Sorry this is my first post and I'll try and be as descriptive as possible...
I am having an issue converting an HTTPWebRequest to reach an HTTPS website that requires a certificate. On my local dev machine I can create the web request to the site by using my client certificate from my CAC card using a CAC card reader. My problem arises when I have to push this code to our dev/prod server to access this site. I cant read my CAC card when I am on the server but I do have a server cert that I can use that is on our IIS 6.0.
Can you get the client's CAC card cert on the server? Is there a store to look from? Or is there a server store to look from?
I dont know the steps to using this server cert, whether I have to code this or work with my IIS Server Manager to enable it. This is my code on my local dev machine that is working. I added the ServerCertficateValidationCallback to test on the dev server.
protected void Page_Load(object sender, EventArgs e)
{
ServicePointManager.ServerCertificateValidationCallback += new System.Net.Security.RemoteCertificateValidationCallback(ValidateServerCertificate);
ServicePointManager.MaxServicePointIdleTime = 300000;
HttpWebRequest request = (HttpWebRequest)WebRequest.Create("https://url");
request.Accept = "text/xml, */*";
request.Method = "GET";
request.Headers.Add(HttpRequestHeader.AcceptLanguage, "en-us");
request.UserAgent = "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0; .NET CLR 3.5.30729;)";
request.AutomaticDecompression = DecompressionMethods.Deflate | DecompressionMethods.GZip;
request.Credentials = CredentialCache.DefaultCredentials;
request.KeepAlive = false;
X509Certificate myCert = null;
X509Store store = new X509Store("My");
store.Open(OpenFlags.ReadOnly);
int i = 0;
foreach (X509Certificate2 m in store.Certificates)
{
if (i == 0)
myCert = m;
i++;
}
if (myCert != null)
{
request.ClientCertificates.Add(myCert);
}
//take the response and create the xml document to parse
HttpWebResponse response = (HttpWebResponse)request.GetResponse();
StreamReader reader = new StreamReader(response.GetResponseStream());
string str = reader.ReadToEnd();
...
}
public static bool ValidateServerCertificate(object sender, X509Certificate certificate,X509Chain chain, SslPolicyErrors sslPolicyErrors)
{
//certificate is in here
if (sslPolicyErrors == SslPolicyErrors.None)
return true;
sslPE = "SSLPolicyErros: " + sslPolicyErrors;
return false;
}
Is anyone familiar with the process, for deployment, to use that server cert that is trusted by the web site im sending a request to? I want all users who access this site from our site ( our site requires CAC authentication ) to use the server cert. Unless someone has a better idea of using the users client certificate from their CAC card. I am having trouble putting this all together and any help would be appreciated.