[Mono-list] HttpWebRequest and client certificates

Sebastien Pouliot sebastien.pouliot at gmail.com
Mon May 7 13:25:38 EDT 2007 

Bonjour Samuel,

On Wed, 2007-05-02 at 14:29 +0200, Samuel CARRIERE wrote:

5 days to get this email ? I guess/hope you're not subscribed to the
list.

> >On Mon, 2007-03-12 at 17:46 +0100, Michal Ziemski wrote:
> >> Hi!
> >> 
> >> Does HttpWebRequest support client certificates in mono?
> >> Th FAQ 
> >>
> (http://www.mono-project.com/FAQ:_Security#Are_SSL_client_certificates_supported_.3F)
> >> states it doesn't in 1.1, but might in 2.0
> >> 
> >> Does it work in 2.0?
> >
> >There as been progress, both for the new X509Certificate2 and
> X509Store
> >classes, but the HttpWebRequest code hasn't yet been updated. This
> part
> >is somewhat interlocked with the new SslStream class (2.0) and how
> we'll
> >provide it. 
> >
> >However at this stage it may be possible to make a quick hack to add
> >client-side certificate support for *some* 2.0 apps (depending on how
> >the certificate is loaded).
> >
> >> 
> >> Cheers!
> >> Michal Ziemski
> >> 
>  
> Hi everybody,
>  
> I am working on a C# mono application that needs client certificates
> to call a webservice.
> Sebastien, can you explain a bit what sort of "quick hack" it may be
> possible to make, to
> make this following test code work ?
>  
>  static void Main(string[] args)
>  {
>     // Instanciate webservice client
>     WSAddition.Addition client = new testWsSSL.WSAddition.Addition();
>     X509Certificate2 Cert = new
> X509Certificate2("/my/clientCertificate.p12", "password");
>     client.ClientCertificates.Add(Cert); 
>     // Call webservice method
>     int result = client.add(5,6);
>     Console.WriteLine("Result : " + result);
>  }
> 
> Does it require to hack the HttpWebRequest class ?

Yes, but it should be simple. The hack is to supply the private key
(available from X509Certificate2) to the SSL code.

It would probably take me much longer to set up a client and server web
service to test it than to implement it. However if you open a bug
report (http://bugzilla.ximian.com) with a client, working with a public
SSL/client certificate web service, I should be able to add this fairly
quickly.
-- 
Sebastien Pouliot  <sebastien at ximian.com>
Blog: http://pages.infinit.net/ctech/

More information about the Mono-list mailing list