The following forum(s) have migrated to Microsoft Q&A (Preview): Developing Universal Windows apps!
Visit Microsoft Q&A (Preview) to post new questions.

Learn More

 locked
SSL Pinning for Windows Phone 8 Application RRS feed

  • Question

  • How do I validate  certificate  using  SSL pinning or certificate validation  from a Windows Phone 8 Application?

    Any namespace available to implement SSL pinning.

    Friday, August 8, 2014 5:45 AM

Answers

  • HttpClient offers the Server Certificate in the transport connection information.  You could use that!

    You would make a call to the site and use the request message TransportInformation

    http://msdn.microsoft.com/en-US/library/windows/apps/xaml/windows.web.http.httprequestmessage

    http://msdn.microsoft.com/en-US/library/windows/apps/xaml/windows.web.http.httprequestmessage.transportinformation

    Inspect that object in the debugger and you will see the great stuff you can get from it.

    Here is a broader overview of HttpClient

    http://channel9.msdn.com/Events/Build/2013/4-092


    Jeff Sanders (MSFT)

    @jsandersrocks - Windows Store Developer Solutions @WSDevSol
    Getting Started With Windows Azure Mobile Services development? Click here
    Getting Started With Windows Phone or Store app development? Click here
    My Team Blog: Windows Store & Phone Developer Solutions
    My Blog: Http Client Protocol Issues (and other fun stuff I support)

    Friday, August 8, 2014 12:34 PM

All replies

  • HttpClient offers the Server Certificate in the transport connection information.  You could use that!

    You would make a call to the site and use the request message TransportInformation

    http://msdn.microsoft.com/en-US/library/windows/apps/xaml/windows.web.http.httprequestmessage

    http://msdn.microsoft.com/en-US/library/windows/apps/xaml/windows.web.http.httprequestmessage.transportinformation

    Inspect that object in the debugger and you will see the great stuff you can get from it.

    Here is a broader overview of HttpClient

    http://channel9.msdn.com/Events/Build/2013/4-092


    Jeff Sanders (MSFT)

    @jsandersrocks - Windows Store Developer Solutions @WSDevSol
    Getting Started With Windows Azure Mobile Services development? Click here
    Getting Started With Windows Phone or Store app development? Click here
    My Team Blog: Windows Store & Phone Developer Solutions
    My Blog: Http Client Protocol Issues (and other fun stuff I support)

    Friday, August 8, 2014 12:34 PM
  • HttpClient offers the Server Certificate in the transport connection information.  You could use that!

    You would make a call to the site and use the request message TransportInformation

    http://msdn.microsoft.com/en-US/library/windows/apps/xaml/windows.web.http.httprequestmessage

    http://msdn.microsoft.com/en-US/library/windows/apps/xaml/windows.web.http.httprequestmessage.transportinformation

    Inspect that object in the debugger and you will see the great stuff you can get from it.

    Here is a broader overview of HttpClient

    http://channel9.msdn.com/Events/Build/2013/4-092

    I'm trying to use TransportInformation in a HTTP filter but when I access it in the SendRequestAsync method, all of its information is null.

    Does it need to be called after the HttpBaseProtocolFilter implementation of SendRequestAsync? If so, then how can I prevent the request from actually being sent if the SSL certificate is not valid or doesn't match my pinned certificate/keys? Is there a way to get the information with just connecting and not sending the full request?

    Thursday, February 19, 2015 5:04 PM
  • I too need this information
    Monday, October 31, 2016 9:05 PM