I would like to implement a HTTPS connection for my rest webservice. The HTTP version works as well, but when i try to connect over HTTPS and send a XML file or something else, It already fails when establishing the connection via https. Has someone an idea what i can change to test it over https?
What I have tried:
using System;
using Owin;
using System.Collections.Generic;
using System.Threading.Tasks;
using System.Web.Http;
using Microsoft.Owin;
using Microsoft.Owin.Security.OAuth;
using AppFunc = System.Func<System.Collections.Generic.IDictionary<string, object>, System.Threading.Tasks.Task>;
[assembly: OwinStartup(typeof(SimuXmlDcs.MsiWebServer.Startup))]
namespace SimuXmlDcs.MsiWebServer
{
using System.Configuration;
using System.Net;
using System.Net.Security;
using System.Net.Sockets;
using System.Security.Cryptography.X509Certificates;
using System.Web.Http;
using Microsoft.Owin.Security;
using Newtonsoft.Json;
using SimuXmlDcs.MsiWebServer.App_Start;
using SimuXmlDcs.MsiWebServer.Controllers;
public class Startup
{
public void Configuration(IAppBuilder app)
{
ConfigureOAuth(app);
HttpConfiguration config = new HttpConfiguration();
config.MapHttpAttributeRoutes();
config.Routes.MapHttpRoute(name: "SystemAction", routeTemplate: "api/{controller}/{system}/{action}", defaults: new { action = RouteParameter.Optional });
config.Routes.MapHttpRoute(name: "System", routeTemplate: "api/{controller}/{system}");
config.Routes.MapHttpRoute(name: "Info", routeTemplate: "api/{controller}");
config.IncludeErrorDetailPolicy = IncludeErrorDetailPolicy.Always;
config.Formatters.XmlFormatter.UseXmlSerializer = true;
app.UseWebApi(config);
}
private static bool VerifyClientCertificate(object sender, X509Certificate certificate, X509Chain chain, SslPolicyErrors sslPolicyErrors)
{
return true;
}
private void ConfigureOAuth(IAppBuilder app)
{
int timeSpan;
AppSettingsReader asr = new AppSettingsReader();
int.TryParse(asr.GetValue("TokenExpireInMinutes", typeof(string)).ToString(), out timeSpan);
app.UseOAuthAuthorizationServer(
new OAuthAuthorizationServerOptions()
{
AllowInsecureHttp = !MsiRestServer.UseHttps,
TokenEndpointPath = new PathString("/api/getsecuretoken"),
AccessTokenExpireTimeSpan = timeSpan != 0 ? TimeSpan.FromMinutes(timeSpan) : TimeSpan.FromDays(1),
Provider = new AuthorizationServerProvider(),
ApplicationCanDisplayErrors = true
});
app.UseOAuthBearerAuthentication(new OAuthBearerAuthenticationOptions());
}
}
}
<pre>namespace SimuXmlDcs.MsiWebServer.App_Start
{
using System.Security.Claims;
using System.Threading.Tasks;
using Microsoft.Owin.Security;
using Microsoft.Owin.Security.OAuth;
using SimuXmlDcs.MsiWebServer.Models;
public class AuthorizationServerProvider : OAuthAuthorizationServerProvider
{
public override async Task ValidateClientAuthentication(OAuthValidateClientAuthenticationContext context)
{
context.Validated();
}
public override async Task GrantResourceOwnerCredentials(OAuthGrantResourceOwnerCredentialsContext context)
{
context.OwinContext.Response.Headers.Add("Access-Control-Allow-Origin", new[] { "*" });
if (context.Password != "password")
{
context.SetError("invalid_grant", "The user name or password is incorrect.");
return;
}
ClaimsIdentity identity = new ClaimsIdentity(context.Options.AuthenticationType);
identity.AddClaim(new Claim(ClaimTypes.Role, RoleName.Admin));
identity.AddClaim(new Claim(ClaimTypes.Name, context.UserName));
context.Validated(new AuthenticationTicket(identity, new AuthenticationProperties { }));
}
}
}
namespace SimuXmlDcs.MsiWebServer
{
using System;
using System.Collections.Generic;
using System.Linq;
using System.Reflection;
using System.Text;
using System.Threading;
using System.Threading.Tasks;
using System.Windows;
using log4net;
using Microsoft.Owin.Hosting;
public static class MsiRestServer
{
private static readonly ILog logger = LogManager.GetLogger(MethodBase.GetCurrentMethod().DeclaringType);
private static Thread msiWebServer;
private static bool endServer = false;
public static bool UseHttps { get; set; }
public static string BaseAddress { get; set; } = "https://test2234:8443";
public static void StartupServer()
{
Thread.Sleep(200);
endServer = false;
msiWebServer = new Thread(ServerThread);
msiWebServer.Start();
}
public static void StopServer()
{
endServer = true;
}
private static void ServerThread()
{
try
{
Uri tstAddress = new Uri(BaseAddress);
using (WebApp.Start<Startup>(url: BaseAddress))
{
while (!endServer)
{
Thread.Sleep(250);
}
}
}
catch (Exception ex)
{
logger.Error(ex);
MessageBox.Show(ex.Message);
}
}
}
}