I am having an issue with some code that does a HttpWebRequest to get a response back from a URL.  The code does work... some times.  Most of the time is gets the response back just fine.  But on occasion I get the following error:

System.Net.WebException: The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel. ---> System.Security.Authentication.AuthenticationException: The remote certificate is invalid according to the validation procedure.

Any ideas?? I had read something about setting the HttpWebRequest's 'KeepAlive' property to False, which I did, but it has not permanently solved the problem.

Here is the code:

'Create an HttpWebRequest object setting the URL to post

Dim request As HttpWebRequest = CType(WebRequest.Create("https://www.test.com/ws/blahblahblah"), HttpWebRequest)

'Set the 'Method' property of the 'Webrequest' to 'POST'.

request.Method = "POST"

'Create a new string with information to POST data to the Url.

Dim postData As String = "id=" & Trim(ID) & "&sid=" & Trim(SID)

'Store data in a byte array using ASCII standard

Dim byte1 As Byte() = Encoding.ASCII.GetBytes(postData)

'Set the content type of the data being posted.

request.ContentType = "application/x-www-form-urlencoded"

'Set the content length of the string being posted.

request.ContentLength = byte1.Length

'Setting KeepAlive = false results in sending a Connection: Close header to the server.

request.KeepAlive = False

'Send the request;

'When using the POST method, you must get the request stream, write the data to be posted, and close the stream.

Dim newStream As Stream = request.GetRequestStream()

newStream.Write(byte1, 0, byte1.Length)

newStream.Close()

'Get the HTTP response, casting to a type of HttpWebResponse

Dim response As HttpWebResponse = CType(request.GetResponse(), HttpWebResponse)

'Load the HTTP response into a StreamReader object

Dim sr As New StreamReader(response.GetResponseStream, UTF8)

'Read the stream returned from the response object

Dim HTMLResponse As String = Trim(sr.ReadToEnd())

'Based on the response, define the boolean variable dictating if the user is valid

If CStr(Replace(HTMLResponse, vbCrLf, "")) = "Y" Then

User = True

Else

User = False

End If

'Close the response object and StreamWriter (IMPORTANT)

response.Close()

sr.Close()

 

atconway:

System.Net.WebException: The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel. ---> System.Security.Authentication.AuthenticationException: The remote certificate is invalid according to the validation procedure.

Hi

It seems that site's certificate is rejected by the .NET framework's default CertificatePolicy. Here we can find some of best possible reasons why this happen, One workround is specify a custom certificate policy (less secure one) like this.

http://developers.de/blogs/damir_dobric/archive/2006/06/29/585.aspx

http://msdn2.microsoft.com/en-us/library/system.net.servicepointmanager.servercertificatevalidationcallback.aspx

This response contains a reference to a third party World Wide Web site. Microsoft is providing this information as a convenience to you. Microsoft does not control these sites and has not tested any software or information found on these sites; therefore, Microsoft cannot make any representations regarding the quality, safety, or suitability of any software or information found there. There are inherent dangers in the use of any software found on the Internet, and Microsoft cautions you to make sure that you completely understand the risk before retrieving any software from the Internet.

Thank you for the response, I will research both of the links.  Do you have any idea though why it works some of the time and other times it does not with the code I currently have?

Hi

A possible cause is that the name in the HTTP request does not always exactly match the name for the server certificate, which results in the SSL challenge and response. To work-around this, you can implement Certificate Policy, and have it accept the certificate, so particular client could connect to this server.