使用不受信任的证书制作WP7 HttWebRequest POST? [英] Making a WP7 HttWebRequest POST with an untrusted cert?

问题描述

我正在使用Windows Phone 7应用程序进行REST服务调用.托管Web服务的第三方在当前环境中具有无效的证书.当我在Firefox中点击URL时，我收到有关证书的警告，并询问我是否要继续.我也正在使用Poster FF扩展程序来测试呼叫.如果我先在Firefox中接受无效的证书，则可与Poster一起使用.如果我不这样做，那么POSTER不会发出请求.

I'm working on a Windows Phone 7 application that makes a REST service call. The third party that hosts the web services has an invalid certificate in the current environment. When I hit the URL in Firefox, I get a warning about the cert and I am asked if I want to continue. I'm also using the Poster FF extension to test the call. It works with Poster if I first accept the invalid cert in Firefox. If I don't, then POSTER wont make the request.

在WP7仿真器中，我根本无法发出请求.我在EndGetResponse方法中得到404.我发出的请求与海报中的请求相同，因此我知道请求没有错.我已经使用相同的代码成功打入了另一个Web服务(不涉及证书)，所以我认为这不是代码.我唯一能想到的是WP7不允许对无效证书的请求.有没有人遇到过这种情况的经验?有什么办法解决吗?

In my WP7 Emulator, I can't make the request at all. I get a 404 at the EndGetResponse method. I making the same request as in Poster, so I know there is nothing wrong with the request. I have successfully hit another web service using the same code (no certs involved), so I don't think it's the code. The only thing I can think of is that WP7 doesn't allow requests to an invalid cert. Has anyone had experience with this situation? Is there any way around it?

即使证书无效，有没有办法告诉我的应用程序接受所有通信?

Is there a way I can tell my app to accept all communication, even if there is an invalid cert?

推荐答案

可惜没有办法在电话上进行此操作.通常，即在桌面上，此简单的代码行将禁用证书检查.

There is sadly no way to do this on the phone. Ordinarily, i.e. on the desktop this simple line of code will disable certificate checking.

System.Net.ServicePointManager.ServerCertificateValidationCallback = (se, cert, chain, sslError) => { return true; };

如果您在电话上查看ServicePointManager，则没有任何回调可插入.这是一大笔误会.

If you look at the ServicePointManager on the phone, there's no callback to hook into. It's a massive pain in the arrrrse.

您是否考虑过写信给服务所有者，并问他们为什么是不良的互联网公民? (基本上，您在这里看到的是正在实施的网络安全，无论情况好坏都如此)

Have you considered writing to the service owner and asking why they're being bad internet citizens? (essentially, what you're seeing here is web security in action, for better or worse)

正如Matt所说，您也许可以在Web服务器上编写一个简单的中继程序.它不一定是一项特殊服务，而可能只是一个网页，它可以为您进行呼叫并吐出RAW文本或XML.您的电话客户端只需获取此页面并手动选择响应即可.

As Matt says, you might be able to code a simple relay on a web server. It doesn't have to be a special service, but maybe just a web page that does the call for you and spits out RAW text or XML. Your phone client just GETs this page and picks through the response manually.

有志者事竟成.

卢克

这篇关于使用不受信任的证书制作WP7 HttWebRequest POST?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！