HttpWebRequest over SSL

  • Thread starter Thread starter Matt Sollars
  • Start date Start date
M

Matt Sollars

I've exhausted all other avenues with this problem. Any help would be
greatly appreciated.

I am performing a simple POST via a HttpWebRequest object to an SSL URL
(https://). I have attempted this to several different addresses with no
luck. I've tried to supply a new ICertificatePolicy to the
ServicePointManager as well. The oddity of the error that I'm receiving is
it's happening before any data is even sent.

Note: This code works wonderfully from within a console application. The
moment it is executed from a web application, it fails. I've tried
impersonation as well with no luck.

--------------------------
HttpWebRequest WebRequest =
(HttpWebRequest)System.Net.WebRequest.Create("https://www.anywherewithsslsup
port.com");
WebRequest.KeepAlive = true;
WebRequest.ContentType = "application/x-www-form-urlencoded";
WebRequest.Method = "POST";
WebRequest.AllowAutoRedirect = false;

string Data = "anything=really&itdoesnot=matter&whatever=willfail";
WebRequest.ContentLength = Data.Length;

System.IO.Stream RequestStream = WebRequest.GetRequestStream();
--------------------------

The error occurs on the last line of the above code with the following error
message:

System.EntryPointNotFoundException: Unable to find an entry point named
EnumerateSecurityPackagesW in DLL security.dll.


I'm stumped. Can anyone shed some light on this error? It happens on the
both computers that I've tested it on. Both are Win2K with .NET 1.1.

Thank you in advance,

--
Matt Sollars
(e-mail address removed)
-------------------
The Hypersite Network
2002 N. Salisbury Blvd.
Suite C
Salisbury, Maryland 21801
T: 410.749.2000
F: 410.219.3400
http://www.hypersite.net
 
Hello Matt,

The error is often caused by mismatched certificate. Generally spekaing, a
certificate is associated with the user ID of the user who installed the
certificate (this is the certificate user); therefore, the certificate is
available only when that user profile is loaded.

ASP.NET is running under machinename/aspnet account. Since you could run
the code successfully in console app and console app use your logged on
user account, I suggest you change asp.net application running account in
machinel.config. You could check processmodel part in machine.config.
http://msdn.microsoft.com/library/en-us/cpgenref/html/gngrfprocessmodelsecti
on.asp?frame=true

Hope it helps.

Best regards,
Yanhong Huang
Microsoft Online Partner Support

Get Secure! ¨C www.microsoft.com/security
This posting is provided "AS IS" with no warranties, and confers no rights.

--------------------
!From: "Matt Sollars" <[email protected]>
!Subject: HttpWebRequest over SSL
!Date: Wed, 13 Aug 2003 17:05:19 -0400
!Lines: 53
!Organization: Hypersite
!X-Priority: 3
!X-MSMail-Priority: Normal
!X-Newsreader: Microsoft Outlook Express 6.00.2800.1158
!X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165
!Message-ID: <[email protected]>
!Newsgroups: microsoft.public.dotnet.framework.aspnet
!NNTP-Posting-Host: 207.204.29.22
!Path: cpmsftngxa06.phx.gbl!TK2MSFTNGP08.phx.gbl!TK2MSFTNGP12.phx.gbl
!Xref: cpmsftngxa06.phx.gbl microsoft.public.dotnet.framework.aspnet:167651
!X-Tomcat-NG: microsoft.public.dotnet.framework.aspnet
!
!I've exhausted all other avenues with this problem. Any help would be
!greatly appreciated.
!
!I am performing a simple POST via a HttpWebRequest object to an SSL URL
!(https://). I have attempted this to several different addresses with no
!luck. I've tried to supply a new ICertificatePolicy to the
!ServicePointManager as well. The oddity of the error that I'm receiving is
!it's happening before any data is even sent.
!
!Note: This code works wonderfully from within a console application. The
!moment it is executed from a web application, it fails. I've tried
!impersonation as well with no luck.
!
!--------------------------
!HttpWebRequest WebRequest =
!(HttpWebRequest)System.Net.WebRequest.Create("https://www.anywherewithsslsu
p
!port.com");
!WebRequest.KeepAlive = true;
!WebRequest.ContentType = "application/x-www-form-urlencoded";
!WebRequest.Method = "POST";
!WebRequest.AllowAutoRedirect = false;
!
!string Data = "anything=really&itdoesnot=matter&whatever=willfail";
!WebRequest.ContentLength = Data.Length;
!
!System.IO.Stream RequestStream = WebRequest.GetRequestStream();
!--------------------------
!
!The error occurs on the last line of the above code with the following
error
!message:
!
! System.EntryPointNotFoundException: Unable to find an entry point named
!EnumerateSecurityPackagesW in DLL security.dll.
!
!
!I'm stumped. Can anyone shed some light on this error? It happens on the
!both computers that I've tested it on. Both are Win2K with .NET 1.1.
!
!Thank you in advance,
!
!--
!Matt Sollars
[email protected]
! -------------------
!The Hypersite Network
!2002 N. Salisbury Blvd.
!Suite C
!Salisbury, Maryland 21801
!T: 410.749.2000
!F: 410.219.3400
!http://www.hypersite.net
!
!
!
 
