[UWP]在UWP中使用WCF时忽略SSL证书错误 [英] [UWP]Ignore SSL certificate errors when using WCF in UWP
问题描述
Hello All,
Hello All,
我的应用程序工作正常但使用.Net Framework 4.5。我正在将其移植到UWP。此应用程序需要进行WCF调用。通常,在以前的版本和新的UWP版本上,我将我的WCF服务添加为
a服务引用以获取自动生成的代码/客户端。
I have an application that is working fine but using .Net Framework 4.5. I am in the process of porting that over to UWP. This application needs to make WCF calls. Typically, on both the previous version and this new UWP version, I add my WCF service as a service reference to get the auto generated code/client.
我们的服务是托管在我们自己的服务器上,仅在内部。但是,我们还需要能够出于其他原因支持SSL。我们在服务器上安装了自签名证书。因此,我们倾向于获得证书错误。这个特殊的
应用程序应该忽略证书错误,这样它仍然可以进行WCF调用。但是,我无法弄清楚如何在UWP中完全忽略证书错误。因此,我的应用程序抛出异常。在之前的应用程序中,
这是使用以下一行代码实现的:
Our service is hosted on our own servers and is only internal. However, we also need to be able to support SSL for other reasons. We have installed a self signed certificate on the server. Because of this, we tend to get certificate errors. This particular app should just ignore the certificate errors so that it can still make the WCF calls. However, I cannot figure out how, in UWP, to ignore the certificate errors completely. Because of this, my application is throwing exceptions. In the previous application, this is achieved using this one line of code:
ServicePointManager.ServerCertificateValidationCallback = delegate (object s, X509Certificate certificate, X509Chain chain, SslPolicyErrors sslPolicyErrors) { return true; };这是一个很好的解决方案,运行良好,完全符合我的要求,即忽略任何ssl错误。但是,ServicePointManager API似乎已被排除在UWP .NET Core框架之外。
This is/was a great solution, works well and does exactly what I need it to do which is to ignore any ssl errors. However, the ServicePointManager API seems to have been left out of the UWP .NET Core framework.
所以,现在我只想找到替代方案。让我们假设为了这篇文章的目的,支持SSL与自签名证书是一个要求(就像我们一样)。以下是我在研究中迄今为止所阅读的一些内容:
So, now I am left with trying to find an alternative. Let's assume for the purpose of this post, that supporting SSL with self signed certificate is a requirement (as it is for us). Here are some of the things I have read so far in my research:
1。在客户端上安装证书和/或包含在Visual Studio中进行构建。这是不可取的,因为这意味着每次有更改(服务器更改,证书过期等等)时,我们都需要执行新构建以支持
和/或更新所有客户端。如果在使用一行代码(上面)之前避免这种情况,则不能接受此解决方案。
1. Install certificate on client and/or include in Visual Studio for build. This is not desirable because this would mean that everytime there is a change (server change, certificate expires, etc...) we would need to either do a new build just to support that and/or update all of the clients. When before this was avoided with one line of code (above), this solution is not acceptable.
2。使用httpBaseProtocolFilter忽略证书错误。这看起来最有希望。但是,由于这是WCF并且客户端是由服务引用为我们生成的,因此我没有可以使用httpBaseProtocolFilter的httpClient。
有没有办法在我生成的WCF客户端上使用过滤器?如果是这样,这将是一个选择。但是,如果我必须从头开始编写自己的客户端才能使用过滤器,这是不可取的。
2. Use httpBaseProtocolFilter to ignore certificate errors. This seems most promising. However, since this is WCF and the client was generated for us by the service reference, I don't have a httpClient that the httpBaseProtocolFilter can be used with. Is there a way to still use the filter with my generated WCF client? If so, this would be an option. However, if I have to write my own client from scratch just to use the filters, this would not be desirable.
3。在尝试一切时,我可以"在盒子外面思考"。我根据一些阅读尝试了下面的代码。理论上,如果我可以允许Validate方法返回而不抛出异常,我可以"欺骗"调用者认为
证书有效。但是,这不起作用。
3. In trying everything I could to "think outside the box" I tried the code below based on some reading. The theory was, if I could allow the Validate method to return without throwing an exception, I could "trick" the caller into thinking the certificate is valid. However, this did not work.
自定义验证类。
public class MyCertificateValidator : X509CertificateValidator
{
public MyCertificateValidator()
{
}
public override void Validate(X509Certificate2 certificate)
{
}
}然后从服务客户端调用它生成代码:
And then calling it from the service client generate code:
this.ChannelFactory.Credentials.ServiceCertificate.Authentication.CertificateValidationMode = X509CertificateValidationMode.Custom;
this.ChannelFactory.Credentials.ServiceCertificate.Authentication.CustomCertificateValidator = new MyCertificateValidator();那么,还有其他想法或变通方法?
So, are there any other thoughts or workarounds?
谢谢!
迈克
推荐答案
Hello MBedford2016,
Hello MBedford2016,
我在SO中回答了同样的问题:
Windows 10通用WCF生成的客户端设置忽略ssl证书错误
I have replied a same question in SO: Windows 10 Universal WCF generated client setting to ignore ssl certificate errors
我担心你必须使用HttpClient来调用wcf:)
I’m afraid you would have to use HttpClient to call wcf :)
请阅读粘贴帖子,尤其是
发布指南:主题行标签和
Windows 10 SDK和工具的已知问题
Please read the sticky posts, especially the Guide to posting: subject line tags and Known Issues for Windows 10 SDK and Tools
请记得下次自己添加标签。
Please remember to add tag to title yourself next time.
最好的问候,
Xavier Eoro
Xavier Eoro
这篇关于[UWP]在UWP中使用WCF时忽略SSL证书错误的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
