HttpWebRequest with client certificate fails

sorry for posting this question twice but the forum software seems to killed my previos posting…

I am using Visual Studio Mac (latest version) to build an iOS app and It needs to fetch data from an IIs server (version 10) with a GET request and by passing a client certificate.

Unfortunately the IIs answers with an RST packet and shows the error:
"The I/O operation has been aborted because of either a thread exit or an application request."

I know apple uses ATS (I am using iOS 10.3.3).

I guess this has something to do with the client certificate and IIS not accepting it.

Can someone point me to a differnt mono api where I can append the client cert to a GET request?

My code so far is as follows (with request.GetResponse() waiting until timeout...):

X509Certificate2Collection certificates = new X509Certificate2Collection (certificate);

HttpWebRequest request = (HttpWebRequest)WebRequest.Create(this.uriString);
request.ClientCertificates = certificates;

request.Method = "GET";
request.ContentType = "application/json";
request.Accept = "application/json";
request.UserAgent = UserAgentString;
request.KeepAlive = false;
request.ProtocolVersion = HttpVersion.Version11;

using (HttpWebResponse response = (HttpWebResponse)request.GetResponse ())
{
this.webResponse = response;
stream = response.GetResponseStream ();
}

Can that be a TLS 1.2 problem? IIs 10 not accepting cert with TLS 1.2 ?

Additional observations:

IIs (Version 10 on on Windows 2016) is configured for https (TLS 1.2). ATS is disabled as far as possible:

key NSAppTransportSecurity /key
dict
key NSAllowsArbitraryLoads /key true/

We found out that our GET request is only passed through to our binaries (our .dll) when in IIS Manager the SSL Settings for client certificate is set to "Ignore". Obviously the client certificate our binaries need internally is swallowed by IIs then. When setting "client certificate" to "Accept" the GET request is not passed through and does not reach our binaries.

Here you see in the failed request log, its always "internal server error" :failedRequest url="staubzeh.geh.ins.local:443/XXX/v1/List" siteId="1" appPoolId="ThinPrint Mobile Print" processId="5048" verb="GET" authenticationType="NOT_AVAILABLE" activityId="{800000C6-0000-F700-B63F-84710C7967BB}" failureReason="STATUS_CODE" statusCode="500" triggerStatusCode="500" timeTaken="124328" xmlns:freb="schemas.microsoft.com/win/2006/06/iis/freb"

Tagged:

Answers

  • RobertWelzRobertWelz USMember

    Why is my comment I posted several times during the last 3 days not shown? My fault or the forum software?

Sign In or Register to comment.