[英]How to stop certificate errors temporarily with WCF services
我正在測試我創建的WCF Web服務的早期版本。 在客戶端,當我使用VS來“添加服務引用”時,一切正常。
但是當我嘗試使用該服務時,我得到錯誤,
Could not establish trust relationship for the SSL/TLS secure channel with authority **
星號代表服務器的IP地址。
無論如何在服務器上有一個安全證書,但它只是為了測試自己生成的,所以我暫時不擔心證書錯誤。
在客戶端,已經為我生成了app.config,
<?xml version="1.0" encoding="utf-8" ?>
<configuration>
<system.serviceModel>
<bindings>
<wsHttpBinding>
<binding name="BindingName" closeTimeout="00:01:00"
openTimeout="00:01:00" receiveTimeout="00:10:00" sendTimeout="00:01:00"
bypassProxyOnLocal="false" transactionFlow="false" hostNameComparisonMode="StrongWildcard"
maxBufferPoolSize="524288" maxReceivedMessageSize="65536"
messageEncoding="Text" textEncoding="utf-8" useDefaultWebProxy="true"
allowCookies="false">
<readerQuotas maxDepth="32" maxStringContentLength="8192" maxArrayLength="16384"
maxBytesPerRead="4096" maxNameTableCharCount="16384" />
<reliableSession ordered="true" inactivityTimeout="00:10:00"
enabled="false" />
<security mode="Transport">
<transport clientCredentialType="Windows" proxyCredentialType="None"
realm="" />
<message clientCredentialType="Windows" negotiateServiceCredential="true" />
</security>
</binding>
</wsHttpBinding>
</bindings>
<client>
<endpoint address="***************"
binding="wsHttpBinding" bindingConfiguration="BindingName"
contract="***************" name="BindingName">
<identity>
<servicePrincipalName value="***************" />
</identity>
</endpoint>
</client>
</system.serviceModel>
</configuration>
那么我需要更改哪些設置才能暫時忽略證書錯誤?
將CertificatePolicy PRIOR設置為在客戶端上初始化WCF服務。 這是如何(只需調用一次SetCertificatePolicy()方法)
/// <summary>
/// Sets the cert policy.
/// </summary>
private static void SetCertificatePolicy()
{
ServicePointManager.ServerCertificateValidationCallback += ValidateRemoteCertificate;
}
/// <summary>
/// Certificate validation callback
/// </summary>
private static bool ValidateRemoteCertificate(object sender, X509Certificate cert, X509Chain chain, SslPolicyErrors error)
{
if (error == SslPolicyErrors.None)
{
return true; // already determined to be valid
}
switch (cert.GetCertHashString())
{
// thumbprints/hashes of allowed certificates (uppercase)
case "066CF9CAD814DE2097D368F22D3A7D398B87C4D6":
case "5B82C96685E3A20079B8CE7AFA32554D55DB9611":
Debug.WriteLine("Trusting X509Certificate '" + cert.Subject + "'");
return true;
default:
return false;
}
}
<configuration>
<system.net>
<settings>
<servicePointManager checkCertificateName="false" checkCertificateRevocationList="false" />
</settings>
</system.net>
</configuration>
這適合我。 謝謝
修改web.config對我有用
我是用Steve Ellinger的回答和一些谷歌搜索來做到的。 基本上,我不得不:
這是web.config片段......
<configuration>
<system.net>
<settings>
<servicePointManager checkCertificateName="false" checkCertificateRevocationList="false" />
</settings>
</system.net>
<system.serviceModel>
<client>
<endpoint ... behaviorConfiguration="DisableServiceCertificateValidation" />
</client>
<behaviors>
<endpointBehaviors>
<behavior name="DisableServiceCertificateValidation">
<clientCredentials>
<serviceCertificate>
<authentication certificateValidationMode="None"
revocationMode="NoCheck" />
</serviceCertificate>
</clientCredentials>
</behavior>
</endpointBehaviors>
</behaviors>
</system.serviceModel>
</configuration>
您也可以使用此oneliner覆蓋。
ServicePointManager.ServerCertificateValidationCallback += (sender, certificate, chain, errors) => true;
只需將其粘貼到Reference.cs
生成的WCF客戶端構造函數中即可
[System.Diagnostics.DebuggerStepThroughAttribute()]
[System.CodeDom.Compiler.GeneratedCodeAttribute("System.ServiceModel", "4.0.0.0")]
public partial class WebQuoteServiceClient : System.ServiceModel.ClientBase<Corp.Legal.Webservices.ServiceReference1.IWebQuoteService>, Corp.Legal.Webservices.ServiceReference1.IWebQuoteService {
public WebQuoteServiceClient()
{
ServicePointManager.ServerCertificateValidationCallback += (sender, certificate, chain, errors) => true;
}
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.