2

Well i am implementing a Account Login system in my application in which i want to make sure that all the connections are secure so the user can't simply redirect the client connection to a mimicked server and gain access to the app without my permission. So here is the procedure i am imagining.

1- The HttpClient Connects to my SSL page.

2- Makes sure that the connection is secure (maybe by checking the certificate or something).

3- If the connection is secure it sends out the login credentials.

4- It receives the answer and if the account is valid it goes on, if not it terminated the connection.

So as you see my plane is very simple and i think it will be good to prevent some abusers or hacker from gaining access to my app without my permission and it relays on the powerful SSL certificate system; However, i don't know how could i implement this in real code so i really need your help illustrating how could i make sure that the HttpClient has connected to my real server using SSL and not anyone's fake server.

Daniel Eugen
  • 2,712
  • 8
  • 33
  • 56
  • So what is your problem with that plan? Unless you do some special configuration (like [ignore certificate errors](http://stackoverflow.com/questions/2675133/c-sharp-ignore-certificate-errors)) all HTTP related classes will behave exactly as you describe (when using https://... urls). – Alexei Levenkov Sep 12 '13 at 16:46
  • @AlexeiLevenkov : my problem is that i don't know how in code can i make a secure connection using HttpClient ? and verify the certificate to make sure that this is my own website not other one's... – Daniel Eugen Sep 12 '13 at 17:06

1 Answers1

0

Here is all you need - SSL certificate validity/match to domain name is checked by default.

var c = new System.Net.Http.HttpClient();
Console.Write(c.GetStringAsync("https://www.facebook.com/").Result);
Alexei Levenkov
  • 98,904
  • 14
  • 127
  • 179
  • I don't understand you, maybe because i don't understand the logic or something could i have a conversation with you for 5 minutes to better know what i am doing ?. If you don't mind – Daniel Eugen Sep 12 '13 at 17:35