Search code examples
c#sslhttpstcp

Https post with c# sslclient

I'm trying to send a POST request to a web service using c# and SslClient. The TLS connection seems to work, when I send a GET request the server answer me with a status code 200 and the content I expected.

My problem occurs when I try to send a POST request. The server always return a BadRequest (400) error.

I tryed to check the log file on the server (in HTTPERR folder) but there is nothing that helps me.

2019-02-11 14:41:50 IPClient PortClient IPServer PortServer - - - 400 - BadRequest -

I read on the microsoft doc that the BadRequest is logged when a parse error occurred while processing a request.

Here is the content of the request I try to send : 

POST https://xcmci04g.formation.cm-cic.fr:4446/Service1.svc HTTP/1.1
Accept-Encoding: gzip,deflate
Content-Type: application/soap+xml;charset=UTF-8;action="http://standards.iso.org/iso/CENTS16986/ServicePT/sendApdu"
Content-Length: 4
Host: xcmci04g.formation.cm-cic.fr:4446
Connection: close
User-Agent: Apache-HttpClient/4.1.1 (java 1.5)

toto

Without line-breaks : 

POST https://xcmci04g.formation.cm-cic.fr:4446/Service1.svc HTTP/1.1\r\nAccept-Encoding: gzip,deflate\r\nContent-Type: application/soap+xml;charset=UTF-8;action=\"http://standards.iso.org/iso/CENTS16986/ServicePT/sendApdu\"\r\nContent-Length: 4\r\nHost: xcmci04g.formation.cm-cic.fr:4446\r\nConnection: close\r\nUser-Agent: Apache-HttpClient/4.1.1 (java 1.5)\r\n\r\ntoto\r\n\r\n

I read that sometimes, the "\r\n" can cause a http 400, but I don't know how to replace them.

Can someone tell me why my server doesn't accept my request ? and how to fix it ?

Thanks !

Solution

  • The mistake is on the double extras CRLF (\r\n\r\n) at the end of your content body and it's not a SSL issue.

    Explanation :

    You announced that your content body is gonna be 4 length 

    Content-Length: 4

    And finally, you mislead the server by actually sending : 

    toto\r\n\r\n

    which is 8 length.

    That's why you got a bad request 400.

    The trailing \r\n\r\n at the end of the body content is not HTTP. You should remove it if it's not part of the body content otherwise set your Content-length to 8.