您的位置: 首页  >  技术问答  >  如何使用WCF服务临时停止证书错误

如何使用WCF服务临时停止证书错误

分类: 技术问答 2022-03-28 21:16:45

如何使用WCF服务临时停止证书错误

问题描述:

我正在测试我创建的WCF Web服务的早期版本。在客户端,当我使用VS来'添加服务引用',所有的作品。如何使用WCF服务临时停止证书错误

但是当我尝试使用这项服务,我得到的错误,

Could not establish trust relationship for the SSL/TLS secure 
channel with authority **

凡颗星代表服务器的IP地址。

无论如何,在服务器上有一个安全证书,但它已经自我生成只是为了测试,所以我暂时不关心证书错误。

在一个app.config已经为我生成客户端,

<?xml version="1.0" encoding="utf-8" ?> 
<configuration> 
    <system.serviceModel> 
     <bindings> 
      <wsHttpBinding> 
       <binding name="BindingName" closeTimeout="00:01:00" 
        openTimeout="00:01:00" receiveTimeout="00:10:00" sendTimeout="00:01:00" 
        bypassProxyOnLocal="false" transactionFlow="false" hostNameComparisonMode="StrongWildcard" 
        maxBufferPoolSize="524288" maxReceivedMessageSize="65536" 
        messageEncoding="Text" textEncoding="utf-8" useDefaultWebProxy="true" 
        allowCookies="false"> 
        <readerQuotas maxDepth="32" maxStringContentLength="8192" maxArrayLength="16384" 
         maxBytesPerRead="4096" maxNameTableCharCount="16384" /> 
        <reliableSession ordered="true" inactivityTimeout="00:10:00" 
         enabled="false" /> 
        <security mode="Transport"> 
         <transport clientCredentialType="Windows" proxyCredentialType="None" 
          realm="" /> 
         <message clientCredentialType="Windows" negotiateServiceCredential="true" /> 
        </security> 
       </binding> 
      </wsHttpBinding> 
     </bindings> 
     <client> 
      <endpoint address="***************" 
       binding="wsHttpBinding" bindingConfiguration="BindingName" 
       contract="***************" name="BindingName"> 
       <identity> 
        <servicePrincipalName value="***************" /> 
       </identity> 
      </endpoint> 
     </client> 
    </system.serviceModel> 
</configuration>

那么什么设置,我需要改变,以暂时忽略证书错误?

将CertificatePolicy PRIOR设置为在客户端上初始化您的WCF服务。下面是(只需到SetCertificatePolicy()的调用方法一次)

/// <summary> 
    /// Sets the cert policy. 
    /// </summary> 
    private static void SetCertificatePolicy() 
    { 
     ServicePointManager.ServerCertificateValidationCallback += ValidateRemoteCertificate; 
    } 

    /// <summary> 
    /// Certificate validation callback 
    /// </summary> 
    private static bool ValidateRemoteCertificate(object sender, X509Certificate cert, X509Chain chain, SslPolicyErrors error) 
    { 
     if (error == SslPolicyErrors.None) 
     { 
      return true; // already determined to be valid 
     } 

     switch (cert.GetCertHashString()) 
     { 
      // thumbprints/hashes of allowed certificates (uppercase) 
      case "066CF9CAD814DE2097D368F22D3A7D398B87C4D6": 
      case "5B82C96685E3A20079B8CE7AFA32554D55DB9611": 

       Debug.WriteLine("Trusting X509Certificate '" + cert.Subject + "'"); 
       return true; 

      default: 
       return false; 
     } 
    }
+0

尼斯评论 - “遥控器证书验证。” :P – 2011-05-30 03:25:24

+0

呵呵,我以前没注意过。它看起来很奇怪。我改变了它。谢谢! – 2011-05-31 13:27:15

+0

这似乎是我的ValidateRemoteCertificate从来没有被调用...任何线索为什么? – guiomie 2012-08-13 14:57:57

检查这个问题的答案:只使用配置 1:

How do I tell WCF to skip verification of the certificate?

它给出了两个可能的解决方案客户端上的条目 或 2.使用使用代码和配置条目的自定义证书验证程序

修改web.config工作编辑

我做了它使用史蒂夫Ellinger的答案和一些谷歌搜索。 从本质上讲,我只好:

  • 告诉HTTP连接使用证书不匹配与服务器主机名证书名经理,并没有检查证书是否已被撤销
  • 修改客户端,以便终结点行为关闭证书验证

这里是web.config中的片段......

<configuration> 

    <system.net> 
    <settings> 
     <servicePointManager checkCertificateName="false" checkCertificateRevocationList="false" /> 
    </settings> 
    </system.net> 

    <system.serviceModel> 
    <client> 
     <endpoint ... behaviorConfiguration="DisableServiceCertificateValidation" /> 
    </client> 

    <behaviors> 
     <endpointBehaviors> 
     <behavior name="DisableServiceCertificateValidation"> 
      <clientCredentials> 
      <serviceCertificate> 
       <authentication certificateValidationMode="None" 
           revocationMode="NoCheck" /> 
      </serviceCertificate> 
      </clientCredentials> 
     </behavior> 
     </endpointBehaviors> 
    </behaviors> 
    </system.serviceModel> 

</configuration>
+1

谢谢,它有帮助。我找到了一些额外的信息,请参阅[WCF Gotcha:禁用SSL验证](http://webservices20.blogspot.co.nz/2008/12/wcf-gotcha-disabling-ssl-validation.html) – cateyes 2014-08-05 01:45:45 

<configuration> 
    <system.net> 
    <settings> 
     <servicePointManager checkCertificateName="false" checkCertificateRevocationList="false" /> 
    </settings> 
    </system.net> 
</configuration>

这适用于我。谢谢

你也可以用这个oneliner覆盖。

ServicePointManager.ServerCertificateValidationCallback += (sender, certificate, chain, errors) => true;

只需将其粘贴到生成的WCF客户端构造函数Reference.cs

[System.Diagnostics.DebuggerStepThroughAttribute()] 
[System.CodeDom.Compiler.GeneratedCodeAttribute("System.ServiceModel", "4.0.0.0")] 
public partial class WebQuoteServiceClient : System.ServiceModel.ClientBase<Corp.Legal.Webservices.ServiceReference1.IWebQuoteService>, Corp.Legal.Webservices.ServiceReference1.IWebQuoteService { 

    public WebQuoteServiceClient() 
    { 
     ServicePointManager.ServerCertificateValidationCallback += (sender, certificate, chain, errors) => true; 
    }

相关推荐