All geek questions in one place

How to determine client certificate authentication request in HTTPWebRequest?

I am using HTTPWebRequest to access a page that requires a client certificate!

I use the following code and everything works!

  HttpWebRequest myReq = (HttpWebRequest)WebRequest.Create(textBox1.Text); X509Certificate2 userCert = SelectClientCertificate(); if (userCert != null) myReq.ClientCertificates.Add(userCert); HttpWebResponse myResp = (HttpWebResponse)myReq.GetResponse();

Now here is my problem, since my call to SelectClientCertificate() shows a dialog box allowing the user to select a certificate, I don’t want to show a dialog box if the server does not request client authentication! I'm actually looking for Internet Explorer behaviorism. When accessing a page for which the server requires client client authentication, you get a certificate selection dialog box that otherwise displays differently!

I looked at the AuthenticationManager , but I'm not sure if I really need to register my own AuthenticationModule! so some hint for me?

I also checked StatusCode for 403 or 403.7, but the server I am currently working with will also return 200 if there is no Certificate stating that I have not logged in!

+4
source share
1 answer

Why do you want to check what the server wants? This request is done over https, just ask for a certificate.

If I remember well, the server owes nothing to anyone. It is the responsibility of the client to start communicating with SSL handshaking, and the client / server to exchange certificates before the real connection with HTTP occurs. You cannot determine if the server requires a certificate. If you try to talk to him, and if you do not start with a certificate, and if the server wants to receive a certificate, the server will disconnect and remain silent, or perhaps it will return some random error code.

You can try to detect early detection if the server tries to do a handshake before trying to create / send a request for it, but you will need to make the layer lower, at the TCP level. Try checking out the RFCs that describe HTTPS negotiations or the handshake prefix, maybe this will help you a bit.

Or just try making an HTTP request without an S request, and if it fails, retry the request with the certificate request and try again using HTTPS. I think your users will survive.

0
source

Source: https://habr.com/ru/post/1396630/

More articles:


All Articles