| Dart Home | PowerTCP Sockets for .NET | Custom Development | Reply | PowerTCP Sockets for .NET (Secure and Standard) Topics | Forums |
| Author | Forum: PowerTCP Sockets for .NET (Secure and Standard) Topic: Certificate Problem? Certificate is null... |
| jonmalda From: burlington, ON USA Posts: 13 Member Since: 10/01/03 |
posted October 15, 2003 10:00 AM Hello: I have duplicated the following using the EchoServer, and TcpClient C# samples provided with PowerTCP Sockets for .NET. I have set the server to use SSL, and Client Authentication is Required. With the Client, I choose a certificate, and connect to the Echo Server. Security is set to Auto. In the server1_CertificateReceived event handler add the following line of code: Console.WriteLine(e.Certificate); Put a breakpoint on that line, and when stepping through the code, check the value of e.Certificate.... it will give you all the various properties and values of the Certificate the Server just received. So far, so good. Now, in the server1_CertificateReceived event handler, add the following line of code: Console.WriteLine(e.Tcp.Certificate); Carry through with the same steps as above... you will notice that the Certificate is null. Is this a bug? Shouldn't the Certificate of the Tcp connection be the same Certificate that the Server received in the server1_CertificateReceived event handler? Any help would be greatly appreciated. Thanks, Jon |
| jonmalda From: burlington, ON USA Posts: 13 Member Since: 10/01/03 |
posted October 15, 2003 10:12 AM Sorry... in the second section, the event handler should be the server1_Connection event handler. Add Console.WriteLine(e.Tcp.Certificate); there, and the certificate will be null. |
Tony Priest From: Utica, NY USA Posts: 8466 Member Since: 04/11/00 |
posted October 15, 2003 10:56 AM Looks like the Connection event fires first, the Certificate. If you want to view the cert, I'd use the Certificate event. |
| jonmalda From: burlington, ON USA Posts: 13 Member Since: 10/01/03 |
posted October 15, 2003 1:04 PM Hi Tony, Thanks for the prompt reply. When you step through the code, you will notice that the server1_CertificateReceived event fires before the server1_Connection event. If the args.Accept is set to true in the server1_CertificateReceived event, then a connection is allowed, and the server1_Connection event will fire. Indeed, I can view the Certificate in the server1_CertificateReceived event (and I do). However, at that point in time, the socket connection has not yet been created (the CertificateReceive event is detemining whether to make the connection or not). I need to be able to associate a Certificate with a socket connection. Thus, I need to be able to access the Certificate once the socket connection has been made, because the our Certificate Subject contains specific information regarding who the user is on the particular connection. I have tried accessing the Certificate in the server1_Connection event, as well as in the Tcp.EndReceive event on the server side. Both times the Certificate is null. If a Certificate is used when making a connection, then shouldn't I be able to access that Certificate once the connection has been made? Back to the original question... Is this a bug, or am I doing something wrong? Perhaps missing some setting / property that will allow me to access the Certificate once the connection has been made... Any other ideas? Thanks, Jon |
| Tony Priest From: Utica, NY USA Posts: 8466 Member Since: 04/11/00 |
posted October 15, 2003 1:52 PM I apologize for the confusion as I overlooked the word "ClientAuthentication" in your original post. Tcp.Certificate is the certificate that was assigned locally. In the case of a server, this would be the same certificate that you assigned to the Server.Certificate property. The only way to get the client certificate data is in the CertificateReceived event. |
| jonmalda From: burlington, ON USA Posts: 13 Member Since: 10/01/03 |
posted October 15, 2003 3:39 PM Hi Tony: So you're telling me there is no way to get at the remote client certificate once the connection has been made? Surely I am not the only person who needs this type of functionality... The previous version of the Dart Ctrls (the non .NET version) allowed us to access the Certificate at the connection level through the Tcp.Authenticate event... (which I understand handled things a little differently). Anyways... I am now stuck... the only way I can think of associating Remote Certificates with socket connections, is adding Accepted Certificates to a Queue (from the server_CertificateReceived event), and then taking them off of the Queue at the server_Connection event. I don't have much faith in the robustness of that approach under a lot of traffic / connection requests. Any ideas, or suggestions would be greatly appreciated. Thanks, Jon |
| Tony Priest From: Utica, NY USA Posts: 8466 Member Since: 04/11/00 |
posted October 15, 2003 3:48 PM You're the first to bring it up. However you can still do what you want. We provided the tag property so that you could assign objects to the control. In the CertificateReceived event you should be able to say: e.tcp.tag = RemoteCertificate Then later you can dereference the tag. |
