i am trying to write a program in C# through which i could be able to retrieve SSL Certificate Subject of a URL. For this purpose i have to used OpenSSL with TCP port, i have tried too many functions but not found any solution.
I have written the following code:
try {
HttpWebRequest request = (HttpWebRequest)WebRequest.Create("https://google.com");
HttpWebResponse response = (HttpWebResponse)request.GetResponse();
response.Close();
var cert = request.ServicePoint.Certificate;
var subject = cert.Subject.ToString();
txt.Text = subject;
txt.Text = txt.Text + "<br>" + cert.Issuer;
}
catch (Exception exe)
{
txt.Text = exe.ToString();
}
This code returns me the correct result according to my requirement but it is not on OpenSSL.
I have found the following code which is the perfect for my requirement but it is in c language where i need the same in C#.
http://fm4dd.com/openssl/sslconnect.htm
Any help be appreciated.
thanks
Related
This is more about how to get HttpWebRequest to work or even if HttpWebRequest is the right implementation. I've let my C# and .Net skill lapse the past few year, so I hope I can be forgiven for that.
I trying to hit a secure web service that requires client authentication. I have four certs to hit this with.
• Root Certificate
• Intermediate Root Certificate
• Device Certificate
• Private Key
The server is Java and these certs are in .jks form trustore and keystore. I pulled them into .pem files.
So, I failed on the C# client side, so I thought I'd write a little Python snippet to make sure at least the server side is working as expected. Twenty minutes later, I'm making secure posts. Here's that code:
# Keys
path = "C:\\path\\"
key = path + "device.pem"
privkey = path + "device_privkey.pem"
CACerts = path + "truststore.concat" # root & intermediate cert
def post():
url = "/url"
headers = {'Content-Type': 'application/xml'}
## This section is HTTPSConnection
context = ssl.SSLContext(ssl.PROTOCOL_TLS)
context.verify_mode = ssl.CERT_OPTIONAL
context.load_cert_chain(key, privkey, password='password')
context.verify_mode = ssl.CERT_NONE
context.load_verify_locations(CACerts)
conn = http.client.HTTPSConnection(host, port=8080, context=context)
conn.request("POST", url, registrationBody, headers)
response = conn.getresponse()
regresp = response.read()
The concat certificate is the concatenation of the root and intermediate certificates.
Are you with me?
Now to my C#/.Net headache.
This my attempt. I clearly don't know what I'm doing here.
public async Task POSTSecure(string pathname, string body)
{
string path = "C:\\path";
string key = path + "device.pem";
string privkey = path + "device_privkey.pem";
string CACerts1 = path + "vtn_root.pem";
string CACerts2 = path + "vtn_int.pem";
try
{
// Create certs from files
X509Certificate2 keyCert = new X509Certificate2(key);
X509Certificate2 rootCert = new X509Certificate2(CACerts1);
X509Certificate2 intCert = new X509Certificate2(CACerts2);
HttpWebRequest request = (System.Net.HttpWebRequest)System.Net.WebRequest.Create("https://" + host + ":" + port + pathname);
ServicePoint currentServicePoint = request.ServicePoint;
// build the client chain?
request.ClientCertificates.Add(keyCert);
request.ClientCertificates.Add(rootCert);
request.ClientCertificates.Add(intCert);
Console.WriteLine("URI: {0}", currentServicePoint.Address);
// This validates the server regardless of whether it should
request.ServerCertificateValidationCallback = ValidateServerCertificate;
request.Method = "POST";
request.ContentType = "application/xml";
request.ContentLength = body.Length;
using (var sendStream = request.GetRequestStream())
{
sendStream.Write(Encoding.UTF8.GetBytes(body), 0, body.Length);
}
var response = (HttpWebResponse)request.GetResponse();
}
catch (Exception e)
{
Console.WriteLine("Post error.");
}
}
Thanks for any help or a pointer to a decent tutorial.
