Server cannot clear headers after HTTP headers have been sent

Discussion in 'ASP .Net Security' started by Ian, Feb 25, 2007.

  1. Ian

    Ian Guest

    I've a got an IIS web service that accesses a remote IIS site to get
    information from and I'm trying to get the web service to use a client
    certificate. If the remote IIS site is set up to ignore the client
    ceritficate then the request works with no problem. If I set the remote IIS
    site to accept the client certificate then I get a HTTP 403 forbidden error,
    and in the event log I get an event ID 1309 for the web service with the text
    "Server cannot clear headers after HTTP headers have been sent. Below is an
    extract from my web service code and I can't for the life of me figure what
    the problem is:

    ServicePointManager.ServerCertificateValidationCallback = new
    RemoteCertificateValidationCallback(VerifyServerCertificate);
    HttpWebRequest webRequest = (HttpWebRequest)HttpWebRequest.Create(strUri);
    webRequest.Credentials = new NetworkCredential(strUserName, strPassword,
    strDomain);
    this.GetClientCertificate(webRequest); // adds the client certificate to the
    request
    AddHeadersToRequest(additionalHeaders, webRequest); // adds Range header etc
    webRequest.Method = strMethodName;
    if (0 != baRequestBody.Length)
    {
    webRequest.ContentLength = baRequestBody.Length;
    Stream requestStream = webRequest.GetRequestStream();
    requestStream.Write(baRequestBody, 0, baRequestBody.Length);
    requestStream.Close();
    }

    AddContentTypeToRequest(contentType, webRequest); //adds the content type
    response = webRequest.GetResponse();


    TIA, Ian
     
    Ian, Feb 25, 2007
    #1
    1. Advertisements

  2. Ian

    dm9918ster Guest

    I am getting something similar. Was wondering if you had an answer to
    this issue?

    thanks
    mike
     
    dm9918ster, Mar 19, 2007
    #2
    1. Advertisements

  3. Ian

    Ian Guest

    Hmmm now you're asking....I can't remember exactly what happened but I think
    that when I tried it working into a different ISS machine it worked OK so I
    assumed there was something about the IIS security settings on my first
    machine. Anyway things moved on as regrads the authentication part of it so
    I'll post my existing code here and you can make of it what you will:

    ServicePointManager.ServerCertificateValidationCallback =
    new RemoteCertificateValidationCallback(VerifyServerCertificate);
    HttpWebRequest webRequest =
    (HttpWebRequest)HttpWebRequest.Create(strUri);
    if (("" != strUserName) && ("*" != strUserName))
    {
    NetworkCredential credential = new
    NetworkCredential(strUserName, strPassword);
    if ("basic" != strAuthType.ToLower())
    {
    credential.Domain = strDomain;
    }
    CredentialCache cache = new CredentialCache();
    cache.Add(new Uri(strUri), strAuthType, credential);
    webRequest.Credentials = cache;
    //webRequest.PreAuthenticate = true;
    }
    this.GetClientCertificate(webRequest);
    AddHeadersToRequest(additionalHeaders, webRequest);
    webRequest.Method = strMethodName;
    if (0 != baRequestBody.Length)
    {
    webRequest.ContentLength = baRequestBody.Length;
    Stream requestStream = webRequest.GetRequestStream();
    requestStream.Write(baRequestBody, 0,
    baRequestBody.Length);
    requestStream.Close();
    }

    AddContentTypeToRequest(contentType, webRequest);
    response = webRequest.GetResponse();

    good luck, Ian
     
    Ian, Mar 20, 2007
    #3
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.