 |
 | Home | Contact Us | FAQ | Search & Site Map | Link to Us |
 | Sign In | Join | Other 45 Sites in Network |
.NET Forum / .NET Framework / New Users / March 2008SSL certificates
Hi there, I'm writing a client app, connecting to a web-service over a https:// connection. Everything seems to work fine but... where does the .NET fw load the proper SSL certificate from? From the remote serer (just like a browser)? thanks in advance, Giulio - Italy  SignatureOnAir: http://www.giuliopetrucci.it Hello! You wrote on Tue, 04 Mar 2008 18:34:54 +0100: GP> I'm writing a client app, connecting to a web-service over a https:// GP> connection. Everything seems to work fine but... where does the .NET fw GP> load the proper SSL certificate from? From the remote serer (just like GP> a browser)? Are you asking about server's certificate or the ceritificate used for client-side authentication? The server identifies itself with it's certificate and you need to validate it (.NET does this for you in some way). If you need to identify youself, then the certificate is taken from the local storage (probably you can provide your own, but I don't know the details). In general you will find the description of how SSL works here: http://eldos.com/sbb/articles/1948.php With best regards, Eugene Mayevski http://mayevski.blogspot.com/ Hi Eugene, first of all: thank you for your reply! Eugene Mayevski ha scritto: > Are you asking about server's certificate or the ceritificate used for > client-side authentication? Client-side. I suppose it works just like for the browser, doesn't it? The client connects to an https:// URL, and the server provides the client with its certificate. Right? > In general you will find the description of how SSL works here: > http://eldos.com/sbb/articles/1948.php Thanks for the link! Kind regards, Giulio - Italia SignatureOnAir: http://www.giuliopetrucci.it Hello! You wrote on Wed, 05 Mar 2008 14:23:45 +0100: ??>> Are you asking about server's certificate or the ceritificate used for ??>> client-side authentication? GP> Client-side. GP> I suppose it works just like for the browser, doesn't it? The client GP> connects to an https:// URL, and the server provides the client with its GP> certificate. Right? Not at all. Either you are mixing the client-side authentication with what you see, or one of the above. Client-side authentication is when the client tells the server, who the client is. This type of authentication is used relatively rarely (comparing to regular HTTPS communication). The certificate used for a client-side authentication is the property of the client. It's stored either in Windows Certificate storage or in hardware (cryptocards and USB cryptotokens). When you connect to the server that requires client-side authentication, system components of Windows (if you use HttpWebRequest class) attempt to choose the certificate to use in authentication among the certificates located in Windows Certificate storage. As said, probably you can specify other certificate (for example the one you loaded from PFX file). With best regards, Eugene Mayevski http://mayevski.blogspot.com/ Hi Eugene, Eugene Mayevski ha scritto: > Not at all. Either you are mixing the client-side authentication with > what you see, or one of the above. > > Client-side authentication is when the client tells the server, who the > client is. [cut] Ok, got it. So I thought I was talking about it but I wasn't! ;-) Actually my scenario is really simple: I have a client application wich must query a remote webservice over an https connection. No cliend-side auth needed, the only certificate acting in this scenario is the server one. In this case, is it correct to say that my client app receives the certificate from the server? > As said, probably you can specify other certificate (for > example the one you loaded from PFX file). Don't get it. Could you link me to any reference-or-code-snippet? Thanks in advance, Giulio SignatureOnAir: http://www.giuliopetrucci.it Hello! You wrote on Wed, 05 Mar 2008 15:13:52 +0100: GP> one. In this case, is it correct to say that my client app receives the GP> certificate from the server? Yes, the certificate is sent by the server. ??>> As said, probably you can specify other certificate (for ??>> example the one you loaded from PFX file). GP> Don't get it. GP> Could you link me to any reference-or-code-snippet? You don't need it if you don't use client-side authentication With best regards, Eugene Mayevski http://mayevski.blogspot.com/ Hi Eugene, Eugene Mayevski ha scritto: > Yes, the certificate is sent by the server. [cut] Thanks! Giulio SignatureOnAir: http://www.giuliopetrucci.it
Free MagazinesGet these publications absolutely FREE for up to 12 months. There are no hidden fees and no obligation. Simply choose a title, complete the application form and submit it. Read more ...
|
Reply to this Message
|
 Sign In
 Join
 My Latest Posts My Monitored Threads My Blog My Photo Gallery My Profile My Homepage Start New Thread Enable EMail Alerts Rate this Thread
|
©2008 Advenet LLC Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.