Compact Framework: https through proxy server

  • Thread starter Thread starter Mike
  • Start date Start date
M

Mike

I'm posting this here because no one responded to my post in the compact
framework NG and this is a MSDN "managed" newsgroup and I'm a MSDN
subscriber.

I'm unable to make a https connection through a proxy server using
the compact framework. I can connect with no problem using http, but when I
add the "s" after "http" in the URI, I get a System.Net.WebException raised:
System.Net.WebException.Message = "Could not establish secure channel for
SSL/TLS"

Here is what the code looks like (VB):

----------------------------------------------------------------------------
------
myRequest = Utils.CreateWebRequest("https://www.server.com/page.php")
Try

myResponse = myRequest.GetResponse()

Catch ex As System.Net.WebException ' Exception from above line is caught
here

msgbox ex.message

End Try
----------------------------------------------------------------------------
 
Hi Mike,

First of all, I would like to confirm my understanding of your issue.
From your description, I understand that on a smart device(Pocket PC or
windows CE?), the httpwebrequest in compact framework did not work if we
connect to https website via proxy, but we can connect to https site
directly.(That is to say if we connect to the https website directly the
code should be work).

Have I fully understood you? If there is anything I misunderstood, please
feel free to let me know.

I think you may try to lauch the ie in the pocket pc or windows ce and
navigate to the https website via the proxy, did that work for you?
Can you post the whole StackTrace and the innerexception when the error
occur?(Try to Catch e As Exception)

I look forward to hearding from you.

Best regards,

Peter Huang
Microsoft Online Partner Support

Get Secure! - www.microsoft.com/security
This posting is provided "AS IS" with no warranties, and confers no rights.
 
First of all, I would like to confirm my understanding of your issue.
From your description, I understand that on a smart device(Pocket PC or
windows CE?)
Click to expand...

Pocket PC 2003
, the httpwebrequest in compact framework did not work if we
connect to https website via proxy, but we can connect to https site
directly.(That is to say if we connect to the https website directly the
code should be work).
Correct.

Have I fully understood you? If there is anything I misunderstood, please
feel free to let me know.

I think you may try to lauch the ie in the pocket pc or windows ce and
navigate to the https website via the proxy, did that work for you?
Click to expand...

Yes, that works.
Can you post the whole StackTrace and the innerexception when the error
occur?(Try to Catch e As Exception)
Click to expand...

The StackTrace property is not implemented in the Compact Framework.
InnerException is Nothing.
 
Hi Mike,

I think you may try to set the webproxy when you using the httpwebrequest
to access a https site via proxy.
HttpWebRequest.Proxy Property [C#]
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/cpref/html/
frlrfSystemNetHttpWebRequestClassProxyTopic.asp

To further troubleshoot the problem, you may try to run code on a PC, that
is on the .net framework not the compact framework to see if that works for
you.

Best regards,

Peter Huang
Microsoft Online Partner Support

Get Secure! - www.microsoft.com/security
This posting is provided "AS IS" with no warranties, and confers no rights.
 
Hello Mike,
Can you post a simple repro sample so that I can make sure we are working
on the same code?

Thank you,
Ashley Antony Elenjickal
Devp Support - Windows Embedded
Microsoft Corporation

This posting is provided "AS IS" with no warranties, and confers no rights.


--------------------
| Reply-To: "Mike" <[email protected]>
| From: "Mike" <[email protected]>
| References: <[email protected]>
<[email protected]>
<OWqUFM#[email protected]>
<[email protected]>
| Subject: Re: Compact Framework: https through proxy server
| Date: Wed, 2 Jun 2004 09:50:30 -0400
| Lines: 29
| X-Priority: 3
| X-MSMail-Priority: Normal
| X-Newsreader: Microsoft Outlook Express 6.00.2800.1409
| X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1409
| Message-ID: <#[email protected]>
| Newsgroups: microsoft.public.dotnet.framework
| NNTP-Posting-Host: adsl-068-016-172-251.sip.mco.bellsouth.net
68.16.172.251
| Path:
cpmsftngxa10.phx.gbl!TK2MSFTNGXA01.phx.gbl!TK2MSFTNGP08.phx.gbl!tk2msftngp13
.phx.gbl
| Xref: cpmsftngxa10.phx.gbl microsoft.public.dotnet.framework:72641
| X-Tomcat-NG: microsoft.public.dotnet.framework
|
| I am using the Proxy property. That's why it works with regular http.
|
| | > Hi Mike,
| >
| > I think you may try to set the webproxy when you using the
httpwebrequest
| > to access a https site via proxy.
| > HttpWebRequest.Proxy Property [C#]
| >
|
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/cpref/html/
| > frlrfSystemNetHttpWebRequestClassProxyTopic.asp
| >
| > To further troubleshoot the problem, you may try to run code on a PC,
that
| > is on the .net framework not the compact framework to see if that works
| for
| > you.
| >
| > Best regards,
| >
| > Peter Huang
| > Microsoft Online Partner Support
| >
| > Get Secure! - www.microsoft.com/security
| > This posting is provided "AS IS" with no warranties, and confers no
| rights.
| >
|
|
|
 
Nathan - Thanks for helping with this. I neglected to mention that the
problem only occurrs when the proxy server requires authentication. Your
code works for me when I change the "HTTP Proxy Authentication" setting on
my proxy server to "None". But when I change it to "Required", the code
fails with the "Could not establish secure channel for SSL/TLS" message even
when I specify the correct user name and password for the Credentials
property of the WebProxy object. I know I'm doing it correctly because it
works if I just change "https:" to "http:".

