Principle and application of SSL (3) processing HTTPS in. NET development

In asp.net, SQL Server, WCF and other areas of communication, Microsoft provides SSL based security protection mechanism. Unfortunately,. NET does not provide programmatic support for the SSL protocol itself as a basic network protocol such as TCP and UDP. If you want to handle SSL traffic from a protocol perspective or want to build a complete SSL framework, then. NET does not help you, but there is a choice, many Third-party secure communications projects provide support, such as OpenSSL. This does not mean that we will do nothing in this field, the 6th chapter introduces. NET to manipulate the two classes of digital certificates:

Q System.Security.Cryptography.X509Certificates.X509Certificate2 Class

Q System.Security.Cryptography.X509Certificates.X509Store Class

In web development, SSL traffic is implemented by browsers and Web servers to communicate details. Classes that encapsulate the HTTP protocol, such as WebRequest, WebResponse, provide the ability to process HTTPS requests. When we send a request to an HTTPS link in a program, we can get the certificate returned by the server.

Request HTTPS link

When using the WebRequest class to request an HTTPS link, there is no difference between the operation and the request for an ordinary HTTP link. Listing 8-1 shows how to obtain a method of HTTPS linking.

Code Listing 8-1 getting HTTPS links

Try
    
{
    
uri uri = new Uri ("https://www.sample.com/https.aspx");
    
     
    
WebRequest http = httpwebrequest.create (URI);
    
HttpWebResponse response = (HttpWebResponse) http. GetResponse ();
    
Stream stream = Response. GetResponseStream ();
    
}
    
catch (UriFormatException e)
    
{
    
Console.WriteLine ("Invalid URL");
    
}
    
catch (IOException e)
    
{
    
Console.WriteLine ("Connection Failed");
    
}

In Listing 8-1, a simple HTTPS request is created by the HttpWebRequest object's Create method, and a HttpWebResponse object is returned.

Explains that the HttpWebRequest class provides support for the properties and methods defined in WebRequest, and do not use the HttpWebRequest object's constructor when initiating a request to an HTTP server using a HttpWebRequest object. Instead, you should use the WebRequest.Create () method to initialize the new HttpWebRequest object. If the Uniform Resource Identifier scheme is "http://" or "https://", Create () returns the HttpWebResponse object.

Acquisition of certificate information and certificate loading

On the basis of listing 8-1, just a little modification allows the program to adapt to the need to submit a client certificate. As shown in listing 8-2 of the code.

Code Listing 8-2 acquisition of certificate information and certificate loading

public void Test ()
    
     {
    
         uri uri = new uri (' https://www.sample.com/https.aspx ');
    
    
    
         HttpWebRequest HttpRequest = (HttpWebRequest) httpwebrequest.create (URI);
    
             
    
         X509Certificate cer = x509certificate.createfromcertfile ("certificate file Address");
    
         HTTPREQUEST.CLIENTCERTIFICATES.ADD (CER);
    
         HttpWebResponse response = (HttpWebResponse) httprequest.getresponse ();
    
         Stream stream = Response. GetResponseStream ();
    
     }

In Listing 8-2, you first create a X509Certificate object and add it to the WebRequest clientcertificates collection. Our certificate must protect the key information.

On the server side, the client-submitted certificate can be obtained from the context of the client request.

In asp.net, you can obtain certificate information by using the following code:

Request.clientcertificate (Key[subfield])

In the code above, key specifies the name of the certificate field to be obtained, and the different key values have different meanings, subfield as optional fields. The key specific information is shown in table 8-2.