如何使用WCF服务暂时停止证书错误 [英] How to stop certificate errors temporarily with WCF services
问题描述
我正在测试所创建的WCF Web服务的早期版本。在客户端上,当我使用VS来添加服务引用时,一切正常。
I am testing an early release of a WCF web service I have created. On the client side when I use VS to 'add service reference' that all works.
但是当我尝试使用该服务时,我得到了错误提示,
But when I try to use the service I get the error,
Could not establish trust relationship for the SSL/TLS secure
channel with authority **
其中星号表示服务器的IP地址。
Where the stars represent the IP address of the server.
服务器上始终有一个安全证书,但它是为测试而自行生成的,因此我暂时不担心证书错误。
Anyway on the server there is a security certificate but it has been self generated just for testing, so I am not concerned about certificate errors for the moment.
在客户端为我生成了一个app.config
On the client side an app.config has been generated for me,
<?xml version="1.0" encoding="utf-8" ?>
<configuration>
<system.serviceModel>
<bindings>
<wsHttpBinding>
<binding name="BindingName" closeTimeout="00:01:00"
openTimeout="00:01:00" receiveTimeout="00:10:00" sendTimeout="00:01:00"
bypassProxyOnLocal="false" transactionFlow="false" hostNameComparisonMode="StrongWildcard"
maxBufferPoolSize="524288" maxReceivedMessageSize="65536"
messageEncoding="Text" textEncoding="utf-8" useDefaultWebProxy="true"
allowCookies="false">
<readerQuotas maxDepth="32" maxStringContentLength="8192" maxArrayLength="16384"
maxBytesPerRead="4096" maxNameTableCharCount="16384" />
<reliableSession ordered="true" inactivityTimeout="00:10:00"
enabled="false" />
<security mode="Transport">
<transport clientCredentialType="Windows" proxyCredentialType="None"
realm="" />
<message clientCredentialType="Windows" negotiateServiceCredential="true" />
</security>
</binding>
</wsHttpBinding>
</bindings>
<client>
<endpoint address="***************"
binding="wsHttpBinding" bindingConfiguration="BindingName"
contract="***************" name="BindingName">
<identity>
<servicePrincipalName value="***************" />
</identity>
</endpoint>
</client>
</system.serviceModel>
</configuration>
那么我需要更改哪些设置以暂时忽略证书错误?
So what settings do I need to change to temporarily ignore certificate errors?
推荐答案
设置CertificatePolicy PRIOR优先于在客户端上初始化WCF服务。方法如下(只需调用一次SetCertificatePolicy()方法)
Set the CertificatePolicy PRIOR to initializing your WCF service on the client. Here's how (just make a call to the SetCertificatePolicy() method once)
/// <summary>
/// Sets the cert policy.
/// </summary>
private static void SetCertificatePolicy()
{
ServicePointManager.ServerCertificateValidationCallback += ValidateRemoteCertificate;
}
/// <summary>
/// Certificate validation callback
/// </summary>
private static bool ValidateRemoteCertificate(object sender, X509Certificate cert, X509Chain chain, SslPolicyErrors error)
{
if (error == SslPolicyErrors.None)
{
return true; // already determined to be valid
}
switch (cert.GetCertHashString())
{
// thumbprints/hashes of allowed certificates (uppercase)
case "066CF9CAD814DE2097D368F22D3A7D398B87C4D6":
case "5B82C96685E3A20079B8CE7AFA32554D55DB9611":
Debug.WriteLine("Trusting X509Certificate '" + cert.Subject + "'");
return true;
default:
return false;
}
}
这篇关于如何使用WCF服务暂时停止证书错误的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!