Two-way authentication using ssl in dotnet

I have a project where I need to send a datafile through a web request. We need to setup Two-way authentication also known as mutual authentication. We are not sure if we need a special cert or not but we know that it needs to be level 3.

I am having trouble finding sample code for this case. I don't know where to add our cert information. With this code a Underl开发者_如何学编程ying connection is closed error is thrown when we try to read the response stream and ServicePointManager.ServerCertificateValidationCallback is never called. Here is what I have:

ServicePointManager.ServerCertificateValidationCallback = New Security.RemoteCertificateValidationCallback(AddressOf MyCertValidationCb)
            httpReq = CType(System.Net.HttpWebRequest.Create(url), HttpWebRequest)
            For Each cert As String In certs
                X509cert = X509Certificate2.CreateFromCertFile(cert)
                X509cert2 = New X509Certificate2(X509cert)
                httpReq.ClientCertificates.Add(X509cert2)
            Next
            httpReq.Method = "POST"        ' Post method
            httpReq.ContentType = "text/xml"               ' content type

            ' Wrap the request stream with a text-based writer
            writer = New StreamWriter(httpReq.GetRequestStream())
            ' Write the XML text into the stream
            reader = New StreamReader(filename.Name)
            ret = reader.ReadToEnd()
            reader.Close()
            ' Send the data to the webserver
            writer.WriteLine(ret)
            writer.Close()
            ' Wait for response
            Dim httpRsp As System.Net.HttpWebResponse = CType(httpReq.GetResponse(), HttpWebResponse)
            sr = New StreamReader(httpRsp.GetResponseStream)
            responseText = sr.ReadToEnd

            If httpReq IsNot Nothing Then
                httpReq.GetRequestStream().Close()
            End If
            If httpRsp IsNot Nothing Then
                httpRsp.GetResponseStream().Close()
            End If

Any tips or links to blogs with sample code would be great. Thanks.

You don't need a 'special' certificate. Your client needs its own certificate and use it in the connection to tell the server its identity. That is called a Client Certificate. The server should handle this properly.

The following MSDN article talks about how to set your ClientCertificate: http://msdn.microsoft.com/en-us/library/ms732391.aspx?cs-save-lang=1&cs-lang=vb#code-snippet-2