SSL has to be enabled to connect to a https site? - c#

I have to send a request as https post to a third party Apache server.
It seems my code is fine as testing to an aspx page shows parameters without any problem, but when I tried to conect to Apache server answers like I didn't send anything.
As I've been digging a bit more, I found out a reference to "servers handshake". Does this mean IIS has to have SSL enabled to conect to the Apache Server?

I don't think so.
the ability to call https from your code (hosted on iis) doesn't involves iis ssl settings.
you need to make sure you ignore certificate errors (if there are some) and it should work.

Related

How to bypass Untrusted certificate error from GWT client side code?

I created a self hosted HTTPS WCF web service running on my Localhost machine. Now i make a request to this web service from a GWT based application hosted on some domain.
I use self-signed X.509certificate which is not approved yet. Whenever my GWT application make requests, It shows an error because of untrusted Certificate. Can i bypass this error from my GWT client code or suggest me an alternative solutions ?
Is there are any other protocol which supports WCF service that we can use for communication and will not trigger the security alert from browser?
Updated
Whole scenario:
You installed a exe in your system, which take cares of WCF web service and importing certificate to your local machine.
You open a GWT based website from your browser. Let's say some.com
some.com continuously polling a request to his/her local machine. Let's say on https://localhost:8098/{someendpoint}
But because of this HTTPS and untrusted certificate. It is not able to make request.
since you said
Let's start with local testing
How about installing your self signed certificate onto the machine on which you are testing the GWT ?
You should be able to double click the certificate and follow the prompts/wizard to install it.
This applies to development only (for production you'd need a proper certificate)

Request.URL always returns http even though SSL is enabled

I have prepared an ASP.NET web application (ASP.NET V2.0) and I configured it in my IIS (V7.5). I used Request.Url.AbsoluteUri in my application and it works fine in my server. I deployed the web application on my client's server machine (2008 R2 Server). But in my client's environment Request.Url.AbsoluteUri always return http url even though they enabled SSL. Whether any IIS settings configured on my client's server machine? Please guide me
I have seen this before. The reason was that the load balancer at the production site terminated the SSL connection. It by itself connected to IIS using HTTP only. This scheme is a way to offload the SSL computations to the load balancer. It means that the IIS application does never see the HTTPS protocol although the browser does see it.
As spender pointed out in the comments, please see the HTTP headers arriving at your application. The load balancer is likely to add information to them that allows you to reconstruct everything.
If you want to check whether request is HTTP or HTTPS. You should check headers. Below link really helped me to solve it.
http://www.bugdebugzone.com/2013/12/identifying-https-or-ssl-connection-in.html

How can we call SSL Web Service from SQL Server CLR?

I have a web service and I want to call it from https. What is the solution?
This work for http.
Since I have a pretty good background in server setup, I will try and tackle this question.
First off, you need to set up SSL on your website. This involves buying a SSL Certificate or self signing one. Once you have a SSL certificate you need to set up your server to use it and serve your website through SSL.
As for you web code, the service you are hosting will work just fine under SSL as without. You will just have to change how you call it to use https:// instead of http://.
If you are trying to secure sensitive data you may want to set up your web server to redirect all non SSL requests to the the same path but under SSL by changing http:// in the path to https://. Any decent server administrator should know how to do this.

NotFound for HTTPS Endpoint When Decrypting HTTPS Traffic

I'm currently developing an application in C# for Windows Phone against an HTTPS web service. An example of the endpoint that I'm accessing is as follows: https://apitest.letsfreckle.com/api/projects.json?token=lx3gi6pxdjtjn57afp8c2bv1me7g89j
When I inspect the network traffic using Fiddler with the "Decrypt HTTPS traffic" option enabled I get a "NotFound" exception in my code. If I disable the "Decrypt HTTPS traffic" option in Fiddler, then I get the response that I would expect in my code.
In Fiddler, I see the HTTP CONNECT request with a result of 200, but nothing else.
I'm using Fiddler v2.3.7.4 beta on 64-bit Windows 7 with no filters. I have no proxy servers configured and the problem persists if I disable my anti-virus protection (Microsoft Security Essentials). I have tried removing the interception certificates and the root and site-specific certificates are correctly re-created.
I appreciate that this scenario works perfectly well for the many Fiddler users out there, but would be grateful if you could shed any light on why it's not working for me.
UPDATE: I can hit the endpoint and get a response just fine using a browser and when not decrypting HTTPS traffic through Fiddler and when Fiddler is not involved.
You can install the certificate on the emulator, I use an HTTPS endopoint in my app too and I can decrypt the traffic.
You need to visit with IE Mobile this URL: http://yourmachine:8888/ and click on the link "install the root certificate", after you should be able to see the traffic beyond the handshake (CONNECT)
You need to start Fiddler bedore the emulator I think.

What do I need to know to create a website that uses HTTPS?

I know ASP.NET, and know why people use HTTPS and I know a bit about IIS, but I have never created a HTTPS website or page in my site.
How can I create a HTTPS website?
How can I only make my login page HTTPS in a normal HTTP project?
Are there any other considerations I need to be aware of when using HTTPS?
HTTPS means HTTP and SSL. So to create a HTTPS website, you need to create a normal website and a SSL layer to ensure the secure connection between your web server and web browser. Your web server will need a SSL certificate that you can generate yourself for private or development purpose or to get a trusted certificate from a trusted vendors.
Redirect your login page to https://yoursite/loginpage to obtain a HTTPS page.
You can get a free SSL certificate from cert.startcom.org
In IIS7 you simply add https binding to website on which you want to use SSL.
For this is necessary to have a certificate. You can use self-signed certificate or buy it from VeriSign, Thawte,...
You can use your pages same way as in http. SSL is not for user autentication, but for securing communication chanel. You can only check if is used secure connection
if (Request.IsSecureConnection)
{
}

Categories

Resources