证书验证不使用chaintrust的代理设置 [英] Certificate validation doesn't use proxy settings for chaintrust

问题描述

我一直在努力让一个WCF客户端通过Web代理工作。如果我手动指定代理如下，我可以得到http请求工作。

I've been struggling to get a WCF client to work through a web proxy. If I manually specify the proxy as below, I can get the http request to work.

WebProxy proxy = new WebProxy("http://x.x.x.x:3128", false);
proxy.Credentials = new NetworkCredential("user", "pass");
WebRequest.DefaultWebProxy = proxy;

但是我有客户端服务代理设置为使用 ClientCredentials.ServiceCertificate.Authentication .CertificateValidationMode = System.ServiceModel.Security.X509CertificateValidationMode.ChainTrust;

However I have the client service proxy set to use ClientCredentials.ServiceCertificate.Authentication.CertificateValidationMode = System.ServiceModel.Security.X509CertificateValidationMode.ChainTrust;

检测发送的数据包，客户端成功连接到服务器，但然后尝试验证服务提供的证书。此验证尝试失败，因为链的请求没有代理授权头（它们失败，407错误）。我如何获得这些请求以正确使用指定的DefaultWebProxy？

Inspecting the packets that get sent out, the client successfully connects to the server, but the then tries to validate the certificate that the service provides. This validation attempt fails because the requests for the chain do not have Proxy-Authorization headers (they fail with 407 errors). How can I get these requests to properly use the DefaultWebProxy that's specified?

如果我将验证模式设置为无，那么所有的工作当然，

If I set the validation mode to None, then it all works of course, but I really don't want to have to do that.

推荐答案

此设置仅影响邮件级别证书。对于传输级别，请尝试类似 http：// webservices20.blogspot.co.il/2008/12/wcf-gotcha-disabling-ssl-validation.html

this setting only affects message level certificates. for transport level try something like this http://webservices20.blogspot.co.il/2008/12/wcf-gotcha-disabling-ssl-validation.html

这篇关于证书验证不使用chaintrust的代理设置的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！