在 wcf 的客户端禁用证书验证
Disable certification validation on client side of wcf
我在 IIS 中有 2 个应用程序 运行 - 客户端和服务。服务 运行 很好,但客户不是。
他们通过 WCF 相互交谈,消息安全性基于证书进行中继(这不是传输安全性,它只是消息安全性)。两者都使用自签名证书。
但客户端最终出现错误:
System.IdentityModel.Tokens.SecurityTokenValidationException: The X.509 certificate ... is not in the trusted people store. The X.509 certificate ... chain building failed. The certificate that was used has a trust chain that cannot be verified. Replace the certificate or change the certificateValidationMode. A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider
我知道如何在服务端禁用证书验证并且我做到了,但是如何在客户端禁用 CA 验证?
如果您正在从客户端应用程序向服务器发出请求,请在发出服务请求之前调用以下行以避免进行认证检查。
使用此代码将绕过由于自签名证书导致的 SSL 验证错误。
System.Net.ServicePointManager.ServerCertificateValidationCallback =
delegate(object sender, X509Certificate certificate, X509Chain chain, SslPolicyErrors sslPolicyErrors)
{ return true; };
Note: Use this for testing purpose only, for actual application use a valid SSL certificate.
sudhAnsu63 提供的解决方案应该适合您。
或者,由于您使用的是 Message 安全性,您可以将其添加到客户端配置文件中:
<serviceCertificate>
<authentication certificateValidationMode="None" />
</serviceCertificate>
如果将自签名证书放在"trusted root Certification Authorities"中,可以避免证书错误。
在代码中使用这个:
using System.ServiceModel; // (to ChannelFactory)
using System.IdentityModel;
ConfigChannel = new ChannelFactory<xxxxxx>(binding, endPoint);
ConfigChannel.Credentials.UserName.UserName = _userName;
ConfigChannel.Credentials.UserName.Password = _password;
ConfigChannel.Credentials.ServiceCertificate.Authentication.CertificateValidationMode = System.ServiceModel.Security.X509CertificateValidationMode.None;
我在 IIS 中有 2 个应用程序 运行 - 客户端和服务。服务 运行 很好,但客户不是。
他们通过 WCF 相互交谈,消息安全性基于证书进行中继(这不是传输安全性,它只是消息安全性)。两者都使用自签名证书。
但客户端最终出现错误:
System.IdentityModel.Tokens.SecurityTokenValidationException: The X.509 certificate ... is not in the trusted people store. The X.509 certificate ... chain building failed. The certificate that was used has a trust chain that cannot be verified. Replace the certificate or change the certificateValidationMode. A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider
我知道如何在服务端禁用证书验证并且我做到了,但是如何在客户端禁用 CA 验证?
如果您正在从客户端应用程序向服务器发出请求,请在发出服务请求之前调用以下行以避免进行认证检查。
使用此代码将绕过由于自签名证书导致的 SSL 验证错误。
System.Net.ServicePointManager.ServerCertificateValidationCallback =
delegate(object sender, X509Certificate certificate, X509Chain chain, SslPolicyErrors sslPolicyErrors)
{ return true; };
Note: Use this for testing purpose only, for actual application use a valid SSL certificate.
sudhAnsu63 提供的解决方案应该适合您。
或者,由于您使用的是 Message 安全性,您可以将其添加到客户端配置文件中:
<serviceCertificate>
<authentication certificateValidationMode="None" />
</serviceCertificate>
如果将自签名证书放在"trusted root Certification Authorities"中,可以避免证书错误。
在代码中使用这个:
using System.ServiceModel; // (to ChannelFactory)
using System.IdentityModel;
ConfigChannel = new ChannelFactory<xxxxxx>(binding, endPoint);
ConfigChannel.Credentials.UserName.UserName = _userName;
ConfigChannel.Credentials.UserName.Password = _password;
ConfigChannel.Credentials.ServiceCertificate.Authentication.CertificateValidationMode = System.ServiceModel.Security.X509CertificateValidationMode.None;