I am writing a .net core(Standard 1.6) library that connects to my WebAPI. The WebApi requires a client certificate.
The .net core library is something being called from a Xamarin iOS app.
I cannot for the life of me send an HTTP request with a Client Certificate header.
I can use the library and post to the API with a client certificate from Visual Studio 2017 on a windows machine.
When I move the same project into my Xamarin iOS app using VS for Mac I get:
"Method Not Implemented" when setting the SslProtocol or adding the client certificate:
var handler = new HttpClientHandler();
handler.ClientCertificateOptions = ClientCertificateOption.Manual;
handler.SslProtocols = SslProtocols.Tls12;
handler.ClientCertificates.Add(new X509Certificate2(certificate));
Relevant libraries:
using System.Net;
using System.Net.Http;
using System.Security;
using System.Security.Cryptography.X509Certificates;
Any help would be greatly appreciated.
Alright, this took me quite a while but i was able to send a client certificate in a web request to use for client auth on our server.
First, as awesome as Xamarin and .netCore are, they are missing alot of the methods .net developers are used to. I was not able to build a crossplatform request that would work on both Android and ios such as the HttpWebRequest.
For ios, i created a custom class that inherits from:NSUrlConnectionDataDelegate
I then override the:
public override void WillSendRequestForAuthenticationChallenge(NSUrlConnection
connection, NSUrlAuthenticationChallenge challenge)
{
byte[] cert = System.IO.File.ReadAllBytes("clientCertificate.pfx");
NSUrlCredential credential = iSecurity.ImportPK12File(cert, "certPassword");
challenge.Sender.UseCredential(credential, challenge);
}
I then created a class that returns the credential:
//cert is a byte array of a .pfx file included in the resource file
//iSecurity Custom class
NSUrlCredential credential = iSecurity.ImportPK12File(cert, "certpassword");
public static NSUrlCredential ImportPK12File(byte[] fileBytes, string passPhrase)
{
var cert = new X509Certificate2(fileBytes, passPhrase);
var options = NSDictionary.FromObjectAndKey(NSObject.FromObject(passPhrase), SecImportExport.Passphrase);
NSDictionary[] importStatus;
SecStatusCode statusCode = SecImportExport.ImportPkcs12(fileBytes, options, out importStatus);
if(statusCode != SecStatusCode.Success){
throw new Exception("Error importing certificate. ");
}
NSObject obj = importStatus[0]["trust"];
IntPtr secTrustRef = obj.Handle;
var identityHandle = importStatus[0][SecImportExport.Identity];
var identity = new SecIdentity(identityHandle.Handle);
var certificate = new SecCertificate(cert.GetRawCertData());
SecCertificate[] certificates = { certificate };
return NSUrlCredential.FromIdentityCertificatesPersistance(identity, certificates, NSUrlCredentialPersistence.ForSession);
}
You may also be able to override this method and send the creds:
public override void ReceivedAuthenticationChallenge(NSUrlConnection connection, NSUrlAuthenticationChallenge challenge)
{
base.ReceivedAuthenticationChallenge(connection, challenge);
}
And i may move it to there but in order to fire this off you create the delegate of your class that inherits from :NSUrlConnectionDataDelegate
and add this to your connection. Any request fired through this connection will override the method and pass the certificate.
Related
In Xamarin Forms app I am using System.Net.Http.HttpClient to establish connection to server via https. Visual Studio version 16.5.4, Xamarin Forms version 4.5.0.617, android: target framework: Android 9.0 (Pie), iOS: SDK version 13.4. I want to accept only one certificate that comes from CA. Just after start, before first request, I am validating server certificate by:
private const string SupportedPublicKey = "118SDD782...HA4JD";
public static void SetUp()
{
ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12;
ServicePointManager.ServerCertificateValidationCallback += ValidateServerCertficate;
}
private static bool ValidateServerCertficate(object sender, X509Certificate certificate, X509Chain chain, SslPolicyErrors sslPolicyErrors)
{
var certKey = certificate?.GetPublicKeyString();
return SupportedPublicKey == certificate?.GetPublicKeyString();
}
Program is hitting breakpoint at SetUp method, but the breakpoint inside event is never hitted. I have put there Console.WriteLine() there methods to check if debugger is broken, but console is clear, so program never reach that code.
