Fatal编程技术网
  • vb.net/
  • Vb.net .net WebService,绕过ssl验证!

Vb.net .net WebService,绕过ssl验证!

vb.net web-services ssl

Vb.net .net WebService,绕过ssl验证!,vb.net,web-services,ssl,Vb.net,Web Services,Ssl,嗯,我正在使用一个证书未100%正确设置的Web服务。证书是为域*.domain1.com设置的,api位于soap.shop.domain1.com/soap。现在我无法连接到此Web服务,因为我收到一个WebException“无法为SSL/TLS安全通道建立trush关系。--> 根据验证过程,远程证书无效 现在我的问题是,有没有办法绕过此检查?我使用的是正常的Web引用(2.0)而不是服务引用。您需要处理验证证书的事件,并将其设置为始终返回true。有关详细信息,请参阅以下文章: 是的,

嗯,我正在使用一个证书未100%正确设置的Web服务。证书是为域*.domain1.com设置的,api位于soap.shop.domain1.com/soap。现在我无法连接到此Web服务,因为我收到一个WebException“无法为SSL/TLS安全通道建立trush关系。--> 根据验证过程,远程证书无效

现在我的问题是,有没有办法绕过此检查?我使用的是正常的Web引用(2.0)而不是服务引用。

您需要处理验证证书的事件,并将其设置为始终返回true。有关详细信息,请参阅以下文章:

是的,您可以使用以下命令让ASP.NET忽略证书警告:

using System;
using System.Net;
using System.Security.Cryptography.X509Certificates;

namespace YourNamespace
    public class TrustAllCertificatePolicy : System.Net.ICertificatePolicy
    {
        public TrustAllCertificatePolicy() {}

        public bool CheckValidationResult(ServicePoint sp, X509Certificate cert,WebRequest req, int problem)
        {
            return true;
        }
    }
}
对于那些无法确定从何处开始回答这个问题的人来说,这可能并不明显。上面的海报是正确的,但在如何处理给定的代码方面并不明显

假设您在某个地方有一个类需要使用证书调用web服务

以下是我完成的解决方案:

public class MyClass
{

    public  bool TrustAllCertificatesCallback(object sender, X509Certificate cert,
                                                X509Chain chain, SslPolicyErrors errors)
    {
        return true;
    }

    public string CallSomeWebService(string someParam)
    {
        try
        { 
            ServicePointManager.ServerCertificateValidationCallback = TrustAllCertificatesCallback;


            RemoteWebService ws = new RemoteWebService();

            //add the client cert to the web service call.
            ws.ClientCertificates.Add(GetMyCert());

            //call the web service
            string response = ws.SomeMethod(someParam);

            return response.ToString();
        }
        catch (Exception ex)
        {throw;}
    }

    public X509Certificate GetMyCert()
    {
        try
        {
            string certPath = @"C:\MyCerts\MyCert.cer";
            var cert = X509Certificate.CreateFromCertFile(certPath);
            return cert;
        }
        catch (Exception ex)
        {throw;}
    }
}
选择你喜欢的口味

lambda表达式

            //Trust all certificates
            System.Net.ServicePointManager.ServerCertificateValidationCallback =
                ((sender, certificate, chain, sslPolicyErrors) => true);

            // trust sender (more secure)
            System.Net.ServicePointManager.ServerCertificateValidationCallback
                = ((sender, cert, chain, errors) => cert.Subject.Contains("YourServerName"));
或纯clode(更适合测试)

这是伟大的,我喜欢“更安全”的选择,以及排序检查证书可能是远程关闭! 
            //Trust all certificates
            System.Net.ServicePointManager.ServerCertificateValidationCallback =
                ((sender, certificate, chain, sslPolicyErrors) => true);

            // trust sender (more secure)
            System.Net.ServicePointManager.ServerCertificateValidationCallback
                = ((sender, cert, chain, errors) => cert.Subject.Contains("YourServerName"));

            // validate cert
            // allows for validation of SSL conversations
            ServicePointManager.ServerCertificateValidationCallback += new RemoteCertificateValidationCallback(ValidateRemoteCertificate);

    // callback used to validate the certificate in an SSL conversation
    private static bool ValidateRemoteCertificate(object sender, X509Certificate cert, X509Chain chain, SslPolicyErrors policyErrors)
    {
        bool result = false;
        if (cert.Subject.ToUpper().Contains("YourServerName"))
        {
            result = true;
        }

        return result;
    }