Home/ Questions/Q 9164115
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-17T14:36:15+00:00

My Android application is supposed to communicate with a ASP.net web api which is

  • 0

My Android application is supposed to communicate with a ASP.net web api which is written in C#.Net. The data which is sent from the phone contains data that should not be exposed to the public. So I’m trying to use the https protocol. On my serverside I require all requests to be HTTPS, like this:

RequireRegisteredImei

public class RequireRegisteredImeiAttribute : AuthorizationFilterAttribute
    {
        public override void OnAuthorization(HttpActionContext actionContext)
        {
            var request = actionContext.ControllerContext.Request;

            if (request.RequestUri.Scheme == Uri.UriSchemeHttps)
            {
               //OKAY
            }
            else 
            {
             actionContext.Response = new HttpResponseMessage(HttpStatusCode.Forbidden);
            }
        }
     }

And in the Controller: 

[RequireRegisteredImei]
public string Post()
{
}

I debugged this code by sending a simple http request from my phone, and this code works quite well, it will deny me.

So, I started looking at how I could send requests over https from my android phone. I came up with something like this:

public static DefaultHttpClient getSecureHttpClient() {
        SchemeRegistry schemeRegistry = new SchemeRegistry();
        schemeRegistry.register(new Scheme("https", SSLSocketFactory.getSocketFactory(), 443));
        schemeRegistry.register(new Scheme("http", SSLSocketFactory.getSocketFactory(), 80));
        BasicHttpParams params = new BasicHttpParams();
        SingleClientConnManager mgr = new SingleClientConnManager(params, schemeRegistry);
        return new DefaultHttpClient(mgr, params);
    }

I’m using this method this way:

HttpClient httpClient = CustomHttpClient.getSecureHttpClient();

This will only result in an IOException: No peer certificate

I’ve read several threads regarding this:

Problems with https (No peer certificate) in android

Android SSL – No Peer Certificate

'No peer certificate' error in Android 2.3 but NOT in 4

But there has to be a simpler way to post data over HTTPS from android?

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    If you have a custom certificate or a certificate issued by a CA that is not included in all Android versions you can include the certificate into your app and use it directly.

    To do so you have to import your server certificate (without the key of course) into a BKS key-store which then can be used as custom trust store.

    A very good tutorial which describes how to do so is Using a Custom Certificate Trust Store on Android.

    In difference to the standard solutions like EasyTrustManager or DummyTrustManager you find of Stackoverflow this solution doesn’t disable the authentication of SSL and is therefore not insecure like the other solutions.

    • 0