This message was discovered on microsoft.public.dotnet.framework.
Responses highlighted in red are from those people who are likely to be able to contribute good, authoratitive information to this discussion. They include Microsoft employees, MVP's and others who IMHO contribute well to these kinds of discussions.
| Mike |
I'm posting this here because no one responded to my post in the compact
framework NG and this is a MSDN "managed" newsgroup and I'm a MSDN
subscriber.
I'm unable to make a https connection through a proxy server using
the compact framework. I can connect with no problem using http, but when I
add the "s" after "http" in the URI, I get a System.Net.WebException raised:
System.Net.WebException.Message = "Could not establish secure channel for
SSL/TLS"
Here is what the code looks like (VB):
----------------------------------------------------------------------------
------
myRequest = Utils.CreateWebRequest("https://www.server.com/page.php")
Try
myResponse = myRequest.GetResponse()
Catch ex As System.Net.WebException ' Exception from above line is caught
here
msgbox ex.message
End Try
----------------------------------------------------------------------------
-----
I can also connect to the https address without a proxy server so it seems
to be the combination of https and the proxy server that is the problem. I
have seen other posts about this, but no resolutions.
|
|
|
| |
|
| |
| |
| Peter Huang (VIP) |
Hi Mike,
First of all, I would like to confirm my understanding of your issue.
From your description, I understand that on a smart device(Pocket PC or
windows CE?), the httpwebrequest in compact framework did not work if we
connect to https website via proxy, but we can connect to https site
directly.(That is to say if we connect to the https website directly the
code should be work).
Have I fully understood you? If there is anything I misunderstood, please
feel free to let me know.
I think you may try to lauch the ie in the pocket pc or windows ce and
navigate to the https website via the proxy, did that work for you?
Can you post the whole StackTrace and the innerexception when the error
occur?(Try to Catch e As Exception)
I look forward to hearding from you.
Best regards,
Peter Huang
Microsoft Online Partner Support
Get Secure! - www.microsoft.com/security
This posting is provided "AS IS" with no warranties, and confers no rights.
|
|
|
| |
|
|
| |
| |
| Mike |
[Original message clipped]
Pocket PC 2003
[Original message clipped]
Correct.
[Original message clipped]
Yes, that works.
[Original message clipped]
The StackTrace property is not implemented in the Compact Framework.
InnerException is Nothing.
|
|
|
| |
|
|
| |
| |
| Peter Huang (VIP) |
Hi Mike,
I think you may try to set the webproxy when you using the httpwebrequest
to access a https site via proxy.
HttpWebRequest.Proxy Property [C#]
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/cpref/html/
frlrfSystemNetHttpWebRequestClassProxyTopic.asp
To further troubleshoot the problem, you may try to run code on a PC, that
is on the .net framework not the compact framework to see if that works for
you.
Best regards,
Peter Huang
Microsoft Online Partner Support
Get Secure! - www.microsoft.com/security
This posting is provided "AS IS" with no warranties, and confers no rights.
|
|
|
| |
|
|
| |
| |
| Mike |
I am using the Proxy property. That's why it works with regular http.
""Peter Huang"" <Click here to reveal e-mail address> wrote in message
news:Click here to reveal e-mail address...
[Original message clipped]
|
|
|
| |
|
| |
| |
| Ashley A Elenjickal [MS] (VIP) |
Hello Mike,
Can you post a simple repro sample so that I can make sure we are working
on the same code?
Thank you,
Ashley Antony Elenjickal
Devp Support - Windows Embedded
Microsoft Corporation
This posting is provided "AS IS" with no warranties, and confers no rights.
--------------------
| Reply-To: "Mike" <Click here to reveal e-mail address>
| From: "Mike" <Click here to reveal e-mail address>
| References: <Click here to reveal e-mail address>
<Click here to reveal e-mail address>
<OWqUFM#Click here to reveal e-mail address>
<Click here to reveal e-mail address>
| Subject: Re: Compact Framework: https through proxy server
| Date: Wed, 2 Jun 2004 09:50:30 -0400
| Lines: 29
| X-Priority: 3
| X-MSMail-Priority: Normal
| X-Newsreader: Microsoft Outlook Express 6.00.2800.1409
| X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1409
| Message-ID: <#Click here to reveal e-mail address>
| Newsgroups: microsoft.public.dotnet.framework
| NNTP-Posting-Host: adsl-068-016-172-251.sip.mco.bellsouth.net
68.16.172.251
| Path:
cpmsftngxa10.phx.gbl!TK2MSFTNGXA01.phx.gbl!TK2MSFTNGP08.phx.gbl!tk2msftngp13
.phx.gbl
| Xref: cpmsftngxa10.phx.gbl microsoft.public.dotnet.framework:72641
| X-Tomcat-NG: microsoft.public.dotnet.framework
|
| I am using the Proxy property. That's why it works with regular http.
