How to invoke https service protected by self-signed certificate from azure app service

When we use azure web app, we usually need to invoke the outside service. In order to protect the service, some companies usually secure it via https. But when we do some local test, we use the self-signed certificate to protect the service. Usually, we only need to add the client certificate to trusted list when we invoke the https service. Unfortunately, web app doesn’t provide us the administrator privilege and the high privilege operations cannot be executed. What shall we do? Here I will show you how to change the verification rules of the certificate.

Steps:

  1. Export the client certificate of https service as below:
  2. Put the downloaded certificate to folder of your web app project
  3. Here we use ServerCertificateValidationCallback to monitor the verification of server certificate, comparing the certificates between local and server or just returning true.
public class MvcApplication : System.Web.HttpApplication

{

protected void Application_Start()

{

AreaRegistration.RegisterAllAreas();

FilterConfig.RegisterGlobalFilters(GlobalFilters.Filters);

RouteConfig.RegisterRoutes(RouteTable.Routes);

BundleConfig.RegisterBundles(BundleTable.Bundles);

//You can change verification rules here, it will be invoked when the certificate need be verified. The parameter “certificate” indicate that certificate of server, you can compare it with local certificate or just return True

ServicePointManager.ServerCertificateValidationCallback += (

object sender,

X509Certificate certificate,

X509Chain chain,

SslPolicyErrors sslPolicyErrors) =>

{

if (sslPolicyErrors == SslPolicyErrors.None)

{

return true;

}

else

{

//return false;

String appPath = AppDomain.CurrentDomain.BaseDirectory;

string certPath = appPath + "Cer\\12306.cer";

var myGoodCert = X509Certificate.CreateFromCertFile(certPath);

Console.WriteLine(myGoodCert.Equals(certificate));

return myGoodCert.Equals(certificate); // compares issuer and serial number

}

};

}

}
  1. Now when you invoke the https service in your web app , the verification callback will be invoked automatically. If failed, you will see the errors. If successful, the service response will be returned.
private string DoHttps()

{

// Create a request using a URL that can receive a post.

WebRequest request = WebRequest.Create("https://www.nethappy.cf/");

// Set the Method property of the request to POST.

request.Method = "POST";

// Create POST data and convert it to a byte array.

string postData = "This is a test that posts this string to a Web server.";

byte[] byteArray = Encoding.UTF8.GetBytes(postData);

// Set the ContentType property of the WebRequest.

request.ContentType = "application/x-www-form-urlencoded";

// Set the ContentLength property of the WebRequest.

request.ContentLength = byteArray.Length;

// Get the request stream.

Stream dataStream = request.GetRequestStream();

// Write the data to the request stream.

dataStream.Write(byteArray, 0, byteArray.Length);

// Close the Stream object.

dataStream.Close();

// Get the response.

WebResponse response = request.GetResponse();

// Display the status.

Console.WriteLine(((HttpWebResponse)response).StatusDescription);

// Get the stream containing content returned by the server.

dataStream = response.GetResponseStream();

// Open the stream using a StreamReader for easy access.

StreamReader reader = new StreamReader(dataStream);

// Read the content.

string responseFromServer = reader.ReadToEnd();

// Display the content.

Console.WriteLine(responseFromServer);

// Clean up the streams.

reader.Close();

dataStream.Close();

response.Close();

return responseFromServer;

}

Summary:

Due to we don’t have the administrator privilege in app service, so you can change to verification logic of client side when you  try to invoke the https service which is protected by the self-signed certificate.

Leave a Reply

Your email address will not be published. Required fields are marked *