开发者

how to query a https secured url with .net like https://example.com/send.aspx?msg=hi

开发者 https://www.devze.com 2023-01-24 17:27 出处:网络
I searched SO and google and saw only problems while doing this, unfortunately for me, my url is part o开发者_开发问答f a Banks text message system and all I\'ve got is the secured url. I have to writ

I searched SO and google and saw only problems while doing this, unfortunately for me, my url is part o开发者_开发问答f a Banks text message system and all I've got is the secured url. I have to write a test to push a message through but since Im not connected to the banks LAN I cannot test or do any sort of trail and error.

Url looks like this:

https://example.com/send.aspx?msg=hi

I'm using a windows forms .net4 application in C#.

How do I POST with the above url using WebClient, or is there another way.

I figure from other answers I need a certificate from the bank guys or are there options to refuse to use encryption.


Update Awesome, thanks to Eugene Im almost there. I used web client, like this answer it didn't work. I changed my code to this and it worked:

static void Main(string[] args)
{
    ServicePointManager.ServerCertificateValidationCallback += new RemoteCertificateValidationCallback(allowCert);
    string url = "https://example.com/send.aspx?msg=hi";
    HttpWebRequest request = (HttpWebRequest)WebRequest.Create(url);
    HttpWebResponse response = (HttpWebResponse)request.GetResponse();
    Stream resStream = response.GetResponseStream();
    StreamReader st = new StreamReader(resStream);
    Console.WriteLine(st.ReadToEnd());
    Console.ReadKey();
}

static bool allowCert(object sender, X509Certificate cert, X509Chain chain, SslPolicyErrors error)
{
    return true;
}

Bonus points now for why it worked this way and what is this code doing?(It is saying "I don't care what the cert is allow it")


IF the above is all that you have been given, then you don't need POST. Such request is performed using GET method (described here). You put the message in place of "hi" in your sample. Remember, that you need to encode the message text to "mask" any "unsafe" characters which can be misinterpreted. The best is to replace any non-alphanumeric character with it's hex code in %xx form, where xx are two digits of the hex code.


It's not readily apparent what you are asking for in the update to your question.

HttpWebRequest is there specifically to allow you to make GET/POST/PUT/etc requests to a remote server.

The callback to allowCert is simply telling .Net to not bother validating the certificate chain. There are several reasons why a certificate won't validate including it being out of date, or if one of the certs in the chain is out of date. Another reason is if the certificate authority isn't trusted by the machine making the call. Which is entirely possible if the bank issued their own cert without using a well known CA to back it.

Personally I wouldn't trust a cert that couldn't be validated. If this is purely for testing it ought to be ok; however, if this is a production cert then I'd start talking to the bank about it. Unfortunately a lot of banks don't seem to understand security.

0

精彩评论

暂无评论...
验证码 换一张
取 消

关注公众号