Right now application on both platforms, on emulators and real devices, behaves like it accepts all certificates, no matter where they come from and connect to other servers via https.
I have tried to change project properties on android: HttpClient implementation from "default" to "Managed" and "android" and on iOS: from "managed(default)" to "NSUrlSession (iOS 7+)" and "CFNetwork (iOS 6+)" to but there is no effect.
How can I fix it?
Try to change your code to use the new HttpClientHandler.ServerCertificateCustomValidationCallback APIs from .NET Core.
public static void SetUp()
{
HttpClientHandler httpClientHandler = new HttpClientHandler();
httpClientHandler.ServerCertificateCustomValidationCallback = ValidateServerCertficate;
}
private static bool ValidateServerCertficate(object sender, X509Certificate certificate, X509Chain chain, SslPolicyErrors sslPolicyErrors)
{
var certKey = certificate?.GetPublicKeyString();
return SupportedPublicKey == certificate?.GetPublicKeyString();
}
You could refer this on github
I'm trying to pass my full Rest service from http to https.
I created a self-signed certificate, I had it to IIS Express. I validate it on google Chrome and it work perfectly fine with postman. My rest service work in http and https.
I use a PCL project (IOS and Android) everything is working fine with http request but I have exception with https request. the exception message is null.
I tried to create a test certificate directly from Visual Studio 2015 but the button is disabled in properties ->Signing.
I also tried to install my self-signed certificate as a Trusted Root but no success for the communication between my simulator and my rest Service.
my code
public partial class MainPage : ContentPage
{
private string url = string.Empty;
private HttpClient _client;
public MainPage()
{
InitializeComponent();
switch (Device.RuntimePlatform)
{
case Device.iOS:
_client = new HttpClient(new NSUrlSessionHandler());
break;
case Device.Android:
_client = new HttpClient();
break;
}
_client = new HttpClient();
test();
}
private async void test()
{
//url = "http://192.168.1.106:9630/PrototypeB.svc/Test";
url = "https://192.168.1.106:44301/PrototypeB.svc/Test";
try
{
var _content = await _client.GetStringAsync(url);
List<Test> _posts = JsonConvert.DeserializeObject<List<Test>>(_content);
}
catch (HttpRequestException e)
{
string test = e.Message;
}
catch (Exception e)
{
string test = e.Message;
}
}
}
How can I communicate with my Android and IOS Simulator with https and self-signed certificate?
You can use ServicePointManager to ignore the certificate validation check.
Execute the code in your iOS and Android platforms like this:
System.Net.ServicePointManager.ServerCertificateValidationCallback += (se, cert, chain, sslerror) => {
return true;
};
References:
Untrusted HTTPS
certificate
HTTPS ignore
certificate
Ignore SSL certificate errors in Xamarin.Forms (PCL)
SSL Validation in
PCL
Also, ModernHttpClient Pro provide this feature, but it is not free.
I use adapter authentication in my Xamarin.Forms app with the IBM MFP SDK. The adapter requires a username and a password.
In my iOS app (with the exact same shared code) everything works as it should.
In my Android app the parameters are empty (found that out using Charles / Fiddler).
I debugged the process and my Identity variable with username and password is not null and correctly filled in.
public override AdapterAuthenticationInfo GetAdapterAuthenticationParameters()
{
var parameters = new string[] { Identity.Email, Identity.Password };
var invocationData = new WorklightProcedureInvocationData("AuthAdapter", "submitAuthentication", parameters);
var authInfo = new AdapterAuthenticationInfo();
authInfo.InvocationData = invocationData;
return authInfo;
}
Can you try running your app using object array instead of string array and see if that works?
var parameters = new object[] { Identity.Email, Identity.Password };
I need to post data to server, and get compressed data back from it.
I am using windows phone 7 sdk.
I read that it can be done using SharpGIS or Coding4Fun toolkit.
They use WebClient (AFAIK).
can anyone help me?
Here's what I need to do-
Post data(XML) to url
Get compressed data (only GZip supported by server) in the form of xml string/stream
deserialise the xml data received
and the methods should be awaitable.
