[英]Ignore WCF certificate errors in ASP.NET Core 3.1
I have a solution like this:我有这样的解决方案:
-MySolution
|--MyWCFWrapper
|--MyaspnetcoreWebApp
|--ConsoleTestApp
MyWCFWrapper
is a .NET Standard library consumes the WCF service added as a WCF reference using the Visual Studio import wizard. MyWCFWrapper
是一个 .NET 标准库,它使用 WCF 服务,使用 Visual Studio 导入向导添加为 WCF 引用。
The Myas.netcoreWebApp
application provides controllers for a front end to consume. Myas.netcoreWebApp
应用程序提供供前端使用的控制器。 In this controller, I am instantiating and making calls to MyWCFWrapper
library.在这个 controller 中,我正在实例化并调用
MyWCFWrapper
库。
The ConsoleTestApp
is a console application that also makes calls to MyWCFWrapper
library for testing. ConsoleTestApp
是一个控制台应用程序,它还调用MyWCFWrapper
库进行测试。
I get an error:我得到一个错误:
System.ServiceModel.Security.SecurityNegotiationException: 'Could not establish trust relationship for the SSL/TLS secure channel with authority 'exampleabc.com'
System.ServiceModel.Security.SecurityNegotiationException:“无法与权限‘exampleabc.com’建立 SSL/TLS 安全通道的信任关系”
when I make WCF service calls.当我拨打 WCF 服务电话时。
The reason for this error is my WCF service at exampleablc.com is a test server and has a self signed certificate (name different to the webservice) and is also expired .这个错误的原因是我在 exampleablc 的 WCF 服务。com 是一个测试服务器并且有一个自签名证书(名称与 web 服务不同)并且也已过期。
Workaround that works in ConsoleTestApp:适用于 ConsoleTestApp 的解决方法:
System.Net.ServicePointManager.ServerCertificateValidationCallback +=
(se, cert, chain, sslerror) =>
{
return true;
};
MyWCFWrapperClass api = new MyWCFWrapperClass(..);
api.SendNewInfo("NewInfo");
This is not recommended , but this is ok for me for now because it's a test server.不推荐这样做,但目前对我来说还可以,因为它是测试服务器。
The same workaround does not work in the Myas.netcoreWebApp controller. What I have tried to make it work:.相同的解决方法在 Myas.netcoreWebApp controller 中不起作用。我已尝试使其工作:
Startup.cs
Startup.cs
中public void ConfigureServices(IServiceCollection services)
{
services.AddHttpClient("SeitaCertificate").ConfigurePrimaryHttpMessageHandler(() =>
{
return new HttpClientHandler()
{
ServerCertificateCustomValidationCallback = (request, certificate, certificateChain, policy) =>
{
return true;
}
};
});
services.AddControllersWithViews();
----
}
The certificate error is raised in the WCF call library and I have not been able to find a way to ignore the cert error.在 WCF 调用库中引发了证书错误,我一直无法找到忽略证书错误的方法。 What I can do is at least have the certificate updated so that it is not expired.
我能做的是至少更新证书,使其不会过期。 (I have started this process and it is likely to take some time)
(我已经开始这个过程,可能需要一些时间)
I would like to learn a way how to capture and ignore these certificate errors selectively and appropriately for calling a WCF library in a asp .net core 3.1 web application.我想学习一种方法如何有选择地和适当地捕获和忽略这些证书错误,以便在 asp .net 核心 3.1 web 应用程序中调用 WCF 库。 How can I do that?
我怎样才能做到这一点?
You can refer to the following code to bypass certificate verification:您可以参考以下代码绕过证书验证:
BasicHttpsBinding binding = new BasicHttpsBinding();
binding.Security.Mode = BasicHttpsSecurityMode.Transport;
binding.Security.Transport.ClientCredentialType = HttpClientCredentialType.None;
ChannelFactory<IService> factory = new ChannelFactory<IService>(binding, new EndpointAddress(uri));
factory.Credentials.ServiceCertificate.SslCertificateAuthentication = new System.ServiceModel.Security.X509ServiceCertificateAuthentication()
{
CertificateValidationMode = System.ServiceModel.Security.X509CertificateValidationMode.None,
RevocationMode = System.Security.Cryptography.X509Certificates.X509RevocationMode.NoCheck
};
You can resolve this issue by overriding the certificate validation method X509CertificateValidator您可以通过覆盖证书验证方法X509CertificateValidator来解决此问题
class Program
{
static void Main(string[] args)
{
var client = new YourServiceReference.Cient();
// Bypass certificate verification
client.ClientCredentials.ServiceCertificate.SslCertificateAuthentication = new X509ServiceCertificateAuthentication
{
CertificateValidationMode = X509CertificateValidationMode.Custom,
CustomCertificateValidator = new CustomCertificateValidator()
};
// --------
}
internal class CustomCertificateValidator : X509CertificateValidator
{
// Override certificate validation
public override void Validate(X509Certificate2 certificate) { }
}
}
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.