• How does Story start?

We have a stupid website with secure web session to let user access resource. The key point is that the normal technology couldn’t be applied for such case, as there must be a logging-on web UI to fetch ajax authentication key[actually SSO keystore]. With such key in client session[cookies], you can access your target resources with “HTTP-Get”, and the target resource is downloading in Http attachment.

Why “stupid”?

  1. For normal https-surrounding server, there should be API-accessing way for different language[if needed] with keystores generation logic embedded.  For instance, for java client, the API of securityFacotry should generate keystores, and guarateen accessing way. – However, for .Net, it doesn’t exist unfortunately. My personal idea : such API library should be “one-must” for Clould based-application.
  2. Such web resources depends on ajax technology to send out attachment to “HTTP-GET” client accessing, However, it will be a common case for Customer/Parnter to access such report directly. So let’s say is it possible that Adobe will close up its free API of generation of PDF. Obviously not. My personal idea : Web-service/Restful API is required for such report-accessing way, so https authentication or SSO preparation will be re-requisitie for accessing configuration. =>Application = [Authentication] + [API Loigc], with indepent logic seems better philosophy.

Current logging-on Scenario, Architect as following :

  • Our case : Without Client API via simplest way, and HttpWebRequest will just fetch static web html, Not target xml file.
  • The best solution : I worked out Client API with certificate generation storage inside, and web resource will be attached in Web Serivce/Restful API.

Question back : How-to work out Client API to access web resource?My idea is that to automate the procedure in Web Browser.

Key points :

  1. Host IE Control with proxy in Windows Form Application.
  2. Using DOM documentation inside WebBrowser Item, to trigger logging-on Actions.
  3. Customized IDownloadManager API to download attachment into local.
  4. Error-Handling
  • Site/Proxy isn’t available
  • Logging-on error, which could be parsed via DOM documentation

Application design details will be attached later, WILL FOCUS ON -> IDownloadManager, WebBrowser DOM, etc.

List Reference as follow: [Some interesting topic includes]

  1. Tutrials – Walkthrough: Creating Custom Client and Service Credentials MSDN – Certificate Validation Differences Between HTTPS, SSL over TCP, and SOAP Security
    How to: Create a Custom Token Certificate Validation Differences Between HTTPS, SSL over TCP, and SOAP Security
  2. MSDN API  – MSDN API – ServicePoint.ClientCertificate Property   MSND API – ServicePoint Class
    MSDN API – ServicePointManager.ServerCertificateValidationCallback Property  MSDN API – ServicePointManager.CertificatePolicy Property                                                                                               SSL(https) service callback Error
  3. Additional Reference – Chapter 17 — Tuning .NET Application Performance MSDN – Chapter 10 – Building Secure ASP.NET Pages and Controls