I have doubt in Windows 7 Phone Application Development.
I need to acess the web service using HttpWebRequest in SSL How can I configure HttpWebRequest as for SSL and allow if Certificate is InValid..
For Example:
I need to Acess API "www.example.com?value=stringVale" and I will get a response as XML and I need to Process It.
when I Give a URI as "https://www.example.com/mainPage.php?Value=stringVale" I get an Breaking Issue.
so How can I access webservice using HttpRequest with SSL Layer.. with InValid Certificate?
Thanks
Dinesh
You need to have a certificate issued by an authority that is recognised by the platform.
This is the latest list I've seen (posted by Shaun Taulbee) in this thread.
push notifications from authenticated services
You can get a 30 day trial cert that's handy for testing from GeoTrust.
Related
I built a simple bot which works perfectly well with emulator but doesn't work in portal when I try to test it with "Test connection to your bot". In emulator I tried with the the app id and app secret obtained from botframework and it worked fine. One thing I noticed is that the request I received from the emulator had a authorization header but the request from the portal didn't have the header.
Also, make sure that you're using an https endpoint if you have the authorization header installed. We only pass the auth along if you're using https to protect your app secret.
Have you got an SSL certificate? Remember that you need to use an https endpoint.
I am working with access to an api with access control using Oauth2. I use DotNetOpenAuth
server.AuthorizationEndpoint = new Uri("https://api.xxxxxx.com/oauth/authorize");
var client = new DotNetOpenAuth.OAuth2.WebServerClient(server, client_id, client_secret);
client.GetClientAccessToken();
Which results in..
AuthenticationException: The remote certificate is invalid according to the validation procedure.
They have certificate errors, that won't be solved before....well...before the project is actually released, but I need to work on it now.....
DotNetOpenAuth will not allow the auth. url without HTTP
How can I make the code either accept the invalid certificate OR make DotNetOpenAuth accept a HTTP auth. url?
I have tried fiddling with the web.config settings, and to see if the trick with a "forgiving" servicePointManager could be used, but I don't know where to attach that
Found it... in web.config:
<dotNetOpenAuth>
<messaging relaxSslRequirements="true"/>
This made it ignore the fact that the provider of the webservice had an invalid certificate on their test server
I have an app that uses NSURLSession to run .php files on a web server. The directory on the web server is password protected and the didReceiveChallenge delegate is working perfectly, returning the user name and password. Up until now this has all been over HTTP as it has simply been a proof of concept, and is therefore open to man-in-the-middle threats.
As I near completion I am going to switch to HTTPS using a trusted cert and am wondering what additional steps I need to take (if any) with NSURLSession to communicate with a secure connection, or will it be as simple as switching the url in the session from HTTP to HTTPS once the server is setup. This will NOT be a self signed cert.
I have found similar questions on here, but none that have an answer.
Thanks!
So I went ahead and installed a self signed certificate on my web server, and then simply changed the HTTP to HTTPS in NSURLRequest and all seems to be working just fine!
Our project(web application C# ASP.NET MVC3) is hosted on IIS 7.5 and we use certificate authentication. So we have SSL-require configured IIS.
Now we have a business task to allow some users to use our system. And there is no way to provide client certificates for them. In that case we need to use some additional authentication model (user-password or ntdomain based).
I don't know how to realize such model:
User gets on our project url;
If he has valid client certificate - we let him iteract with our application;
If he hasn't cert we show him a login form with "user-password";
If we use SSL-required configured IIS users would not be able to iteract with application without valid certificate at all right? And how to authenticate with certificate if IIS is configured with SSL-Accept?
Maybe you can configure two sites on your IIS? One with SSL and another without it? Your url will point to the SSL enabled site, and when a user without a valid certificate arrives you use some backup code to send him to the SSL free site?
Just guessing actually... I think this probably deserves a more meditated answer...
The problem was not so large as i thought before. IIS provides a check box to require certificate even if combobox(in SSL options of web application) is set to Accept instead of require. In that case IIS tries to get certificate at first. And if there is no cert it lets the user to iteract with application. And we can make custom authentication on that level.
With MVC (v.3+) there is nice way to use IAuthorizationFilter in that case
How to access the secured "HTTPS" webservice in Windows Phone 7. The secured certificate is not given, I should either skip or ignore the error message. Any help?
The site you're accessing needs to have a valid certificate from an issuer recognised by the platform. The latest list of these issuers I've seen is here.
push notifications from authenticated services
Note Geotrust will give you a 30 day trial certificate which is handy for testing.