Server cannot clear headers after HTTP headers have been sent

Discussion in 'ASP .Net Security' started by Ian, Feb 25, 2007.

  1. Ian

    Ian Guest

    I've a got an IIS web service that accesses a remote IIS site to get
    information from and I'm trying to get the web service to use a client
    certificate. If the remote IIS site is set up to ignore the client
    ceritficate then the request works with no problem. If I set the remote IIS
    site to accept the client certificate then I get a HTTP 403 forbidden error,
    and in the event log I get an event ID 1309 for the web service with the text
    "Server cannot clear headers after HTTP headers have been sent. Below is an
    extract from my web service code and I can't for the life of me figure what
    the problem is:

    ServicePointManager.ServerCertificateValidationCallback = new
    RemoteCertificateValidationCallback(VerifyServerCertificate);
    HttpWebRequest webRequest = (HttpWebRequest)HttpWebRequest.Create(strUri);
    webRequest.Credentials = new NetworkCredential(strUserName, strPassword,
    strDomain);
    this.GetClientCertificate(webRequest); // adds the client certificate to the
    request
    AddHeadersToRequest(additionalHeaders, webRequest); // adds Range header etc
    webRequest.Method = strMethodName;
    if (0 != baRequestBody.Length)
    {
    webRequest.ContentLength = baRequestBody.Length;
    Stream requestStream = webRequest.GetRequestStream();
    requestStream.Write(baRequestBody, 0, baRequestBody.Length);
    requestStream.Close();
    }

    AddContentTypeToRequest(contentType, webRequest); //adds the content type
    response = webRequest.GetResponse();


    TIA, Ian
     
    Ian, Feb 25, 2007
    #1
    1. Advertising

  2. Ian

    Guest

    On Feb 25, 5:10 am, Ian <> wrote:
    > I've a got an IIS web service that accesses a remote IIS site to get
    > information from and I'm trying to get the web service to use a client
    > certificate. If the remote IIS site is set up to ignore the client
    > ceritficate then the request works with no problem. If I set the remote IIS
    > site to accept the client certificate then I get aHTTP403 forbidden error,
    > and in the event log I get an event ID 1309 for the web service with the text
    > "ServercannotclearheadersafterHTTPheadershavebeensent. Below is an
    > extract from my web service code and I can't for the life of me figure what
    > the problem is:
    >
    > ServicePointManager.ServerCertificateValidationCallback = new
    > RemoteCertificateValidationCallback(VerifyServerCertificate);
    > HttpWebRequest webRequest = (HttpWebRequest)HttpWebRequest.Create(strUri);
    > webRequest.Credentials = new NetworkCredential(strUserName, strPassword,
    > strDomain);
    > this.GetClientCertificate(webRequest); // adds the client certificate to the
    > request
    > AddHeadersToRequest(additionalHeaders, webRequest); // adds Range header etc
    > webRequest.Method = strMethodName;
    > if (0 != baRequestBody.Length)
    > {
    > webRequest.ContentLength = baRequestBody.Length;
    > Stream requestStream = webRequest.GetRequestStream();
    > requestStream.Write(baRequestBody, 0, baRequestBody.Length);
    > requestStream.Close();
    >
    > }
    >
    > AddContentTypeToRequest(contentType, webRequest); //adds the content type
    > response = webRequest.GetResponse();
    >
    > TIA, Ian


    I am getting something similar. Was wondering if you had an answer to
    this issue?

    thanks
    mike
     
    , Mar 19, 2007
    #2
    1. Advertising

  3. Ian

    Ian Guest

    "" wrote:

    > On Feb 25, 5:10 am, Ian <> wrote:
    > > I've a got an IIS web service that accesses a remote IIS site to get
    > > information from and I'm trying to get the web service to use a client
    > > certificate. If the remote IIS site is set up to ignore the client
    > > ceritficate then the request works with no problem. If I set the remote IIS
    > > site to accept the client certificate then I get aHTTP403 forbidden error,
    > > and in the event log I get an event ID 1309 for the web service with the text
    > > "ServercannotclearheadersafterHTTPheadershavebeensent. Below is an
    > > extract from my web service code and I can't for the life of me figure what
    > > the problem is:
    > >
    > > ServicePointManager.ServerCertificateValidationCallback = new
    > > RemoteCertificateValidationCallback(VerifyServerCertificate);
    > > HttpWebRequest webRequest = (HttpWebRequest)HttpWebRequest.Create(strUri);
    > > webRequest.Credentials = new NetworkCredential(strUserName, strPassword,
    > > strDomain);
    > > this.GetClientCertificate(webRequest); // adds the client certificate to the
    > > request
    > > AddHeadersToRequest(additionalHeaders, webRequest); // adds Range header etc
    > > webRequest.Method = strMethodName;
    > > if (0 != baRequestBody.Length)
    > > {
    > > webRequest.ContentLength = baRequestBody.Length;
    > > Stream requestStream = webRequest.GetRequestStream();
    > > requestStream.Write(baRequestBody, 0, baRequestBody.Length);
    > > requestStream.Close();
    > >
    > > }
    > >
    > > AddContentTypeToRequest(contentType, webRequest); //adds the content type
    > > response = webRequest.GetResponse();
    > >
    > > TIA, Ian

    >
    > I am getting something similar. Was wondering if you had an answer to
    > this issue?
    >
    > thanks
    > mike
    >
    >
    >


    Hmmm now you're asking....I can't remember exactly what happened but I think
    that when I tried it working into a different ISS machine it worked OK so I
    assumed there was something about the IIS security settings on my first
    machine. Anyway things moved on as regrads the authentication part of it so
    I'll post my existing code here and you can make of it what you will:

    ServicePointManager.ServerCertificateValidationCallback =
    new RemoteCertificateValidationCallback(VerifyServerCertificate);
    HttpWebRequest webRequest =
    (HttpWebRequest)HttpWebRequest.Create(strUri);
    if (("" != strUserName) && ("*" != strUserName))
    {
    NetworkCredential credential = new
    NetworkCredential(strUserName, strPassword);
    if ("basic" != strAuthType.ToLower())
    {
    credential.Domain = strDomain;
    }
    CredentialCache cache = new CredentialCache();
    cache.Add(new Uri(strUri), strAuthType, credential);
    webRequest.Credentials = cache;
    //webRequest.PreAuthenticate = true;
    }
    this.GetClientCertificate(webRequest);
    AddHeadersToRequest(additionalHeaders, webRequest);
    webRequest.Method = strMethodName;
    if (0 != baRequestBody.Length)
    {
    webRequest.ContentLength = baRequestBody.Length;
    Stream requestStream = webRequest.GetRequestStream();
    requestStream.Write(baRequestBody, 0,
    baRequestBody.Length);
    requestStream.Close();
    }

    AddContentTypeToRequest(contentType, webRequest);
    response = webRequest.GetResponse();

    good luck, Ian
     
    Ian, Mar 20, 2007
    #3
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. =?Utf-8?B?Y2hzYWtkYQ==?=
    Replies:
    1
    Views:
    784
    Peter Rilling
    Apr 23, 2004
  2. Andreas Klemt
    Replies:
    8
    Views:
    10,710
    spalding
    Aug 17, 2004
  3. Andreas Klemt
    Replies:
    7
    Views:
    20,394
    Byock
    Nov 27, 2006
  4. Replies:
    0
    Views:
    3,305
  5. Replies:
    4
    Views:
    1,080
    Gibble
    May 10, 2007
Loading...

Share This Page