[Edit] More info. On the server side, the debugging points to an empty client certificate chain. This is right after it reports serverhello done.
Okay, I think I was pretty close in the original, but I solved it this way:
request.ClientCertificates = new X509Certificate2Collection(
new X509Certificate2(
truststore,
password));
The "trustore" file is a .p12 containing the certificates listed above. The .p12 truststore can be created from the .jks truststore through keytool and openssl. Lots of info out there on how to do that.
I'm trying to display a list of events from an Outlook calendar using the example request microsoft have here
However, I've no proper experience with using any sort of REST APIs before. Using the URL they provide I should be getting something back but I'm not. Here is the code in my controller:
string uri = "https://outlook.office365.com/api/v1.0/me/events";
var webRequest = (HttpWebRequest)WebRequest.Create(uri);
webRequest.Method = "GET";
string result = "";
try
{
WebClient webClient = new WebClient();
webClient.Encoding = Encoding.UTF8;
result = webClient.DownloadString(uri);
try
{
string returnedString = result;
TempData.Add("myval", result);
ViewBag.result = "returned string " + result;
}
catch (Exception er2)
{
ViewBag.error = er2.Message;
}
ViewBag.secondresult = "first result " + result;
}
catch (Exception er)
{
}
ViewBag.firstResult = "Outside try catch " + result;
ViewBag.url = uri;
return View();
Then in my view I'm calling the ViewBags like this:
<p> here </p>
#ViewBag.url
#ViewBag.firstResult
#ViewBag.result
#ViewBag.error
#ViewBag.secondresult
<p> end </p>
But besides my here and end I get nothing. This is a project that was set up without any input from myself so I'm having to do everything across a network which is why I'm using so many try catches.
Can someone with more experience with using REST APIs tell me if I'm messing something up somewhere?
I don't see any authentication in your code, so it's likely returning a 401. You need to use OAuth2 to get an access token and use that to authenticate your calls. Since you're doing this in C#, you might want to look at the API wrappers on NuGet that implement a lot of this for you. There are some sample starter apps on http://dev.office.com/code-samples that might be helpful too (search for ASP.NET MVC).
I realise there have been a number of similar posts to this but I haven't found a solution yet. Am trying to post some xml to an MPI gateway but keep getting the following error:
Unable to read data from the transport connection: An existing
connection was forcibly closed by the remote host.
Below is the code I'm currently using but have tried just about every different approach I can think of and they all return the same error:
string result = "";
string xml = "<TNSAuthRequest><CardNumber>0123456789</CardNumber><ExpiryDate>1801</ExpiryDate><PurchaseAmt>750</PurchaseAmt><CurrencyCode>826</CurrencyCode><CurrencyExponent>2</CurrencyExponent><CountryCode>826</CountryCode><MerchantName>Mayflower</MerchantName><MerchantId>0123456789</MerchantId><MerchantData>abcdefghijklmnopqrstuvwxyz0123456789</MerchantData><MerchantUrl>example.com</MerchantUrl><NotificationURL>example.com/basket</NotificationURL></TNSAuthRequest>";
var url = "https://mpi.securecxl.com";
byte[] bytes = System.Text.Encoding.ASCII.GetBytes("xmldata=" + xml.ToString());
ServicePointManager.ServerCertificateValidationCallback += new System.Net.Security.RemoteCertificateValidationCallback(ValidateRemoteCertificate);
var req = (HttpWebRequest)WebRequest.Create(url);
req.AllowWriteStreamBuffering = true;
req.ContentType = "text/xml";
req.Method = "POST";
//req.ContentLength = bytes.Length;
req.KeepAlive = false;
req.ProtocolVersion = HttpVersion.Version10;
req.ServicePoint.ConnectionLimit = 1;
//req.Timeout = -1;
try
{
using (var writer = new StreamWriter(req.GetRequestStream(), Encoding.ASCII))
{
writer.WriteLine(bytes);
}
using (WebResponse resp = req.GetResponse())
{
using (StreamReader sr = new StreamReader(resp.GetResponseStream()))
{
result = sr.ReadToEnd().Trim();
}
}
}
catch (Exception ex)
{
result = ex.Message + "<br />" + ex.InnerException.Message + "<br /><br />" + xml.Replace("<", "<");
}
ViewBag.result = result;
Am basically wandering if anyone can see anything that might be wrong with the code that could be causing this error or if it's most likely I problem on the their end? Have tried running on my localhost, our live server and my own private server (with a completely different IP) and still get same result.
