.NET 4.6.2 中 SOAP 的“无法为具有授权的 SSL/TLS 安全通道建立信任关系”

Question

I am trying to make a SOAP WCF call to an internal application from .NET 4.6.2 and I get the error above. I found a solution that I thought would work, but upon further investigation it is only applicable to .NET 4.5:

System.Net.ServicePointManager.ServerCertificateValidationCallback +=
            (se, cert, chain, sslerror) => true;

Is there a comperable solution for .NET 4.6? I am not concerned about the security implications, this is for internal testing only.

Answer 1

For the validation of the server certificate, you could use the following code as an alternative, it works well in Asp.net Core project as well.

//client is a proxy class object.
           client.ClientCredentials.ServiceCertificate.SslCertificateAuthentication =
    new X509ServiceCertificateAuthentication()
    {
        CertificateValidationMode = X509CertificateValidationMode.None,
        RevocationMode = X509RevocationMode.NoCheck
    };

Feel free to let me know if the problem still exists.

Answer 2

ServerCertificateValidationCallback requires atleast .Net 4.5 - it should work fine in 4.6.2. If it isn't working try to set it before you instantiate the client.

As a side note you really shouldn't disable validate globally, even if it is 'just for testing' as it is quite a large security issue and those famous last words before the test solution suddenly goes live and your too busy to remember to take it out!

How exactly are you making the call? All mechanisms have also more focused ways to disable the check for just that one call.

Alternatively just put a self-signed certificate on the endpoint and trust it on your dev machine, then you don't open any security holes.