如何告诉 WCF 跳过证书验证? [英] How do I tell WCF to skip verification of the certificate?
问题描述
尝试对网络服务调用en.wikipedia.org/wiki/HTTP_Secure" rel="noreferrer">HTTPS 端点在我的 Silverlight 应用程序导致此错误:找不到与绑定 WSHttpBinding 的端点的方案 https 匹配的基地址.注册的基地址方案为 [http]"
Trying to make a web service call to an HTTPS endpoint in my Silverlight application results in this error: "Could not find a base address that matches scheme https for the endpoint with binding WSHttpBinding. Registered base address schemes are [http]"
与此处发布的问题相同的问题:
The same problem as was posted here:
http:///social.msdn.microsoft.com/Forums/en-US/wcf/thread/4c19271a-f5e6-4659-9e06-b556dbdcaf82/
因此,其中一个建议是:另一个问题可能是证书名称和机器名称不一致,这导致 WCF 适合.如果是这种情况,您可以告诉 WCF 跳过证书验证."
So, one of the suggestions was this: "The other issue might be that the cert name and the machine name don't agree, and this is causing WCF to have fits. If this is the case, you can tell WCF to skip verification of the cert."
好吧,我确实收到证书错误,因为这只是一个演示服务器.
Well, I do get a certificate error because this is just a demo server.
以下是我设置客户端的方法:
Here's how I set up my client:
BasicHttpBinding binding = new BasicHttpBinding();
binding.Security.Mode = BasicHttpSecurityMode.Transport;
_ws = new AnnotationService.AnnotationClient(binding, new EndpointAddress(myAddress));
如何告诉 WCF 跳过验证?
How can I tell WCF to skip the verification?
推荐答案
您可以在 Silverlight 中通过允许跨域通信在承载 Silverlight 应用程序的 Web 服务器和远程 WCF 服务.
You might be able to achieve this in Silverlight by allowing cross-domain communication between the web server the hosts the Silverlight application and the remote WCF service.
在这种情况下,您需要放置一个 clientaccesspolicy.xml 文件位于托管 WCF 服务的域的根目录:
In that case you need to place a clientaccesspolicy.xml file at the root of the domain where the WCF service is hosted:
<?xml version="1.0" encoding="utf-8"?>
<access-policy>
<cross-domain-access>
<policy>
<allow-from http-request-headers="SOAPAction">
<domain uri="http://*"/>
</allow-from>
<grant-to>
<resource path="/" include-subpaths="true"/>
</grant-to>
</policy>
</cross-domain-access>
</access-policy>
这里是 MSDN 说明了这种方法:
允许访问 HTTPS 服务来自托管的任何 Silverlight 控件通过 HTTP 应用程序,你需要把
To allow access to an HTTPS service from any Silverlight control hosted over HTTP application, you need to put the <domain uri="http://" />* element inside your <allow-from> element.
我自己没有尝试过,但值得一试.此外,请务必查看以下资源以了解更多详情:
I haven't tried this myself but it could be worth a shot. Also be sure to check out the following resources for more details:
对于 .NET 应用程序,此示例 WCF 配置将禁用对证书是否受信任以及它在客户端上是否仍然有效的验证:
For .NET applications this sample WCF configuration will disable validation of both whether the certificate is trusted and whether it is still valid on the client:
<system.serviceModel>
<behaviors>
<endpointBehaviors>
<behavior name="DisableServiceCertificateValidation">
<clientCredentials>
<serviceCertificate>
<authentication certificateValidationMode="None"
revocationMode="NoCheck" />
</serviceCertificate>
</clientCredentials>
</behavior>
</endpointBehaviors>
</behaviors>
<client>
<endpoint address="http://localhost/MyService"
behaviorConfiguration="DisableServiceCertificateValidation"
binding="wsHttpBinding"
contract="MyNamespace.IMyService"
name="MyServiceWsHttp" />
</client>
</system.serviceModel>
另一种解决方案是提供自定义逻辑来验证服务提供的 X.509 证书.在这种情况下,您必须根据以下内容修改配置文件:
An alternative solution is to provide custom logic to validate the X.509 certificate provided by the service. In that case you will have to modifiy the configuration file according to the following:
<system.serviceModel>
<behaviors>
<endpointBehaviors>
<behavior name="DisableServiceCertificateValidation">
<clientCredentials>
<serviceCertificate>
<authentication certificateValidationMode="Custom"
customCertificateValidatorType="MyCertificateValidator, Client"
revocationMode="NoCheck" />
</serviceCertificate>
</clientCredentials>
</behavior>
</endpointBehaviors>
</behaviors>
<client>
<endpoint address="http://localhost/MyService"
behaviorConfiguration="DisableServiceCertificateValidation"
binding="wsHttpBinding"
contract="MyNamespace.IMyService"
name="MyServiceWsHttp" />
</client>
</system.serviceModel>
然后创建一个派生自 X509CertificateValidator 实现您的自定义验证逻辑.
Then create a class that derives from X509CertificateValidator to implement your custom validation logic.
public class MyCertificateValidator : X509CertificateValidator
{
public override void Validate(X509Certificate2 certificate)
{
// Add custom validation logic
// Throw an exception to fail validation
}
}
与往常一样,您可以在上面找到更详细的示例MSDN.
As always, you can find a more detailed example up on MSDN.
这篇关于如何告诉 WCF 跳过证书验证?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
