Hi,
I am writing a web service in ASP.net which will call another host's web services over SSL. I have both the server & client certificates (.cer) with me. The host guys are saying to use DUAL authentication (using both certificates). The web service call is not SOAP, it is through HTTP posts. Here is the function I have written which only uses client certificate. Which gives an error "The request was aborted: Could not create SSL/TLS secure channel" Could anyone help me in understanding how to do the DUAL authentication?
private XmlDocument PostXMLTransaction(string url, XmlDocument xReqDoc)
{
log.Debug("Inside Method");
//Declare XMLResponse document
XmlDocument XMLResponse = null;
//Declare an HTTP-specific implementation of the WebRequest class.
HttpWebRequest objHttpWebRequest;
//Declare an HTTP-specific implementation of the WebResponse class
HttpWebResponse objHttpWebResponse = null;
//Declare a generic view of a sequence of bytes
Stream objRequestStream = null;
Stream objResponseStream = null;
//Declare XMLReader
XmlTextReader objXMLReader;
try
{
//---------- Start HttpRequest
//Creates an HttpWebRequest for the specified URL.
log.Debug("Creates an HttpWebRequest for the specified URL.");
log.DebugFormat("URL: - {0}", url);
objHttpWebRequest = (HttpWebRequest)WebRequest.Create(url);
//Set HttpWebRequest properties
log.Debug("Set HttpWebRequest properties");
byte[] bytes;
bytes = System.Text.Encoding.ASCII.GetBytes(xReqDoc.InnerXml);
//validate server cert
//System.Net.ServicePointManager.CertificatePolicy = new TrustAllCertificatePolicy();
TrustAllCertificatePolicy policy = new TrustAllCertificatePolicy();
policy.CheckValidationResult(objHttpWebRequest.ServicePoint, objHttpWebRequest.ServicePoint.Certificate, objHttpWebRequest, 0);
//System.Net.ServicePointManager.ServerCertificateValidationCallback = delegate { return true; };
//ServicePointManager.Expect100Continue = false;
//ServicePointManager.SecurityProtocol = SecurityProtocolType.Ssl3;
//objHttpWebRequest = (HttpWebRequest)WebRequest.Create(url);
//Add certificate from file
//X509Certificate cer = X509Certificate.CreateFromCertFile("D://WARBA//warbabankCa.cer");
//objHttpWebRequest.ClientCertificates.Add(cer);
//add certificate from store
X509Store store = new X509Store(StoreName.Root, StoreLocation.LocalMachine);
store.Open(OpenFlags.ReadOnly);
X509Certificate2Collection col = store.Certificates.Find(X509FindType.FindBySerialNumber, "78e78f2f5441d68a42c39dc681bdaace", true);
log.DebugFormat("Cert Count = {0}", col.Count.ToString());
objHttpWebRequest.ClientCertificates.Add(col[0]);
objHttpWebRequest.Method = "POST";
objHttpWebRequest.ContentLength = bytes.Length;
objHttpWebRequest.ContentType = "text/xml; encoding='utf-8'";
objHttpWebRequest.KeepAlive = false;
//Get Stream object
log.Debug("Get Stream object ");
objRequestStream = objHttpWebRequest.GetRequestStream();
//Writes a sequence of bytes to the current stream
log.Debug("Writes a sequence of bytes to the current stream");
objRequestStream.Write(bytes, 0, bytes.Length);
//Close stream
log.Debug("Close stream");
objRequestStream.Close();
//---------- End HttpRequest
//Sends the HttpWebRequest, and waits for a response.
log.Debug("Sends the HttpWebRequest, and waits for a response.");
objHttpWebResponse = (HttpWebResponse)objHttpWebRequest.GetResponse();
//---------- Start HttpResponse
if (objHttpWebResponse.StatusCode == HttpStatusCode.OK)
{
log.Debug("Start HttpResponse");
//Get response stream
objResponseStream = objHttpWebResponse.GetResponseStream();
//Load response stream into XMLReader
log.Debug("Load response stream into XMLReader");
objXMLReader = new XmlTextReader(objResponseStream);
//Declare XMLDocument
XmlDocument xmldoc = new XmlDocument();
xmldoc.Load(objXMLReader);
//Set XMLResponse object returned from XMLReader
XMLResponse = xmldoc;
//Close XMLReader
objXMLReader.Close();
}
//Close HttpWebResponse
log.Debug("Close HttpWebResponse");
objHttpWebResponse.Close();
}
catch (WebException we)
{
//TODO: Add custom exception handling
log.Error(we.Message);
log.Error(we.StackTrace);
}
catch (Exception ex)
{
//throw new Exception(ex.Message);
log.Error(ex.Message);
log.Error(ex.StackTrace);
}
finally
{
//Close connections
if (objRequestStream != null)
objRequestStream.Close();
if (objRequestStream != null)
{
objResponseStream.Close();
}
if (objHttpWebResponse != null)
{
objHttpWebResponse.Close();
}
//Release objects
objXMLReader = null;
objRequestStream = null;
objResponseStream = null;
objHttpWebResponse = null;
objHttpWebRequest = null;
}
//Return
return XMLResponse;
}Thanks,
Sree