Client side certificate with strong key protection and WebServices

When you are writing application to run as service or middle tier, which is using client certificates. You should not enable strong key protection during certificate installation. Strong key protection is the way you are informing the system that whenever someone want to use this protected resource (client certifcate) then prompt me for the permission….


Understanding HttpWebRequest Connection Management and ServicepointManager

If you are looking for some information on understanding the basics of HttpWebRequest connection management and servicepointmanager, I just posted an article which could be useful for you.  This is first in the series, in future posting I promise to provide more details about specific scenarios which include Http with authentication and proxy server and also for other…


Understanding System.Net Connection Management and ServicepointManager

If you are already using System.Net.HttpWebRequest class and familiar with request/response programming model for WebRequest in .net frameworks, you might be interested in getting inside the connection management handling of HttpWebRequest and to understand how you could apply it effectively in your application. In this article, you will understand the basics of connection management story…


HttpWebRequest.GetResponse() gives “HTTP protocol violation” error after .net frameworks service packs

This blog is valid for users of .Net frameworks 1.0 SP3 and .Net frameworks 1.1 SP1 The error is really because server is sending response with bad header format, which violates the http protocol specifications. These changes had been made to disallow bad headers. Bad http header could cause security vulnerability based on response-splitting and other attacks based…


Using SSL client certificate in WebRequest and WebServices without certificate installation

If you are using .Net frameworks 1.0 or 1.1, certificate must be installed on either User store or Machine Store. This posting is only valid for v2.0. In version 2.0 (Currently released Whidbey Beta1) user have option to use the certificate which contain the private key without installing it on certificate store. In general it is not recommended…


Establishing cookie based session with WebServices and HttpWebRequest

Create cookie based session with HttpWebRequest One common requirement for Http based application to maintain the session state within the application, if your http based application is using the System.Net.HttpWebRequest class, then you could use Cookiecontainer property to send and recieved the cookies. Important thing to note that you should create a single CookieContainer instance…


SSL https requests with client certificates from ASP.NET

Problem Applications making https request from .net web applications (.aspx pages) are not able to use client certificates. Cause Client certificates are linked to user accounts, ASPX is running under ASPNET account, this account can’t access the certificates installed under user account or system account. HttpWebRequest implementation only access the certificate only from account under…