When I had to do this in wp7, I
Created a Portable Class Library project within my solution
Nuget the HTTP client library at https://www.nuget.org/packages/Microsoft.Net.Http (Install-Package Microsoft.Net.Http)
Nuget http://www.nuget.org/packages/Microsoft.Bcl.Async/ (Install-Package Microsoft.Bcl.Async ) and add to your PCL and UI solution
With in the portable class library
public class PostData
{
public async Task<T> TestMe<T>(XElement xml)
{
var client = new HttpClient(new HttpClientHandler
{
AutomaticDecompression = DecompressionMethods.GZip
| DecompressionMethods.Deflate
});
var response = await client.PostAsync("https://requestUri", CreateStringContent(xml));
var responseString = await response.RequestMessage.Content.ReadAsStringAsync();
//var responseStream = await response.RequestMessage.Content.ReadAsStreamAsync();
//var responseByte = await response.RequestMessage.Content.ReadAsByteArrayAsync();
return JsonConvert.DeserializeObject<T>(responseString);
}
private HttpContent CreateStringContent(XElement xml)
{
return new StringContent(xml.ToString(), System.Text.Encoding.UTF8, "application/xml");
}
}
WebClient and HttpWebRequest for C4F toolkit are supported. HttpClient doesn't exist without http client library currently in WP.
I don't use Windows 8, which means Windows Phone SDK is only on VS 2010, which doesn't support the Microsoft HttpClient.
There's a NuGet package Delay.GZipWebClient written by an MS dev that adds simple support for it. So far it's worked like a charm.
http://blogs.msdn.com/b/delay/archive/2012/04/19/quot-if-i-have-seen-further-it-is-by-standing-on-the-shoulders-of-giants-quot-an-alternate-implementation-of-http-gzip-decompression-for-windows-phone.aspx
I'm trying to download a regular JSON string from this url https://valueboxtest.lb.dk/mobile/categories from a Windows Phone 7 Application.
I have tried to both use WebClient and HttpWebRequest. They both throw an exception
“The remote server returned an error: NotFound”
This is the code for using the WebClient
var webClient = new WebClient();
webClient.DownloadStringCompleted += (client_DownloadStringCompleted);
webClient.DownloadStringAsync(new Uri("https://valueboxtest.lb.dk/mobile/categories"));
The eventhandler then just show the content, but e.Result throws the above mentioned exception:
void client_DownloadStringCompleted(object sender, DownloadStringCompletedEventArgs e)
{
if (e.Error == null && !e.Cancelled) MessageBox.Show(e.Result);
}
For the HttpWebRequest my code looks as follows:
var httpReq = (HttpWebRequest)WebRequest.Create(new Uri("https://valueboxtest.lb.dk/mobile/categories"));
httpReq.BeginGetResponse(HTTPWebRequestCallBack, httpReq);
With the following callback:
private void HTTPWebRequestCallBack(IAsyncResult result)
{
var httpRequest = (HttpWebRequest)result.AsyncState;
var response = httpRequest.EndGetResponse(result);
var stream = response.GetResponseStream();
var reader = new StreamReader(stream);
this.Dispatcher.BeginInvoke(
new delegateUpdate(update),
new Object[] { reader.ReadToEnd() }
);
}
And with the delegate method
delegate void delegateUpdate(string content);
private void update(string content)
{
MessageBox.Show(content);
}
Running it in a console application
Everything works just fine and the JSON string is returned with no problems and I am able to print the result to the console.
Different URL does work on WP7
The weird thing is that the URL http://mobiforge.com/rssfeed actually works fine in both of the above mentioned scenarios.
This issue occurs both in the Emulator and on an actual device.
What could be wrong? Is the REST service returning the data in misbehaving way? I really hope you can help me!
Note: I'm not running Fiddler2 at the same time!
The reason is because that site does not have a valid certificate. Just try it on Mobile Internet Explorer and you'll get the prompt about an issue with the certificate.
How to ignore SSL certificates
Mobile devices are stricter when it comes to SSL certificates.
If you want to get this app into a production environment, you'll either need to write a wrapper for this server (if it's not your own), or get a valid certificate. In the short-term, for testing, you can add a certificate into your device.
Here's a tool which might help you install a certificate.