Is there a solution that could not be potential security threat if I turn off the SSL certificate validation. This is production code, I understand that there will be the risk of the server that I will be connecting to in this case. We are currently migrating our C# biased hotel management system program toasp.net to adopt and compete to web applications for hotels. This will be an a live application with a domain. I am worried with the SSL security threat while authentication. Can anyone share a better secure code resolutions for my code below?
Thank you.
Error: C# The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel
public string SendRequest(string url, string postData) {
var uri = new Uri(url);
var request = WebRequest.Create(uri);
var encoding = new UTF8Encoding();
var requestData = encoding.GetBytes(postData);
request.ContentType = "application/x-www-form-urlencoded";
request.Method = "POST";
request.Timeout = (300*1000); //TODO: Move timeout to config
request.ContentLength = requestData.Length;
using (var stream = request.GetRequestStream()) {
stream.Write(requestData, 0, requestData.Length);
}
var response = request.GetResponse();
string result;
using (var reader = new StreamReader(response.GetResponseStream(), Encoding.ASCII)) {
result = reader.ReadToEnd();
}
return result;
}