus.cz>
| Subject: WebRequest to non-trusted server
| Date: Mon, 7 Oct 2002 07:28:00 -0400
| Lines: 28
| X-Priority: 3
| X-MSMail-Priority: Normal
| X-Newsreader: Microsoft Outlook Express 6.00.2800.1106
| X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106
| Message-ID: <OjU3rRfbCHA.2188@tkmsftngp08>
| Newsgroups: microsoft.public.dotnet.framework
| NNTP-Posting-Host: 172.132.169.11
| Path: cpmsftngxa08!tkmsftngp01!tkmsftngp08
| Xref: cpmsftngxa08 microsoft.public.dotnet.framework:26999
| X-Tomcat-NG: microsoft.public.dotnet.framework

Jan Zich

oläst,
9 okt. 2002 20:13:272002-10-09
till
Thank you very much, it helps a lot.

"Bill Cheng (MS)" <bill...@online.microsoft.com> wrote in message
news:SLkrp7rbCHA.1492@cpmsftngxa09...

Chris Gomez

oläst,
14 nov. 2002 17:33:512002-11-14
till
In my case, the issue is that the certificate is from a trusted certifying
authority, it is valid, but the name of the server does not match the
internet address you use to access it.

For example, the certificate is stated to certify that I am reaching
www.somecompany.com, but they have us connect to
otherplace.somecompany.com

I would ask them to update their certificate, but they have many clients who
successfully connect every day, and surely the response would simply be
".NET is broken, don't use .NET and it all works great."

That's nice but thanks to .NET, I finished all of this code in a day and I'm
stuck on this one issue. Everything works fine until I turn on SSL by
changing the WebRequest URI from http:// to https://. Then I get the same
error message everyone else reports on these boards.

I attempted installing the certificate as has been described by Bill Cheng
below, but I can not find a "Certificates MMC snap-in". Since the server
the code runs on does have Certificate Services, I used the Certificate
Authority snap-in but the GUI looks nothing like what has been described
here.

The server is Windows 2000 Server. When I use IE to type in a link
manually, I receive a short dialog box asking me if I want to proceed
(warning me about the situation I described in the first paragraph above),
but apparently in "code", this is not sufficient, and thus the exception.

Any advice?

Chris Gomez

> "Bill Cheng (MS)" <bill...@online.microsoft.com> wrote in message
> news:SLkrp7rbCHA.1492@cpmsftngxa09...
> > Hi Jan,
> >
> > Installing the cert via IE places it in the current user's certificate
> > store. It doesn't make the certificate accessible to other users on the
> > machine, such as the ASP.NET machine account.
> >
> > To solve it, install the certificate in the local computer's certificate
> > store using the Certificates MMC snap-in.
> >
> > The other workaround (should be used cautiously) is to create your own
> > certificate policy and set the ServicePointManager to use that instead
of
> > the default.

<snip>


> > Regards,
> >
> > Bill Cheng
> > Microsoft Support Engineer

> > --------------------
> > | From: "Jan Zich" <zi...@kaktus.cz>
> > | Subject: WebRequest to non-trusted server

Joerg Jooss

oläst,
15 nov. 2002 04:38:122002-11-15
till

"Chris Gomez" <cag...@nospam.com> schrieb im Newsbeitrag
news:ODYqO3CjCHA.1652@tkmsftngp09...

> In my case, the issue is that the certificate is from a trusted certifying
> authority, it is valid, but the name of the server does not match the
> internet address you use to access it.
>
> For example, the certificate is stated to certify that I am reaching
> www.somecompany.com, but they have us connect to
> otherplace.somecompany.com
>
> I would ask them to update their certificate, but they have many clients
who
> successfully connect every day, and surely the response would simply be
> ".NET is broken, don't use .NET and it all works great."
>
> That's nice but thanks to .NET, I finished all of this code in a day and
I'm
> stuck on this one issue. Everything works fine until I turn on SSL by
> changing the WebRequest URI from http:// to https://. Then I get the same
> error message everyone else reports on these boards.
>
> I attempted installing the certificate as has been described by Bill Cheng
> below, but I can not find a "Certificates MMC snap-in". Since the server
> the code runs on does have Certificate Services, I used the Certificate
> Authority snap-in but the GUI looks nothing like what has been described
> here.

Run mmc.exe, File->Add/Remove Snap-In, click the Add button, and choose
"Certificates" from the list box. Note that I've translated these names from
my German XP version, so they may be wrong.

When playing around with a test certificate on my machine, I had the same
probem as you, but even with the Certifcates MMC snap-in I failed to make it
trusted. In the end I implemented my own ICeritificate policy...

Cheers,
--
Joerg Jooss
joerg...@gmx.net

0 nya meddelanden