Sometimes you need to interact with a site over SSL, but the site does not have a public third party certificate installed on the web server. In these cases the server may have been given an internal certificate issued from an internal network certificate server which is a free process versus going through the hoops to get a public certificate from a company such as Verisign. I've run into this scenario in several cases where the web server is not publically accessible, but still uses encrypted communications with a free internal certificate assigned (such as a development environment). The problem is that if you're posting data in code to the server over HTTP using an HttpWebRequest object you'll get an error saying that the SSL connection could not be established. By default, .NET does not allow an SSL handshake to complete with a non-public SSL certificate. You can override this in your code to allow this communication to still succeed.
If you're using Visual Studio 2005 you can use an inline delegate to allow your code to trust any certificate. Perform the following statement before executing the HttpWebRequest.GetResponse method:
System.Net.
ServicePointManager.ServerCertificateValidationCallback += delegate(object sender, X509Certificate certificate, X509Chain chain, System.Net.Security.SslPolicyErrors sslPolicyErrors) {
return true;
};
If you're using Visual Studio 2003 you can create your own custom certificate policy class which you'll set on the ServicePointManager:
public class TrustAllCertificatePolicy : System.Net.ICertificatePolicy
{
public bool CheckValidationResult(System.Net.ServicePoint srvPoint, System.Security.Cryptography.X509Certificates.X509Certificate certificate , System.Net.WebRequest request, int certificateProblem) {
return true;
}
}
Before calling HttpWebRequest.GetResponse, set the following:
System.Net.
ServicePointManager.CertificatePolicy = new TrustAllCertificatePolicy();
I found myself frequently needing to serialize data into an XML string so I could examine the format of the data to ensure it conformed to spec so I wrote a generic serialization method that will take a given object and produce its serialized XML representation. This is useful if you're creating web services and want to ensure the definition of a custom object will serialize into the interface XML format you previously defined on paper. It also helps if you just want to debug and see the format of the data that was passed as an input object to a web service. In your web service you can quickly serialize it and write it to your system log repository.
This method is compatible with .NET 2003 and 2005 and will work for any object that is serializable (to ensure your object is serializable use the Serializable() attribute on the class declaration).
using System.Text;
using System.IO;
/// <summary>
/// Takes a serializable object and serializes it to its XML string representation.
/// </summary>
/// <param name="objToSerialize">The object to be serialized. This object must be serializable or the method will fail.</param>
/// <returns>A string of XML representing the serialized version of the object.</returns>
public static string SerializeToXML(Object objToSerialize) {
System.Xml.Serialization.XmlSerializer mySerializer = null;
MemoryStream msSerializedXML = null;
try {
// Instantiate the Serializer with the type of object that is being deserialized.
mySerializer = new System.Xml.Serialization.XmlSerializer(objToSerialize.GetType());
// Serialize the object to xml
msSerializedXML = new MemoryStream();
mySerializer.Serialize(msSerializedXML, objToSerialize);
// Get XML as string
string xmlStr = System.Text.ASCIIEncoding.ASCII.GetString(msSerializedXML.ToArray());
msSerializedXML.Close();
if (xmlStr == null || xmlStr.Length == 0) {
return String.Empty;
}
return xmlStr;
}
catch (Exception ex) {
throw ex;
}
finally {
if (msSerializedXML != null) { msSerializedXML.Close(); }
}
}