Thank you, Yanhong.

Your suggestion worked, but I do not understand. I am not sending a
certificate to the remote server. Nor have I installed a certificate on my
local machine. The console application worked under an account with
Administrator privileges but it works under ANY account with those
privileges. I changed my local machine.config file's processModel userName
attribute to "system" and it worked as a web application.

Maybe my understanding of SSL is a bit elementary. Am I to understand that
to communicate with a server via SSL, some certificate is needed (trusted or
not)? And my browser handles that for me when I enter a https address? If
so, how does my browser pull it off if I am logged on as a very restricted
user? What certificate is used; trusted, self-signed? Can I get around
changing my machine.config file to use a system user by creating a
self-signed certificate and installing it under a special account that has
the same rights as the default machine user (ASPNET)?

I understand that this all may be off-topic for this area and may consume
too much of your time. On that note, if you would please refer me to one or
more resources regarding these questions, I would greatly appreciate it.

Thank you again for your time, Yanhong.

Regards,

--
Matt Sollars
(e-mail address removed)
-------------------
The Hypersite Network
2002 N. Salisbury Blvd.
Suite C
Salisbury, Maryland 21801
T: 410.749.2000
F: 410.219.3400
http://www.hypersite.net



Hello Matt,

The error is often caused by mismatched certificate. Generally spekaing, a
certificate is associated with the user ID of the user who installed the
certificate (this is the certificate user); therefore, the certificate is
available only when that user profile is loaded.

ASP.NET is running under machinename/aspnet account. Since you could run
the code successfully in console app and console app use your logged on
user account, I suggest you change asp.net application running account in
machinel.config. You could check processmodel part in machine.config.
http://msdn.microsoft.com/library/en-us/cpgenref/html/gngrfprocessmodelsecti
on.asp?frame=true

Hope it helps.

Best regards,
Yanhong Huang
Microsoft Online Partner Support

Get Secure! ¨C www.microsoft.com/security
This posting is provided "AS IS" with no warranties, and confers no rights.
 
Hello Matt,

You are welcome. I am glad to be of assistance. :)

To answer your qeuestion, I think we need to start from the process of the Secure Sockets Layer (SSL) Handshake. The
Secure Sockets Layer (SSL) protocol uses a combination of public-key and symmetric-key encryption. An SSL session
always begins with an exchange of messages called the SSL handshake. The handshake allows the server to authenticate
itself to the client by using public-key techniques, and then allows the client and the server to cooperate in the creation of
symmetric keys used for rapid encryption, decryption, and tamper detection during the session that follows. Optionally, the
handshake also allows the client to authenticate itself to the server.