Sorry I forgot to mention the part about proxy authentication earlier. Can
you change your proxy server to require authentication and try it again?
I'm using a proxy server called "Proxy+" which can be downloaded here:
http://www.proxyplus.cz
 
| Nathan - Thanks for helping with this. I neglected to mention that the
| problem only occurrs when the proxy server requires authentication. Your
| code works for me when I change the "HTTP Proxy Authentication" setting on
| my proxy server to "None". But when I change it to "Required", the code
| fails with the "Could not establish secure channel for SSL/TLS" message
even
| when I specify the correct user name and password for the Credentials
| property of the WebProxy object. I know I'm doing it correctly because it
| works if I just change "https:" to "http:".
|
| Sorry I forgot to mention the part about proxy authentication earlier.
Can
| you change your proxy server to require authentication and try it again?
| I'm using a proxy server called "Proxy+" which can be downloaded here:
| http://www.proxyplus.cz
|


Hmm... we're already behind a pretty firm firewall here, for obvious
reasons, so there's not really any way for me to set up an authenticating
proxy server. That is a pretty slick looking little program, though. I
did try it, even though I already knew it wouldn't work - and I was right.
:(

Have you tried my code *without* using authentication on the proxy server?
I'm just wondering if it's really a certificate problem, rather than an
authentication problem. You might also try creating a simple desktop
application, and see if it has the same problems. Here's a site you might
want to take a look at that has some useful sample code:
http://samples.gotdotnet.com/quickstart/howto/doc/WebRequests/clientGETwithP
roxy.aspx

I also found an interesting article on The Code Project site you might look
at. It's in C#, but it shouldn't be difficult to port to VB:

How to use HttpWebRequest and HttpWebResponse in .NET
http://www.codeproject.com/csharp/HttpWebRequest_Response.asp


Looking over these two articles, it looks to me like you might want to use
both the GlobalProxySelection and CredentialCache objects in your code, if
you aren't already. It shouldn't be too difficult to whip up a simple
test program, but I have no way of knowing whether or not it would work.
Can you try some of these ideas out and let me know how it goes?


Thank you,

Nathan Lewis
Support Engineer
Developer Support - Windows Mobile & Embedded Systems
Microsoft Corporation

This posting is provided "AS IS" with no warranties, and confers no rights.

Use of included script samples are subject to the terms specified at
http://www.microsoft.com/info/cpyright.htm
 
As I stated, your code DOES WORK without proxy authentication.

GlobalProxySelection is a different way of specifying the proxy server. I'm
using the Proxy property of the Request object to specify the proxy server,
which works in every case except the combination of https and proxy
authentication.

MSDN Library - "The CredentialCache class stores credentials for multiple
Internet resources." I am only accessing 1 internet resource.
 
Mike,

I got hold of one of the .NET Compact Framework guys and dragged him in on
this issue. He was able to locate a suitable proxy server we could test
with, and we spent several hours working together on this. After talking
with a couple of guys from the development team, and reproducing the
problem for them, the general consensus is that this is a bug in the .NET
Compact Framework. The good news is that this problem has already been
fixed for a future release, though I do not know when that will become
available.

I'm sorry I couldn't give you better news than that. Please let me know if
there is anything further I can do.


Sincerely,

Nathan Lewis
Support Engineer
Developer Support - Windows Mobile & Embedded Systems
Microsoft Corporation

This posting is provided "AS IS" with no warranties, and confers no rights.

Use of included script samples are subject to the terms specified at
http://www.microsoft.com/info/cpyright.htm
 
Thanks for all your help with this Nathan. My only question is, if it is a
known bug, is this bug documented somewhere? We developers should be able
to read about known bugs somewhere so that we don't knock our heads against
a wall trying to get something to work. You would also have been able to
check this list of known bugs so you wouldn't have had to spend so much time
on this.

Thanks again.
 
| Thanks for all your help with this Nathan. My only question is, if it is
a
| known bug, is this bug documented somewhere? We developers should be able
| to read about known bugs somewhere so that we don't knock our heads
against
| a wall trying to get something to work. You would also have been able to
| check this list of known bugs so you wouldn't have had to spend so much
time
| on this.
|
| Thanks again.


Actually, no, it wasn't a known bug - hence all the time spent with the
NETCF developers. But it does seem as if someone noticed it and fixed it
at some point, so I guess that's good. I'll check with my team leader and
see if we can get this documented in a KB article or something.

If you have no objections, I'll go ahead and close this case. Feel free to
post any followup questions you may have, though.


Sincerely,

Nathan Lewis
Support Engineer
Developer Support - Windows Mobile & Embedded Systems
Microsoft Corporation

This posting is provided "AS IS" with no warranties, and confers no rights.

Use of included script samples are subject to the terms specified at
http://www.microsoft.com/info/cpyright.htm
 
| If somebody noticed it, then it was a known bug. Maybe they just didn't
| bother to document it.


I have no idea how something this big slipped by, but I am certainly glad
that there is already a fix in the works. I sincerely apologize for the
inconvenience.


Nathan Lewis
Support Engineer
Developer Support - Windows Mobile & Embedded Systems
Microsoft Corporation

This posting is provided "AS IS" with no warranties, and confers no rights.

Use of included script samples are subject to the terms specified at
http://www.microsoft.com/info/cpyright.htm
 
Mike,

Since you have expressed no objections, I will close this issue. Please
feel free to contact me directly should you have any follow-up questions
related to this issue.


Sincerely,

Nathan Lewis
Support Engineer
Developer Support - Windows Mobile & Embedded Systems
Microsoft Corporation

This posting is provided "AS IS" with no warranties, and confers no rights.

Use of included script samples are subject to the terms specified at
http://www.microsoft.com/info/cpyright.htm
 
Back
Top