HttpWebRequest encryption?

  • Thread starter Thread starter Mike Cronin via DotNetMonster.com
  • Start date Start date
M

Mike Cronin via DotNetMonster.com

Hi there,

Can anyone tell me what level of encryption is used when making an HTTPS
POST request through an instance of the System.Net.HttpWebRequest object?

Thanks much in advance!

Mike Cronin
Data On Call - Programmer
 
That is defined by the server certificate. For your specific site, take a
look at the cert and you can see the level of encryption that will be used.

--
--- Nick Malik [Microsoft]
MCSD, CFPS, Certified Scrummaster
http://blogs.msdn.com/nickmalik

Disclaimer: Opinions expressed in this forum are my own, and not
representative of my employer.
I do not answer questions on behalf of my employer. I'm just a
programmer helping programmers.
 
If a 128-bit encrypted client sends an HTTPS POST request to a server that
handles 128-bit encryption, does the client need to do anything more than
what follows...

String url = "https://securesite.com?user=xxx&password=yyy";
HttpWebRequest webRequest = (HttpWebRequest)WebRequest.Create(url);
webRequest.set_ContentType("application/x-www-form-urlencoded");
webRequest.set_ContentLength(query.length());
webRequest.set_Method("POST");
StreamWriter sw = new StreamWriter(webRequest.GetRequestStream());
sw.Write(query.ToString());
sw.Close();

Under the circumstances mentioned, will this simple request produce a 128-
bit encrypted POST?

Is there no need to use System.Security.Cryptography.X509Certificates?

I just need to be clear on the level of encryption.

Any assistance is most appreciated!

Mike Cronin
 
You have some pretty confused code there.

The set_ContentType method is a method of the page object, used only on the
server side.
In addition, it is a method used internally by .NET and is not intended to
be used from your code.

Considering the fact that you are creating an HttpWebRequest object, the
set_ContentType method doesn't apply.

My guess is that you posted this snippet after it failed to compile...
correct?

A good example of the code you need can be found here
http://msdn.microsoft.com/library/e...mnethttpwebrequestclasscontentlengthtopic.asp

And, yes, posting to an HTTPS URL will have the effect of encrypting the
data in-stream. You do not need to use any encryption APIs.
Try it for yourself. Sniff the port. (If you don't have a sniffer, you may
want to try Ethereal or one of the other sniffing utilities that uses
WinPCap to sniff your ports.)

--
--- Nick Malik [Microsoft]
MCSD, CFPS, Certified Scrummaster
http://blogs.msdn.com/nickmalik

Disclaimer: Opinions expressed in this forum are my own, and not
representative of my employer.
I do not answer questions on behalf of my employer. I'm just a
programmer helping programmers.
 
Nope the actual code compiles fine and is used to POST requests to us.

I should have told you that I am working in J#. Using J#, I have a
set_ContentType() not ContentType() method exposed. Sorry about the
confusion.

One other thing, the logic did get a bit tweaked when I modified the
snippet for posting. The following reflects more accurately what is coded
(the URL and query string are separated)...

String url = "https://securesite.com";
String query = "user=xxx&password=yyy";
HttpWebRequest webRequest = (HttpWebRequest)WebRequest.Create(url);
webRequest.set_ContentType("application/x-www-form-urlencoded");
webRequest.set_ContentLength(query.length());
webRequest.set_Method("POST");
StreamWriter sw = new StreamWriter(webRequest.GetRequestStream());
sw.Write(query.ToString());
sw.Close();

Nevertheless, I just wanted to make sure that in the circumstance
previously described the resulting post would be 128-bit encrypted (one of
our clients needs to be certain their data is 128-bit encrypted).

You are awesome for helping out bud!

Thanks for your quick reply!

Mike Cronin
 
I am using the following code to post data to the site on Domino server but
always
gives the following error at this line
Dim streamWriter = New
System.IO.StreamWriter(httpWebRequest.GetRequestStream())

"Operation Timed OUT"
or
"Underlying Connection is Closed.."

I have used the following code :

Dim stringPost = "Username=xxx&Password=yyy"

Dim httpWebRequest As System.Net.HttpWebRequest =
System.Net.HttpWebRequest.Create("https://corpmis.ggn.hcltech.com//names.nsf?Login")


httpWebRequest.ContentType = "application/x-www-form-urlencoded"
httpWebRequest.ContentLength = stringPost.Length
httpWebRequest.Method = "POST"

Dim streamWriter = New
System.IO.StreamWriter(httpWebRequest.GetRequestStream())
streamWriter.Write(stringPost)
streamWriter.Close()

Dim httpWebResponse As System.Net.HttpWebResponse =
httpWebRequest.GetResponse()
Dim streamReader = New
System.IO.StreamReader(httpWebResponse.GetResponseStream())
Dim stringResult = streamReader.ReadToEnd()
streamReader.Close()


Please Help!!!!!

Thanks & Regards,
Neeraj
 
Back
Top