For details, I suggest you refer to KB article "Description of the Secure Sockets Layer (SSL) Handshake"
at http://support.microsoft.com/default.aspx?scid=kb;EN-US;257591

Also, For additional information, refer to the following articles in the Microsoft Knowledge Base:
Description of the Client Authentication Process During the SSL Handshake
http://support.microsoft.com/default.aspx?scid=kb;EN-US;257586
Description of the Server Authentication Process During the SSL Handshake
http://support.microsoft.com/default.aspx?scid=kb;EN-US;257587

Hope it helps.

Best regards,
Yanhong Huang
Microsoft Online Partner Support

Get Secure! - www.microsoft.com/security
This posting is provided "AS IS" with no warranties, and confers no rights.

--------------------
!From: "Matt Sollars" <[email protected]>
!References: <[email protected]> <[email protected]>
!Subject: Re: HttpWebRequest over SSL
!Date: Thu, 14 Aug 2003 09:14:34 -0400
!Lines: 66
!Organization: Hypersite
!X-Priority: 3
!X-MSMail-Priority: Normal
!X-Newsreader: Microsoft Outlook Express 6.00.2800.1158
!X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165
!Message-ID: <[email protected]>
!Newsgroups: microsoft.public.dotnet.framework.aspnet
!NNTP-Posting-Host: 207.204.29.22
!Path: cpmsftngxa06.phx.gbl!TK2MSFTNGP08.phx.gbl!TK2MSFTNGP10.phx.gbl
!Xref: cpmsftngxa06.phx.gbl microsoft.public.dotnet.framework.aspnet:167847
!X-Tomcat-NG: microsoft.public.dotnet.framework.aspnet
!
!Thank you, Yanhong.
!
!Your suggestion worked, but I do not understand. I am not sending a
!certificate to the remote server. Nor have I installed a certificate on my
!local machine. The console application worked under an account with
!Administrator privileges but it works under ANY account with those
!privileges. I changed my local machine.config file's processModel userName
!attribute to "system" and it worked as a web application.
!
!Maybe my understanding of SSL is a bit elementary. Am I to understand that
!to communicate with a server via SSL, some certificate is needed (trusted or
!not)? And my browser handles that for me when I enter a https address? If
!so, how does my browser pull it off if I am logged on as a very restricted
!user? What certificate is used; trusted, self-signed? Can I get around
!changing my machine.config file to use a system user by creating a
!self-signed certificate and installing it under a special account that has
!the same rights as the default machine user (ASPNET)?
!
!I understand that this all may be off-topic for this area and may consume
!too much of your time. On that note, if you would please refer me to one or
!more resources regarding these questions, I would greatly appreciate it.
!
!Thank you again for your time, Yanhong.
!
!Regards,
!
!--
!Matt Sollars
[email protected]
! -------------------
!The Hypersite Network
!2002 N. Salisbury Blvd.
!Suite C
!Salisbury, Maryland 21801
!T: 410.749.2000
!F: 410.219.3400
!http://www.hypersite.net
!
!
!
!!Hello Matt,
!
!The error is often caused by mismatched certificate. Generally spekaing, a
!certificate is associated with the user ID of the user who installed the
!certificate (this is the certificate user); therefore, the certificate is
!available only when that user profile is loaded.
!
!ASP.NET is running under machinename/aspnet account. Since you could run
!the code successfully in console app and console app use your logged on
!user account, I suggest you change asp.net application running account in
!machinel.config. You could check processmodel part in machine.config.
!http://msdn.microsoft.com/library/en-us/cpgenref/html/gngrfprocessmodelsecti
!on.asp?frame=true
!
!Hope it helps.
!
!Best regards,
!Yanhong Huang
!Microsoft Online Partner Support
!
!Get Secure! ¨C www.microsoft.com/security
!This posting is provided "AS IS" with no warranties, and confers no rights.
!
!
!
 
Thanks again for all your help, Yanhong. I only have one more inquiry. Would
I be able to get around all of this by simply signing the assembly?

