2

Sorry this is my first post and I'll try and be as descriptive as possible...

I am having an issue converting an HTTPWebRequest to reach an HTTPS website that requires a certificate. On my local dev machine I can create the web request to the site by using my client certificate from my CAC card using a CAC card reader. My problem arises when I have to push this code to our dev/prod server to access this site. I cant read my CAC card when I am on the server but I do have a server cert that I can use that is on our IIS 6.0.

Can you get the client's CAC card cert on the server? Is there a store to look from? Or is there a server store to look from?

I dont know the steps to using this server cert, whether I have to code this or work with my IIS Server Manager to enable it. This is my code on my local dev machine that is working. I added the ServerCertficateValidationCallback to test on the dev server.

   protected void Page_Load(object sender, EventArgs e)
   { 
        ServicePointManager.ServerCertificateValidationCallback += new System.Net.Security.RemoteCertificateValidationCallback(ValidateServerCertificate);

        ServicePointManager.MaxServicePointIdleTime = 300000;

        HttpWebRequest request = (HttpWebRequest)WebRequest.Create("https://url");
        request.Accept = "text/xml, */*";
        request.Method = "GET";
        request.Headers.Add(HttpRequestHeader.AcceptLanguage, "en-us");
        request.UserAgent = "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0; .NET CLR 3.5.30729;)";
        request.AutomaticDecompression = DecompressionMethods.Deflate | DecompressionMethods.GZip;
        request.Credentials = CredentialCache.DefaultCredentials;
        request.KeepAlive = false;

        X509Certificate myCert = null;
        X509Store store = new X509Store("My");

        store.Open(OpenFlags.ReadOnly);

        int i = 0;
        foreach (X509Certificate2 m in store.Certificates)
        {
             if (i == 0)
                myCert = m;
             i++;
        }

        if (myCert != null)
        {
             request.ClientCertificates.Add(myCert);
        }

        //take the response and create the xml document to parse
        HttpWebResponse response = (HttpWebResponse)request.GetResponse();
        StreamReader reader = new StreamReader(response.GetResponseStream());
        string str = reader.ReadToEnd();

        ...
        }

        public static bool ValidateServerCertificate(object sender, X509Certificate certificate,X509Chain chain, SslPolicyErrors sslPolicyErrors)
        {
            //certificate is in here
            if (sslPolicyErrors == SslPolicyErrors.None)
               return true;

            sslPE = "SSLPolicyErros: " + sslPolicyErrors;

            return false;
        }

Is anyone familiar with the process, for deployment, to use that server cert that is trusted by the web site im sending a request to? I want all users who access this site from our site ( our site requires CAC authentication ) to use the server cert. Unless someone has a better idea of using the users client certificate from their CAC card. I am having trouble putting this all together and any help would be appreciated.

4

1 回答 1

0

您的 (CAC) 证书的根 ca(颁发者)必须受您的服务器信任。将根 ca 证书添加到服务器的 windows 证书存储的受信任的根证书颁发机构部分,然后重新启动 iis。

于 2013-07-22T21:07:04.317 回答