|
| ""Peter Huang"" <Click here to reveal e-mail address> wrote in message
| news:Click here to reveal e-mail address...
| > Hi Mike,
| >
| > I think you may try to set the webproxy when you using the
httpwebrequest
| > to access a https site via proxy.
| > HttpWebRequest.Proxy Property [C#]
| >
|
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/cpref/html/
| > frlrfSystemNetHttpWebRequestClassProxyTopic.asp
| >
| > To further troubleshoot the problem, you may try to run code on a PC,
that
| > is on the .net framework not the compact framework to see if that works
| for
| > you.
| >
| > Best regards,
| >
| > Peter Huang
| > Microsoft Online Partner Support
| >
| > Get Secure! - www.microsoft.com/security
| > This posting is provided "AS IS" with no warranties, and confers no
| rights.
| >
|
|
|
|
|
|
| |
|
|
| |
| |
| Mike |
No, sorry, I don't have time for that. You should attempt an https request
through a proxy server using the WebRequest object in the compact framework.
Let me know if it works for you.
""Ashley A Elenjickal [MS]"" <Click here to reveal e-mail address> wrote in
message news:Click here to reveal e-mail address...
[Original message clipped]
|
|
|
| |
|
| |
| |
| Nathan Lewis (VIP) |
Mike,
I was asked to help out on this problem, so I created a small Pocket PC
2003 application that includes the following code:
Private Function GetWebResponse( _
ByVal ProxyName As String, _
ByVal URI As String) As Net.WebResponse
Dim Request As Net.WebRequest
Request = Net.HttpWebRequest.Create(URI)
Request.ContentType = "text/html"
Request.Proxy = New Net.WebProxy(ProxyName)
GetWebResponse = Request.GetResponse()
End Function
Using the above code, I was able to connect to https://www.verisign.com
through our proxy server here with no problems. If this code does not work
for you, could you please give me an example of a secure site you are
having problems with, so that I can test against that site? Also, how are
you specifying the name of your proxy server, etc.? Any details you can
provide would be a tremendous help.
Thank you,
Nathan Lewis
Support Engineer
Developer Support - Windows Mobile & Embedded Systems
Microsoft Corporation
This posting is provided "AS IS" with no warranties, and confers no rights.
|
|
|
| |
|
|
| |
| |
| Mike |
Nathan - Thanks for helping with this. I neglected to mention that the
problem only occurrs when the proxy server requires authentication. Your
code works for me when I change the "HTTP Proxy Authentication" setting on
my proxy server to "None". But when I change it to "Required", the code
fails with the "Could not establish secure channel for SSL/TLS" message even
when I specify the correct user name and password for the Credentials
property of the WebProxy object. I know I'm doing it correctly because it
works if I just change "https:" to "http:".
Sorry I forgot to mention the part about proxy authentication earlier. Can
you change your proxy server to require authentication and try it again?
I'm using a proxy server called "Proxy+" which can be downloaded here:
http://www.proxyplus.cz
"Nathan Lewis" <Click here to reveal e-mail address> wrote in message
news:Click here to reveal e-mail address...
[Original message clipped]
|
|
|
| |
|
|
| |
| |
| Nathan Lewis (VIP) |
| Nathan - Thanks for helping with this. I neglected to mention that the
| problem only occurrs when the proxy server requires authentication. Your
| code works for me when I change the "HTTP Proxy Authentication" setting on
| my proxy server to "None". But when I change it to "Required", the code
| fails with the "Could not establish secure channel for SSL/TLS" message
even
| when I specify the correct user name and password for the Credentials
| property of the WebProxy object. I know I'm doing it correctly because it
| works if I just change "https:" to "http:".
|
| Sorry I forgot to mention the part about proxy authentication earlier.
Can
| you change your proxy server to require authentication and try it again?
| I'm using a proxy server called "Proxy+" which can be downloaded here:
| http://www.proxyplus.cz
|
Hmm... we're already behind a pretty firm firewall here, for obvious
reasons, so there's not really any way for me to set up an authenticating
proxy server. That is a pretty slick looking little program, though. I
did try it, even though I already knew it wouldn't work - and I was right.
:(
Have you tried my code *without* using authentication on the proxy server?
I'm just wondering if it's really a certificate problem, rather than an
authentication problem. You might also try creating a simple desktop
application, and see if it has the same problems. Here's a site you might
want to take a look at that has some useful sample code:
http://samples.gotdotnet.com/quickstart/howto/doc/WebRequests/clientGETwithP
roxy.aspx
I also found an interesting article on The Code Project site you might look
at. It's in C#, but it shouldn't be difficult to port to VB:
How to use HttpWebRequest and HttpWebResponse in .NET
http://www.codeproject.com/csharp/HttpWebRequest_Response.asp
Looking over these two articles, it looks to me like you might want to use
both the GlobalProxySelection and CredentialCache objects in your code, if
you aren't already. It shouldn't be too difficult to whip up a simple
test program, but I have no way of knowing whether or not it would work.