Regards,

Matt


Hello Matt,

You are welcome. I am glad to be of assistance. :)

To answer your qeuestion, I think we need to start from the process of the
Secure Sockets Layer (SSL) Handshake. The
Secure Sockets Layer (SSL) protocol uses a combination of public-key and
symmetric-key encryption. An SSL session
always begins with an exchange of messages called the SSL handshake. The
handshake allows the server to authenticate
itself to the client by using public-key techniques, and then allows the
client and the server to cooperate in the creation of
symmetric keys used for rapid encryption, decryption, and tamper detection
during the session that follows. Optionally, the
handshake also allows the client to authenticate itself to the server.

For details, I suggest you refer to KB article "Description of the Secure
Sockets Layer (SSL) Handshake"
at http://support.microsoft.com/default.aspx?scid=kb;EN-US;257591

Also, For additional information, refer to the following articles in the
Microsoft Knowledge Base:
Description of the Client Authentication Process During the SSL Handshake
http://support.microsoft.com/default.aspx?scid=kb;EN-US;257586
Description of the Server Authentication Process During the SSL Handshake
http://support.microsoft.com/default.aspx?scid=kb;EN-US;257587

Hope it helps.

Best regards,
Yanhong Huang
Microsoft Online Partner Support

Get Secure! - www.microsoft.com/security
This posting is provided "AS IS" with no warranties, and confers no rights.
 
Hello Matt,

I suspect it, since the problem is that you could only connect to SSL using a domain account instead of machine\aspnet
account. But you could test first.

Please refer to:
"HOW TO: Secure an ASP.NET Application Using Client-Side Certificates"
http://support.microsoft.com/?id=315588

"HOW TO: Secure XML Web Services with Secure Socket Layer in Windows 2000"
http://support.microsoft.com/?id=307267

"HOW TO: Secure XML Web Services with Secure Socket Layer in Windows Server 2003"
http://support.microsoft.com/?id=324284

Hope them help.

Best regards,
Yanhong Huang
Microsoft Online Partner Support

Get Secure! - www.microsoft.com/security
This posting is provided "AS IS" with no warranties, and confers no rights.

--------------------
!From: "Matt Sollars" <[email protected]>
!References: <[email protected]> <[email protected]>
<[email protected]> <[email protected]>
!Subject: Re: HttpWebRequest over SSL
!Date: Mon, 18 Aug 2003 10:31:07 -0400
!Lines: 47
!Organization: Hypersite
!X-Priority: 3
!X-MSMail-Priority: Normal
!X-Newsreader: Microsoft Outlook Express 6.00.2800.1158
!X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165
!Message-ID: <[email protected]>
!Newsgroups: microsoft.public.dotnet.framework.aspnet
!NNTP-Posting-Host: 207.204.29.22
!Path: cpmsftngxa06.phx.gbl!TK2MSFTNGP08.phx.gbl!TK2MSFTNGP10.phx.gbl
!Xref: cpmsftngxa06.phx.gbl microsoft.public.dotnet.framework.aspnet:168766
!X-Tomcat-NG: microsoft.public.dotnet.framework.aspnet
!
!Thanks again for all your help, Yanhong. I only have one more inquiry. Would
!I be able to get around all of this by simply signing the assembly?
!
!Regards,
!
!Matt
!
!
!!Hello Matt,
!
!You are welcome. I am glad to be of assistance. :)
!
!To answer your qeuestion, I think we need to start from the process of the
!Secure Sockets Layer (SSL) Handshake. The
!Secure Sockets Layer (SSL) protocol uses a combination of public-key and
!symmetric-key encryption. An SSL session
!always begins with an exchange of messages called the SSL handshake. The
!handshake allows the server to authenticate
!itself to the client by using public-key techniques, and then allows the
!client and the server to cooperate in the creation of
!symmetric keys used for rapid encryption, decryption, and tamper detection
!during the session that follows. Optionally, the
!handshake also allows the client to authenticate itself to the server.
!
!For details, I suggest you refer to KB article "Description of the Secure
!Sockets Layer (SSL) Handshake"
!at http://support.microsoft.com/default.aspx?scid=kb;EN-US;257591
!
!Also, For additional information, refer to the following articles in the
!Microsoft Knowledge Base:
!Description of the Client Authentication Process During the SSL Handshake
!http://support.microsoft.com/default.aspx?scid=kb;EN-US;257586
!Description of the Server Authentication Process During the SSL Handshake
!http://support.microsoft.com/default.aspx?scid=kb;EN-US;257587
!
!Hope it helps.
!
!Best regards,
!Yanhong Huang
!Microsoft Online Partner Support
!
!Get Secure! - www.microsoft.com/security
!This posting is provided "AS IS" with no warranties, and confers no rights.
!
!
!
 