Any ideas?
I think its because you are connecting to "https" url. In this case you have to add following line to your code.
ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12;
It will accept "ssl" protocol for your request. "ServicePointManager.ServerCertificateValidationCallback" handler just controls certificate validity.
Slightly better perhaps:
System.Net.ServicePointManager.SecurityProtocol = System.Net.ServicePointManager.SecurityProtocol | System.Net.SecurityProtocolType.Tls12;
#AlisettarHuseynli is right, this sometimes has to do with https. Most likely occurs when the infrastructure gets updates which may mean TLS gets updated for example from TLS1.0 to TLS1.2 Usually happens with some APIs, etcetera.
If the service you are trying to access can be accessed over http, do that. Change the scheme from https to http. Worked in my case. Otherwise you'll have to add code to support higher versions of TLS. Popular software usually have an opt-in option to use TLS1.2 instead of the old TLS1.0.
Does anyone know how to check if a webpage is asking for HTTP Authentication via C# using the WebRequest class? I'm not asking how to post Credentials to the page, just how to check if the page is asking for Authentication.
Current Snippet to get HTML:
WebRequest wrq = WebRequest.Create(address);
wrs = wrq.GetResponse();
Uri uri = wrs.ResponseUri;
StreamReader strdr = new StreamReader(wrs.GetResponseStream());
string html = strdr.ReadToEnd();
wrs.Close();
strdr.Close();
return html;
PHP Server side source:
<?php
if (!isset($_SERVER['PHP_AUTH_USER'])) {
header('WWW-Authenticate: Basic realm="Secure Sign-in"');
header('HTTP/1.0 401 Unauthorized');
echo 'Text to send if user hits Cancel button';
exit;
} else {
echo "<p>Hello {$_SERVER['PHP_AUTH_USER']}.</p>";
echo "<p>You entered {$_SERVER['PHP_AUTH_PW']} as your password.</p>";
}
?>
WebRequest.GetResponse returns an object of type HttpWebResponse. Just cast it and you can retrieve StatusCode.
However, .Net will give you an exception if it receives a response of status 4xx or 5xx (thanks for your feedback).
There is a little workaround, check it out:
HttpWebRequest wrq = (HttpWebRequest)WebRequest.Create(#"http://webstrand.comoj.com/locked/safe.php");
HttpWebResponse wrs = null;
try
{
wrs = (HttpWebResponse)wrq.GetResponse();
}
catch (System.Net.WebException protocolError)
{
if (((HttpWebResponse)protocolError.Response).StatusCode == HttpStatusCode.Unauthorized)
{
//do something
}
}
catch (System.Exception generalError)
{
//run to the hills
}
if (wrs.StatusCode == HttpStatusCode.OK)
{
Uri uri = wrs.ResponseUri;
StreamReader strdr = new StreamReader(wrs.GetResponseStream());
string html = strdr.ReadToEnd();
wrs.Close();
strdr.Close();
}
Hope this helps.
Regards
Might want to try
WebClient wc = new WebClient();
CredentialCache credCache = new CredentialCache();
If you can work with WebClient instead of WebRequest, you should it's a bit higher level, easier to handle headers etc.
Also, might want to check this thread:
System.Net.WebClient fails weirdly
Harvest is the time tracking application that I use at my job. While the web UI is quite simple, there are a few custom features I would like to add. I noticed they have an API... So I want to make a custom desktop client in C# for it.
