Using XML RPC with Https Protocol in VB.NET Applications

In the first part of this tutorial we explained the concept of XMLRPC. We also gave a detailed example shows how to use it from a VB.Net application. You may recall that one of the strongest points in XMLRPC technology is that it uses the widely used Http or Https protocol in its communications.

In the first part of this tutorial we used the Http protocol. In this part we will show you how to use the Https protocol for the same purposes.

What Is HTTP?

To define the Https we first need to define the Http. Http is a text based communication protocol used to transfer data over the internet and intranets. Its main purpose is to publish and retrieves hypertext pages. Http is a request/response protocol between a client and a server.

What Is the Problem With HTTP?

The problem is that Http is not secured. It uses plain text in communication between the client and the server. We can not prevent any one from getting the transferred information especially when wireless communication media is used. Any one can intercepts the transferred packets of data and extracts whatever information he needs from it. Sometimes the transferred data is valuable and the data owner needs to secure it form intruders. In this scenario the Https will be used.

What Is HTTPs?

Https is a secured text transfer protocol based on Http. Https adds an additional layer above Http. This layer is responsible of securing the transferred data. This is done by encrypting the transferred data and decrypting it on the other side of the communication. So, Https is not a separate protocol, it is a combination of Http interaction over an encrypted secured socket layer (SSL). Https makes use of something called 'Certificate' to do encryption and decryption to secure the transferred data from man in the middle attack.

Digital Certificate

Digital Certificate is an electronic document contains a digital signature consists of a public key and identity information of the certificate issuer. This certificate or document is used as a trusted signature between the server and the client in secured XML-RPC communication.

Assume the following scenario. Some individual (X) asks you to develop a program that makes use of some functions available at his machine side which will act as a server. He needs you to access these functions from the developed program at your machine (client). He needs this communication to be secured because he transfers payment information.

To fulfill the above scenario you need to use XML-RPC technology along with HTTPS communication protocol. To make this work you will need (X) to issue a certificate for you. The certificate will be a kind of electronic file with a special extension. You will add this certificate to your system (the client) by using MS Internet Explorer. Then you will refer to this certificate from within your program. The certificate in this case acts as a way to make the server machine trusts your calls and answers them. You may think of it as a way of authentication.

How to Add a Certificate to Your System?

After getting the certificate file. Open up your Ms Internet Explorer. Choose 'Tools\Internet Options...'. The 'Internet Options' dialog box will appear as in the following figure.

Figure 1 - Internet Options Dialog Box

Choose the 'Content' Tab from the dialog. Under the 'Certificates' section click the button called 'Certificates' as shown in the above figure. When you click this button the following figure will appear.

Figure 2 - Certificates Dialog Box

Click the 'Import...' button. The certificate import wizard will appear as shown in the following figure. Complete the steps to add the new certificate to your Windows certificate store.

Figure 3 - Certificate Import Wizard

Now the certificate is ready to be used from your code to open a secure protected communication between your application and the server.

Example of using XML RPC with HTTPS

We will use the same example we used in the first part of this tutorial. We will add some new lines of code to carry out the communication using Https instead of Http.

To download the old example along with the new additions just click here.

Open up your Visual Studio. Open 'Example1' found in the first part of this tutorial. Open 'Form1.vb' code file. Add the following namespaces to your code file by importing them at the top of it as shown below.

Imports System.Security.Cryptography
Imports System.Security.Permissions
Imports System.IO
Imports System.Security.Cryptography.X509Certificates

The first namespace is used to provide cryptographic services like secure encoding and decoding of data, hashing, random number generation, and message authentication. The second namespace defines a set of classes used to access operations and resources based on policy. The third namespace used to allow reading and writing to files and data streams. The last namespace contains some types and implementations of some of certificate collections.

Add the following subroutine to the 'Form1' class as shown below.

Public Sub SecureTheConnection()
    Try
        Dim CertStore As X509Store
        CertStore = New X509Store("Root", _
        StoreLocation.CurrentUser)
        CertStore.Open(OpenFlags.ReadOnly Or _
        OpenFlags.OpenExistingOnly)
        Dim CertCollection As X509Certificate2Collection
        CertCollection = CType(CertStore.Certificates, _
        X509Certificate2Collection)
        Dim CertCollection2 As X509Certificate2Collection
        CertCollection2 = CType(CertCollection.Find( _
        X509FindType.FindByTimeValid, DateTime.Now, True), _
        X509Certificate2Collection)
        Dim i As Integer
        For i = 0 To CertCollection2.Count - 1
            ClientProtocol.ClientCertificates.Add(CertCollection2(i))
        Next
    Catch ex As Exception

    End Try
End Sub

The general purpose of this subroutine is to make our certificate available to the used XML-RPC client protocol to be able to provide a secured data transmission.

In lines# 4 and 5 we identify some kind of a handler to the physical certificates store in the system where certificates are persisted and managed. We choose the root certificates store for the system current user.

After that we open this store for read only purposes.

Next we define a kind of collection that is used to represent an x.509 certificate which is the kind of certificates we need in our program to carry out the secured communication.

In next step we assign the 'Certificates' property which returns the collection of certificates located in the x.509 certificate store of the current system to the new collection. Then we explicitly converting its type to 'X509Certificate2Collection' by using the 'CType' function.

Then define another variable of kind 'X509Certificate2Collection'. We use the 'Find' method of the first collection 'CertCollection' to search the collection using the specified criteria and assign the resultant sub collection to the second collection 'CertCollection2'. The specified criteria searches for only valid unexpired certificates.

We use 'For .. Next' loop to add the certificates of the 'CertCollection2' collection to the certificates section in the XMLRPC client protocol. In this case the Windows system will pick up the required certificate according to the running application and the requesting server.

At last add a call to the 'SecureTheConnection' method at the end of the 'Form1_Load' event handler and run the program.

For further information

Refer to the online copy of Microsoft Developers Network at http://msdn.microsoft.com or use your own local copy of MSDN.

Tutorial toolbar:  Tell A Friend  |  Add to favorites  |  Feedback  |