Thank you, Yanhong. I shall look into it. Your input has been valuable.

Regards,

Matt


Hello Matt,

I suspect it, since the problem is that you could only connect to SSL using
a domain account instead of machine\aspnet
account. But you could test first.

Please refer to:
"HOW TO: Secure an ASP.NET Application Using Client-Side Certificates"
http://support.microsoft.com/?id=315588

"HOW TO: Secure XML Web Services with Secure Socket Layer in Windows 2000"
http://support.microsoft.com/?id=307267

"HOW TO: Secure XML Web Services with Secure Socket Layer in Windows Server
2003"
http://support.microsoft.com/?id=324284

Hope them help.

Best regards,
Yanhong Huang
Microsoft Online Partner Support

Get Secure! - www.microsoft.com/security
This posting is provided "AS IS" with no warranties, and confers no rights.
 
Hello Matt,

You are welcome. Thanks very much for participating the community.

Best regards,
Yanhong Huang
Microsoft Online Partner Support

Get Secure! - www.microsoft.com/security
This posting is provided "AS IS" with no warranties, and confers no rights.

--------------------
!From: "Matt Sollars" <[email protected]>
!References: <[email protected]> <[email protected]>
<[email protected]> <[email protected]> <O0W
[email protected]> <[email protected]>
!Subject: Re: HttpWebRequest over SSL
!Date: Tue, 19 Aug 2003 13:53:37 -0400
!Lines: 36
!Organization: Hypersite
!X-Priority: 3
!X-MSMail-Priority: Normal
!X-Newsreader: Microsoft Outlook Express 6.00.2800.1158
!X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165
!Message-ID: <[email protected]>
!Newsgroups: microsoft.public.dotnet.framework.aspnet
!NNTP-Posting-Host: 207.204.29.22
!Path: cpmsftngxa06.phx.gbl!TK2MSFTNGP08.phx.gbl!TK2MSFTNGP12.phx.gbl
!Xref: cpmsftngxa06.phx.gbl microsoft.public.dotnet.framework.aspnet:169251
!X-Tomcat-NG: microsoft.public.dotnet.framework.aspnet
!
!Thank you, Yanhong. I shall look into it. Your input has been valuable.
!
!Regards,
!
!Matt
!
!
!!Hello Matt,
!
!I suspect it, since the problem is that you could only connect to SSL using
!a domain account instead of machine\aspnet
!account. But you could test first.
!
!Please refer to:
!"HOW TO: Secure an ASP.NET Application Using Client-Side Certificates"
!http://support.microsoft.com/?id=315588
!
!"HOW TO: Secure XML Web Services with Secure Socket Layer in Windows 2000"
!http://support.microsoft.com/?id=307267
!
!"HOW TO: Secure XML Web Services with Secure Socket Layer in Windows Server
!2003"
!http://support.microsoft.com/?id=324284
!
!Hope them help.
!
!Best regards,
!Yanhong Huang
!Microsoft Online Partner Support
!
!Get Secure! - www.microsoft.com/security
!This posting is provided "AS IS" with no warranties, and confers no rights.
!
!
!
 
Back
Top