Just looking at the page, its not very informative. The C# sample that you can find (after doing some digging) doesn't help much either. So... How in the world do I use the API with C#?
Link to API page
Any help would be greatly appreciated :)
Harvest is using a REST API, so what is does is you do a get/put/post request to a web address on the server and it will return a result (usually formatted in XML or JSON (appears to be XML in this case)). A quick Google search returned this tutorial on how to use a REST API, hopefully that will be enough for what you need. If not, feel free to ask us about specific problems you are having using REST and C#
Here I will try to add some more comments to their sample:
using System;
using System.Net;
using System.IO;
using System.Text;
using System.Security.Cryptography.X509Certificates;
using System.Net.Security;
class HarvestSample
{
//This is used to validate the certificate the server gives you,
//it allays assumes the cert is valid.
public static bool Validator (object sender, X509Certificate certificate,
X509Chain chain, SslPolicyErrors sslPolicyErrors)
{
return true;
}
static void Main(string[] args)
{
//setting up the initial request.
HttpWebRequest request;
HttpWebResponse response = null;
StreamReader reader;
StringBuilder sbSource;
//1. Set some variables specific to your account.
//This is the URL that you will be doing your REST call against.
//Think of it as a function in normal library.
string uri = "https://yoursubdomain.harvestapp.com/projects";
string username="youremail#somewhere.com";
string password="yourharvestpassword";
string usernamePassword = username + ":" + password;
//This checks the SSL cert that the server will give us,
//the function is above this one.
ServicePointManager.ServerCertificateValidationCallback = Validator;
try
{
//more setup of the connection
request = WebRequest.Create(uri) as HttpWebRequest;
request.MaximumAutomaticRedirections = 1;
request.AllowAutoRedirect = true;
//2. It's important that both the Accept and ContentType headers
//are set in order for this to be interpreted as an API request.
request.Accept = "application/xml";
request.ContentType = "application/xml";
request.UserAgent = "harvest_api_sample.cs";
//3. Add the Basic Authentication header with username/password string.
request.Headers.Add("Authorization", "Basic " + Convert.
ToBase64String(new ASCIIEncoding().GetBytes(usernamePassword)));
//actually perform the GET request
using (response = request.GetResponse() as HttpWebResponse)
{
//Parse out the XML it returned.
if (request.HaveResponse == true && response != null)
{
reader = new StreamReader(response.GetResponseStream(),
Encoding.UTF8);
sbSource = new StringBuilder(reader.ReadToEnd());
//4. Print out the XML of all projects for this account.
Console.WriteLine(sbSource.ToString());
}
}
}
catch (WebException wex)
{
if (wex.Response != null)
{
using (HttpWebResponse errorResponse = (HttpWebResponse)wex.Response)
{
Console.WriteLine(
"The server returned '{0}' with the status code {1} ({2:d}).",
errorResponse.StatusDescription, errorResponse.StatusCode,
errorResponse.StatusCode);
}
}
else
{
Console.WriteLine( wex);
}
}
finally
{
if (response != null) { response.Close(); }
}
}
}
I've also struggled with their API. Scott's answer is very useful.
Anyway there is a very useful and easy library which is called EasyHttp witch you can find in NuGet.
here is the same method as Scott's but much shorter :):
public static string getProjects()
{
string uri = "https://<companyname>.harvestapp.com/projects";
HttpClient http = new HttpClient();
//Http Header
http.Request.Accept = HttpContentTypes.ApplicationJson;
http.Request.ContentType = HttpContentTypes.ApplicationJson;
http.Request.SetBasicAuthentication(username, password);
http.Request.ForceBasicAuth = true;
HttpResponse response = http.Get(uri);
return response.RawText;
}
If you want to learn more about WebApi calls you can use Fidler or a more easier and RestClient which is a Firefox plugin.
With RestClient you can talk to rest servers directly, very helpful if you want to understand RESTful services.