Can you try some of these ideas out and let me know how it goes?
Thank you,
Nathan Lewis
Support Engineer
Developer Support - Windows Mobile & Embedded Systems
Microsoft Corporation
This posting is provided "AS IS" with no warranties, and confers no rights.
Use of included script samples are subject to the terms specified at
http://www.microsoft.com/info/cpyright.htm
|
|
|
| |
|
|
| |
| |
| Mike |
As I stated, your code DOES WORK without proxy authentication.
GlobalProxySelection is a different way of specifying the proxy server. I'm
using the Proxy property of the Request object to specify the proxy server,
which works in every case except the combination of https and proxy
authentication.
MSDN Library - "The CredentialCache class stores credentials for multiple
Internet resources." I am only accessing 1 internet resource.
[Original message clipped]
|
|
|
| |
|
| |
| |
| Nathan Lewis (VIP) |
Mike,
I got hold of one of the .NET Compact Framework guys and dragged him in on
this issue. He was able to locate a suitable proxy server we could test
with, and we spent several hours working together on this. After talking
with a couple of guys from the development team, and reproducing the
problem for them, the general consensus is that this is a bug in the .NET
Compact Framework. The good news is that this problem has already been
fixed for a future release, though I do not know when that will become
available.
I'm sorry I couldn't give you better news than that. Please let me know if
there is anything further I can do.
Sincerely,
Nathan Lewis
Support Engineer
Developer Support - Windows Mobile & Embedded Systems
Microsoft Corporation
This posting is provided "AS IS" with no warranties, and confers no rights.
Use of included script samples are subject to the terms specified at
http://www.microsoft.com/info/cpyright.htm
|
|
|
| |
|
|
| |
| |
| Mike |
Thanks for all your help with this Nathan. My only question is, if it is a
known bug, is this bug documented somewhere? We developers should be able
to read about known bugs somewhere so that we don't knock our heads against
a wall trying to get something to work. You would also have been able to
check this list of known bugs so you wouldn't have had to spend so much time
on this.
Thanks again.
"Nathan Lewis" <Click here to reveal e-mail address> wrote in message
news:aQ3$Click here to reveal e-mail address...
[Original message clipped]
|
|
|
| |
|
| |
| |
| Nathan Lewis (VIP) |
| Thanks for all your help with this Nathan. My only question is, if it is
a
| known bug, is this bug documented somewhere? We developers should be able
| to read about known bugs somewhere so that we don't knock our heads
against
| a wall trying to get something to work. You would also have been able to
| check this list of known bugs so you wouldn't have had to spend so much
time
| on this.
|
| Thanks again.
Actually, no, it wasn't a known bug - hence all the time spent with the
NETCF developers. But it does seem as if someone noticed it and fixed it
at some point, so I guess that's good. I'll check with my team leader and
see if we can get this documented in a KB article or something.
If you have no objections, I'll go ahead and close this case. Feel free to
post any followup questions you may have, though.
Sincerely,
Nathan Lewis
Support Engineer
Developer Support - Windows Mobile & Embedded Systems
Microsoft Corporation
This posting is provided "AS IS" with no warranties, and confers no rights.
Use of included script samples are subject to the terms specified at
http://www.microsoft.com/info/cpyright.htm
|
|
|
| |
|
|
| |
| |
| Mike |
If somebody noticed it, then it was a known bug. Maybe they just didn't
bother to document it.
[Original message clipped]
|
|
|
| |
|
|
| |
| |
| Nathan Lewis (VIP) |
| If somebody noticed it, then it was a known bug. Maybe they just didn't
| bother to document it.
I have no idea how something this big slipped by, but I am certainly glad
that there is already a fix in the works. I sincerely apologize for the
inconvenience.
Nathan Lewis
Support Engineer
Developer Support - Windows Mobile & Embedded Systems
Microsoft Corporation
This posting is provided "AS IS" with no warranties, and confers no rights.
Use of included script samples are subject to the terms specified at
http://www.microsoft.com/info/cpyright.htm
|
|
|
| |
|
|
| |
| |
| Nathan Lewis (VIP) |
Mike,
Since you have expressed no objections, I will close this issue. Please
feel free to contact me directly should you have any follow-up questions
related to this issue.
Sincerely,
Nathan Lewis
Support Engineer
Developer Support - Windows Mobile & Embedded Systems
Microsoft Corporation
This posting is provided "AS IS" with no warranties, and confers no rights.
Use of included script samples are subject to the terms specified at
http://www.microsoft.com/info/cpyright.htm
|
|
|
| |
|
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
