如何使用WCF服务临时停止证书错误
我正在测试我创建的WCF Web服务的早期版本。在客户端,当我使用VS来'添加服务引用',所有的作品。如何使用WCF服务临时停止证书错误
但是当我尝试使用这项服务,我得到的错误,
Could not establish trust relationship for the SSL/TLS secure channel with authority **
凡颗星代表服务器的IP地址。
无论如何,在服务器上有一个安全证书,但它已经自我生成只是为了测试,所以我暂时不关心证书错误。
在一个app.config已经为我生成客户端,
<?xml version="1.0" encoding="utf-8" ?>
<configuration>
<system.serviceModel>
<bindings>
<wsHttpBinding>
<binding name="BindingName" closeTimeout="00:01:00"
openTimeout="00:01:00" receiveTimeout="00:10:00" sendTimeout="00:01:00"
bypassProxyOnLocal="false" transactionFlow="false" hostNameComparisonMode="StrongWildcard"
maxBufferPoolSize="524288" maxReceivedMessageSize="65536"
messageEncoding="Text" textEncoding="utf-8" useDefaultWebProxy="true"
allowCookies="false">
<readerQuotas maxDepth="32" maxStringContentLength="8192" maxArrayLength="16384"
maxBytesPerRead="4096" maxNameTableCharCount="16384" />
<reliableSession ordered="true" inactivityTimeout="00:10:00"
enabled="false" />
<security mode="Transport">
<transport clientCredentialType="Windows" proxyCredentialType="None"
realm="" />
<message clientCredentialType="Windows" negotiateServiceCredential="true" />
</security>
</binding>
</wsHttpBinding>
</bindings>
<client>
<endpoint address="***************"
binding="wsHttpBinding" bindingConfiguration="BindingName"
contract="***************" name="BindingName">
<identity>
<servicePrincipalName value="***************" />
</identity>
</endpoint>
</client>
</system.serviceModel>
</configuration>
那么什么设置,我需要改变,以暂时忽略证书错误?
将CertificatePolicy PRIOR设置为在客户端上初始化您的WCF服务。下面是(只需到SetCertificatePolicy()的调用方法一次)
/// <summary>
/// Sets the cert policy.
/// </summary>
private static void SetCertificatePolicy()
{
ServicePointManager.ServerCertificateValidationCallback += ValidateRemoteCertificate;
}
/// <summary>
/// Certificate validation callback
/// </summary>
private static bool ValidateRemoteCertificate(object sender, X509Certificate cert, X509Chain chain, SslPolicyErrors error)
{
if (error == SslPolicyErrors.None)
{
return true; // already determined to be valid
}
switch (cert.GetCertHashString())
{
// thumbprints/hashes of allowed certificates (uppercase)
case "066CF9CAD814DE2097D368F22D3A7D398B87C4D6":
case "5B82C96685E3A20079B8CE7AFA32554D55DB9611":
Debug.WriteLine("Trusting X509Certificate '" + cert.Subject + "'");
return true;
default:
return false;
}
}
检查这个问题的答案:只使用配置 1:
How do I tell WCF to skip verification of the certificate?
它给出了两个可能的解决方案客户端上的条目 或 2.使用使用代码和配置条目的自定义证书验证程序
修改web.config工作编辑
我做了它使用史蒂夫Ellinger的答案和一些谷歌搜索。 从本质上讲,我只好:
- 告诉HTTP连接使用证书不匹配与服务器主机名证书名经理,并没有检查证书是否已被撤销
- 修改客户端,以便终结点行为关闭证书验证
这里是web.config中的片段......
<configuration>
<system.net>
<settings>
<servicePointManager checkCertificateName="false" checkCertificateRevocationList="false" />
</settings>
</system.net>
<system.serviceModel>
<client>
<endpoint ... behaviorConfiguration="DisableServiceCertificateValidation" />
</client>
<behaviors>
<endpointBehaviors>
<behavior name="DisableServiceCertificateValidation">
<clientCredentials>
<serviceCertificate>
<authentication certificateValidationMode="None"
revocationMode="NoCheck" />
</serviceCertificate>
</clientCredentials>
</behavior>
</endpointBehaviors>
</behaviors>
</system.serviceModel>
</configuration>
谢谢,它有帮助。我找到了一些额外的信息,请参阅[WCF Gotcha:禁用SSL验证](http://webservices20.blogspot.co.nz/2008/12/wcf-gotcha-disabling-ssl-validation.html) – cateyes 2014-08-05 01:45:45
<configuration>
<system.net>
<settings>
<servicePointManager checkCertificateName="false" checkCertificateRevocationList="false" />
</settings>
</system.net>
</configuration>
这适用于我。谢谢
你也可以用这个oneliner覆盖。
ServicePointManager.ServerCertificateValidationCallback += (sender, certificate, chain, errors) => true;
只需将其粘贴到生成的WCF客户端构造函数Reference.cs
[System.Diagnostics.DebuggerStepThroughAttribute()]
[System.CodeDom.Compiler.GeneratedCodeAttribute("System.ServiceModel", "4.0.0.0")]
public partial class WebQuoteServiceClient : System.ServiceModel.ClientBase<Corp.Legal.Webservices.ServiceReference1.IWebQuoteService>, Corp.Legal.Webservices.ServiceReference1.IWebQuoteService {
public WebQuoteServiceClient()
{
ServicePointManager.ServerCertificateValidationCallback += (sender, certificate, chain, errors) => true;
}
尼斯评论 - “遥控器证书验证。” :P – 2011-05-30 03:25:24
呵呵,我以前没注意过。它看起来很奇怪。我改变了它。谢谢! – 2011-05-31 13:27:15
这似乎是我的ValidateRemoteCertificate从来没有被调用...任何线索为什么? – guiomie 2012-08-13 14:57:57