HttpWebRequest and SSL

Hot Topic

I have some problems with the Session variables
Exection of a simple exe (.Net developed) from a shared folder
dynamic web chart inside the repeater.
Format Numbers as Ordinal (1st, 2nd, etc)
Compression in Remoting
What is the best solution?
SQL UPDATE - "No value given for one or more required parameters"
MDAC in Embed WIN98
Importing Encrypted Web Data to Local Database
ASP.Net 2.0

.NET Development

Serial Port Communication
What is the MS version of "Ajax techniques"?
asp.net 2.0 master page
Legacy Development (.NET 1.1) in Visual Studio 2005
wse 2.0 AuthenticateToken oberride
Windows Event Viewer
Switching .Net (valid) root
How to disable code analysis message globally across project?
Problem updating child table i relational database
BitArray MyProblem Or Bug ?

HttpWebRequest and SSL

I need to communicate with a web server using https just as a browser would.  What steps are necessary to achieve this using HttpWebRequest, is it as simple as the URI beginning with 'https://' or do I need to supply some credentials of some kind   I dont have a certificate myself (the server does) so I wont be using client authentication but I assume this is how browsers operate.  Will data be encrypted in both directions using https

Also, is there a simple way to check that information is being sent encrypted   I'd like to double check that the encryption is happening OK before I start sending credit card details over the wire.

Thanks in advance.

Colin

Answer this question

HttpWebRequest and SSL

  • Va1era

    Thanks.
    I am glad it worked for you

  • Rufus Leonard

    1. You don't need a client cert if you are not using client certs to authenticate to the server as to who the client is
    2. You don't need any other credentials unless the server is demanding them after SSL connection is established which is not unusual
    3. You do need to have the certificate root's certificate on your machine. This is to make sure that who ever issued the cert to the server is trusted on the client.
    Typically the verisign, etc are already trusted and their root CA certs should be there. Otherwise you need to explicitly install the cert (ROOT CA) on your machine.
    one way to check is to make sure that the IE works fine and then proceed
    4. Data will be encrypted on both directions
    5. One way to check is to capture the network minitor's capture file
    The other way is to get a system.net trace
    Guidance for both are in my blog
    http://blogs.msdn.com/dgorti


  • Harlow Burgess

    Thanks for the reply Durgaprasad.  I've since run a network sniffer and satisfied myself that data is being encrypted.  To be honest I'm amazed that doing something like this is so simple from the developer's point of view, hats off to MS on that one

  • Nick Bennett

    I have the same question. I need to send a request to a payment gateway to authorize a payment. I am just using the HttpWebRequest class and createing a uri with "https://". Do I need to do anything else to send the data encrypted If no, who takes care of the encryption

    I have windows xp, so cannot install the Network Monitor, is there any other way I can sniff the web request sent using HttpWebRequest class

    Thanks in advance.
  • HttpWebRequest and SSL
Answer this question