How can I direct a Compact Framework client to accept the results of an SSL REST method which uses a self-signed certificate?

Question

0.00/5 (No votes)

See more:

I have a handheld client (.NET 3.5, Compact Framework, Platform == Windows CE) which needs to call some REST methods. The server is using ssl. I can access the remote machine from the handheld, but it won't return any data because of its ssl-ness and not trusting the client.

Based on some of the comments I got when asking a question here http://stackoverflow.com/questions/27642714/how-can-i-establish-a-secure-channel-for-ssl-tls-from-a-handheld-device[^](and the links that accompany them), I was thinking I needed to add this within my code:

C#

ServicePointManager.ServerCertificateValidationCallback += (sender, certificate, chain, sslPolicyErrors) => true;

...in some context, my client code would supposedly be:

C#

public static HttpWebRequest SendHTTPRequestNoCredentials(string uri, HttpMethods method, string data, string contentType)
{
    ServicePointManager.ServerCertificateValidationCallback += (sender, certificate, chain, sslPolicyErrors) => true;
    WebRequest request = null;
    try
    {
        request = WebRequest.Create(uri);

...but, although this is a .NET 3.5 client app, and, according to this http://msdn.microsoft.com/en-us/library/system.net.servicepointmanager.servercertificatevalidationcallback(v=vs.90).aspx, ServerCertificateValidationCallback is supposedly available in 3.5, "ServerCertificateValidationCallback" is not available to me ("ServerCertificateValidationCallback" becomes redder than Marx and Lenin combined, and I get "cannot resolve symbol" in the IDE). It seems the symbol lives in the System.Net assembly, but attempts to add a reference to System.Net to my project are futile, as there is no such assembly available via Add References on the .NET tab. The alphabetically-ordered list goes from "System.Messaging" to "System.Net.Irda"

I reckon my inabililty to add System.Net is because this is a feature-poor Compact Framework project, which does not contain such.

Assuming this is so (Compact Framework is the "culprit" because it does not contain ServerCertificateValidationCallback), what is the workaround for this scenario? How can I have my client handheld app accept the self-signed ssl certificate on the server (REST app running on a local network)?

Should I check/tick either or both of the following in Control Panel > Programs > Turn Windows features on or off > Internet Information Services > World Wide Web Service > Security:

HTML

Client Certificate Mapping Authentication
IIS Client Certificate Mapping Authentication

?

Posted 29-Dec-14 7:04am

B. Clay Shannon

Updated 29-Dec-14 8:05am

v3

Add a Solution

Add your solution here

Treat my content as plain text, not as HTML

Preview 0

…

Existing Members

Sign in to your account

...or Join us

Download, Vote, Comment, Publish.

Your Email
Password
Forgot your password?

Your Email
This email is in use. Do you need your password?
Optional Password

I have read and agree to the Terms of Service and Privacy Policy
Please subscribe me to the CodeProject newsletters

When answering a question please:

Read the question carefully.
Understand that English isn't everyone's first language so be lenient of bad spelling and grammar.
If a question is poorly phrased then either ask for clarification, ignore it, or edit the question and fix the problem. Insults are not welcome.
Don't tell someone to read the manual. Chances are they have and don't get it. Provide an answer or move on to the next question.

Let's work to help developers, not make them feel stupid.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)