| jonmalda From: burlington, ON USA Posts: 13 Member Since: 10/01/03 |
posted October 15, 2003 4:07 PM Hi Tony, The CertificateReceived event handler accepts the CertificateReceivedEventArgs as one of the parameters. CertificateReceivedEventArgs "e" only has the following properties: e.Accept e.Certificate e.TrustedRoot e.ValidDate e.ValidName I have no access to the Tcp object in the CertificateReceived because the connection hasn't been made yet. The server.Connection event handler accepts ConnectionEventArgs as one of the parameters... it provides access to the Tcp.Tag property... but alas, the RemoteCertificate is not available in the Connection event. I would have to at that point pull it off of my Queue and set the Tag property... but I am hoping I can get away from the whole Queue solution if possible. Any other ideas on how to skin this cat... ? Thanks, Jon |
| Tony Priest From: Utica, NY USA Posts: 8466 Member Since: 04/11/00 |
posted October 15, 2003 4:22 PM Contact our sales department to find out what it will take to get the feature you want added. They can be reached at sales@dart.com or by phone at 315-790-5456. |
| pknapp From: North Vancouver, BC Canada Posts: 2 Member Since: 10/15/03 |
posted October 15, 2003 4:59 PM Hi Tony: I'm involved in this project with Jon. What we need is the ability to 1) determine that a certificate is valid and find out who the person is from the certificate and then 2) communicate with them through the connection once established. Part 1 can be handled just fine during the CertificateReceived event. We could even store the certificate (or just the relevant contents) during this event, but later when the connection is established we don't see any way to relate the now established connection back to the credentials supplied to authenticate the connection. Essentially this means we have anonymous connections. We need to know who each connection is with. Is there a tag or reference which we can grab during certificate checking which we can later matchup during the connection received or can we supply a tag during certificate checking which we could retrieve from the tcp object during the connection received to allow us to put a 'who' to the connections? Regards Paul |
| Tony Priest From: Utica, NY USA Posts: 8466 Member Since: 04/11/00 |
posted October 15, 2003 5:19 PM Actually you just made me look at it from a different angle. I think I have a way to do it. Use the sender parameter in conjunction with 'e': Private Sub server1_CertificateReceived(ByVal sender As System.Object, ByVal e As Dart.PowerTCP.SslSockets.CertificateReceivedEventArgs) Handles server1.CertificateReceived If (e.Accept = True) Then sender.Tag = e.Certificate End If End Sub This way e.Tcp.Tag will be filled in when the Connection event fires. |
| pknapp From: North Vancouver, BC Canada Posts: 2 Member Since: 10/15/03 |
posted October 15, 2003 5:47 PM Hi Tony: But sender doesn't have a TAG property... Paul |
| Tony Priest From: Utica, NY USA Posts: 8466 Member Since: 04/11/00 |
posted October 15, 2003 6:58 PM Yes it does. It's a Tcp object. I just tried it and it worked fine. You're probably confused because you don't "see" the property when you type. That's because VS has no idea what the object is unless it's runtime. |
| jonmalda From: burlington, ON USA Posts: 13 Member Since: 10/01/03 |
posted October 16, 2003 10:34 AM Hi Tony: Not sure how \ why there would be any differences in the Dart Ctrls when using C# or VB.net, (I am using C#) but the sender object in the server CertificateReceived event is a Dart.PowerTCP.SslSockets.SslStream object, not a Dart.PowerTCP.SslSockets.Tcp object. The SslStream object does not provide any reference to the Tcp object from what I can tell. I have no idea how your code example could work. I've tried the equivalent in C#, by casting the object to a Tcp object, and then setting the the Tag property to "test". ((Dart.PowerTCP.SslSockets.Tcp) sender).Tag = "test"; I get a "Specified cast is not valid." error message everytime... because the sender is not a Tcp object, but a SslStream object. Jon |
K M Drake From: Utica, NY USA Posts: 3406 Member Since: 07/14/00 |
posted October 16, 2003 11:05 AM Hi, The following worked fine for me. -ken Tcp tcp = (Tcp)sender; tcp.Tag = e.Certificate; |
| Tony Priest From: Utica, NY USA Posts: 8466 Member Since: 04/11/00 |
posted October 16, 2003 11:06 AM I see what's going on now. Our internal version has changes that have not been released yet. We added the SecureProtocol property to get rid of the need to create an SslStream. In order to do what you want, you'll have to get a beta version of the latest and rewrite the affected portions of your code. Please contact our sales department to request the beta. As soon as they approve, I'll send it to you. |
| Reply | PowerTCP Sockets for .NET (Secure and Standard) Topics | Forums |
This site is powered by
PowerTCP WebServer for ActiveX
|