如何使用WCF服务暂时停止证书错误 [英] How to stop certificate errors temporarily with WCF services

问题描述

我正在测试所创建的WCF Web服务的早期版本。在客户端上，当我使用VS来添加服务引用时，一切正常。

I am testing an early release of a WCF web service I have created. On the client side when I use VS to 'add service reference' that all works.

但是当我尝试使用该服务时，我得到了错误提示，

But when I try to use the service I get the error,

Could not establish trust relationship for the SSL/TLS secure
channel with authority **

其中星号表示服务器的IP地址。

Where the stars represent the IP address of the server.

服务器上始终有一个安全证书，但它是为测试而自行生成的，因此我暂时不担心证书错误。

Anyway on the server there is a security certificate but it has been self generated just for testing, so I am not concerned about certificate errors for the moment.

在客户端为我生成了一个app.config

On the client side an app.config has been generated for me,

<?xml version="1.0" encoding="utf-8" ?>
<configuration>
    <system.serviceModel>
        <bindings>
            <wsHttpBinding>
                <binding name="BindingName" closeTimeout="00:01:00"
                    openTimeout="00:01:00" receiveTimeout="00:10:00" sendTimeout="00:01:00"
                    bypassProxyOnLocal="false" transactionFlow="false" hostNameComparisonMode="StrongWildcard"
                    maxBufferPoolSize="524288" maxReceivedMessageSize="65536"
                    messageEncoding="Text" textEncoding="utf-8" useDefaultWebProxy="true"
                    allowCookies="false">
                    <readerQuotas maxDepth="32" maxStringContentLength="8192" maxArrayLength="16384"
                        maxBytesPerRead="4096" maxNameTableCharCount="16384" />
                    <reliableSession ordered="true" inactivityTimeout="00:10:00"
                        enabled="false" />
                    <security mode="Transport">
                        <transport clientCredentialType="Windows" proxyCredentialType="None"
                            realm="" />
                        <message clientCredentialType="Windows" negotiateServiceCredential="true" />
                    </security>
                </binding>
            </wsHttpBinding>
        </bindings>
        <client>
            <endpoint address="***************"
                binding="wsHttpBinding" bindingConfiguration="BindingName"
                contract="***************" name="BindingName">
                <identity>
                    <servicePrincipalName value="***************" />
                </identity>
            </endpoint>
        </client>
    </system.serviceModel>
</configuration>

那么我需要更改哪些设置以暂时忽略证书错误？

So what settings do I need to change to temporarily ignore certificate errors?

推荐答案

设置CertificatePolicy PRIOR优先于在客户端上初始化WCF服务。方法如下（只需调用一次SetCertificatePolicy（）方法）

Set the CertificatePolicy PRIOR to initializing your WCF service on the client. Here's how (just make a call to the SetCertificatePolicy() method once)

 /// <summary>
    /// Sets the cert policy.
    /// </summary>
    private static void SetCertificatePolicy()
    {
        ServicePointManager.ServerCertificateValidationCallback += ValidateRemoteCertificate;
    }

    /// <summary>
    /// Certificate validation callback 
    /// </summary>
    private static bool ValidateRemoteCertificate(object sender, X509Certificate cert, X509Chain chain, SslPolicyErrors error)
    {
        if (error == SslPolicyErrors.None)
        {
           return true;   // already determined to be valid
        }

        switch (cert.GetCertHashString())
        {
           // thumbprints/hashes of allowed certificates (uppercase)
           case "066CF9CAD814DE2097D368F22D3A7D398B87C4D6":
           case "5B82C96685E3A20079B8CE7AFA32554D55DB9611":

              Debug.WriteLine("Trusting X509Certificate '" + cert.Subject + "'");
              return true;

           default:
              return false;
        }
    }

这篇关于如何使用WCF服务暂时停止证书错误的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！