sreecareer 0 Newbie Poster

Hi,
I am writing a web service in ASP.net which will call another host's web services over SSL. I have both the server & client certificates (.cer) with me. The host guys are saying to use DUAL authentication (using both certificates). The web service call is not SOAP, it is through HTTP posts. Here is the function I have written which only uses client certificate. Which gives an error "The request was aborted: Could not create SSL/TLS secure channel" Could anyone help me in understanding how to do the DUAL authentication?

private XmlDocument PostXMLTransaction(string url, XmlDocument xReqDoc)
        {
            log.Debug("Inside Method");
            //Declare XMLResponse document
            XmlDocument XMLResponse = null;

            //Declare an HTTP-specific implementation of the WebRequest class.
            HttpWebRequest objHttpWebRequest;

            //Declare an HTTP-specific implementation of the WebResponse class
            HttpWebResponse objHttpWebResponse = null;

            //Declare a generic view of a sequence of bytes
            Stream objRequestStream = null;
            Stream objResponseStream = null;

            //Declare XMLReader
            XmlTextReader objXMLReader;

            try
            {
                //---------- Start HttpRequest 

                //Creates an HttpWebRequest for the specified URL.
                log.Debug("Creates an HttpWebRequest for the specified URL.");
                log.DebugFormat("URL: - {0}", url);
                objHttpWebRequest = (HttpWebRequest)WebRequest.Create(url);

                //Set HttpWebRequest properties
                log.Debug("Set HttpWebRequest properties");
                byte[] bytes;
                bytes = System.Text.Encoding.ASCII.GetBytes(xReqDoc.InnerXml);

                //validate server cert
                //System.Net.ServicePointManager.CertificatePolicy = new TrustAllCertificatePolicy();
                TrustAllCertificatePolicy policy = new TrustAllCertificatePolicy();
                policy.CheckValidationResult(objHttpWebRequest.ServicePoint, objHttpWebRequest.ServicePoint.Certificate, objHttpWebRequest, 0);
                
                //System.Net.ServicePointManager.ServerCertificateValidationCallback = delegate { return true; };
                //ServicePointManager.Expect100Continue = false;
                //ServicePointManager.SecurityProtocol = SecurityProtocolType.Ssl3;
                //objHttpWebRequest = (HttpWebRequest)WebRequest.Create(url);

                //Add certificate from file
                //X509Certificate cer = X509Certificate.CreateFromCertFile("D://WARBA//warbabankCa.cer");
                //objHttpWebRequest.ClientCertificates.Add(cer);

                //add certificate from store
                X509Store store = new X509Store(StoreName.Root, StoreLocation.LocalMachine);
                store.Open(OpenFlags.ReadOnly);
                X509Certificate2Collection col = store.Certificates.Find(X509FindType.FindBySerialNumber, "78e78f2f5441d68a42c39dc681bdaace", true);
                log.DebugFormat("Cert Count = {0}", col.Count.ToString());
                objHttpWebRequest.ClientCertificates.Add(col[0]);

                objHttpWebRequest.Method = "POST";
                objHttpWebRequest.ContentLength = bytes.Length;
                objHttpWebRequest.ContentType = "text/xml; encoding='utf-8'";
                objHttpWebRequest.KeepAlive = false;

                //Get Stream object 
                log.Debug("Get Stream object ");
                objRequestStream = objHttpWebRequest.GetRequestStream();

                //Writes a sequence of bytes to the current stream 
                log.Debug("Writes a sequence of bytes to the current stream");
                objRequestStream.Write(bytes, 0, bytes.Length);

                //Close stream
                log.Debug("Close stream");
                objRequestStream.Close();

                //---------- End HttpRequest


                //Sends the HttpWebRequest, and waits for a response.
                log.Debug("Sends the HttpWebRequest, and waits for a response.");
                objHttpWebResponse = (HttpWebResponse)objHttpWebRequest.GetResponse();

                //---------- Start HttpResponse
                if (objHttpWebResponse.StatusCode == HttpStatusCode.OK)
                {
                    log.Debug("Start HttpResponse");
                    //Get response stream 
                    objResponseStream = objHttpWebResponse.GetResponseStream();

                    //Load response stream into XMLReader
                    log.Debug("Load response stream into XMLReader");
                    objXMLReader = new XmlTextReader(objResponseStream);

                    //Declare XMLDocument
                    XmlDocument xmldoc = new XmlDocument();
                    xmldoc.Load(objXMLReader);

                    //Set XMLResponse object returned from XMLReader
                    XMLResponse = xmldoc;

                    //Close XMLReader
                    objXMLReader.Close();
                }

                //Close HttpWebResponse
                log.Debug("Close HttpWebResponse");
                objHttpWebResponse.Close();
            }
            catch (WebException we)
            {
                //TODO: Add custom exception handling
                log.Error(we.Message);
                log.Error(we.StackTrace);
            }
            catch (Exception ex)
            {
                //throw new Exception(ex.Message);
                log.Error(ex.Message);
                log.Error(ex.StackTrace);
            }
            finally
            {
                //Close connections
                if (objRequestStream != null)
                    objRequestStream.Close();
                if (objRequestStream != null)
                {
                    objResponseStream.Close();
                }
                if (objHttpWebResponse != null)
                {
                    objHttpWebResponse.Close();
                }

                //Release objects
                objXMLReader = null;
                objRequestStream = null;
                objResponseStream = null;
                objHttpWebResponse = null;
                objHttpWebRequest = null;
            }

            //Return
            return XMLResponse;
        }

Thanks,
Sree