Vb.net .net WebService,绕过ssl验证!
嗯,我正在使用一个证书未100%正确设置的Web服务。证书是为域*.domain1.com设置的,api位于soap.shop.domain1.com/soap。现在我无法连接到此Web服务,因为我收到一个WebException“无法为SSL/TLS安全通道建立trush关系。--> 根据验证过程,远程证书无效Vb.net .net WebService,绕过ssl验证!,vb.net,web-services,ssl,Vb.net,Web Services,Ssl,嗯,我正在使用一个证书未100%正确设置的Web服务。证书是为域*.domain1.com设置的,api位于soap.shop.domain1.com/soap。现在我无法连接到此Web服务,因为我收到一个WebException“无法为SSL/TLS安全通道建立trush关系。--> 根据验证过程,远程证书无效 现在我的问题是,有没有办法绕过此检查?我使用的是正常的Web引用(2.0)而不是服务引用。您需要处理验证证书的事件,并将其设置为始终返回true。有关详细信息,请参阅以下文章: 是的,
现在我的问题是,有没有办法绕过此检查?我使用的是正常的Web引用(2.0)而不是服务引用。您需要处理验证证书的事件,并将其设置为始终返回true。有关详细信息,请参阅以下文章:
是的,您可以使用以下命令让ASP.NET忽略证书警告:
using System;
using System.Net;
using System.Security.Cryptography.X509Certificates;
namespace YourNamespace
public class TrustAllCertificatePolicy : System.Net.ICertificatePolicy
{
public TrustAllCertificatePolicy() {}
public bool CheckValidationResult(ServicePoint sp, X509Certificate cert,WebRequest req, int problem)
{
return true;
}
}
}
对于那些无法确定从何处开始回答这个问题的人来说,这可能并不明显。上面的海报是正确的,但在如何处理给定的代码方面并不明显 假设您在某个地方有一个类需要使用证书调用web服务 以下是我完成的解决方案:
public class MyClass
{
public bool TrustAllCertificatesCallback(object sender, X509Certificate cert,
X509Chain chain, SslPolicyErrors errors)
{
return true;
}
public string CallSomeWebService(string someParam)
{
try
{
ServicePointManager.ServerCertificateValidationCallback = TrustAllCertificatesCallback;
RemoteWebService ws = new RemoteWebService();
//add the client cert to the web service call.
ws.ClientCertificates.Add(GetMyCert());
//call the web service
string response = ws.SomeMethod(someParam);
return response.ToString();
}
catch (Exception ex)
{throw;}
}
public X509Certificate GetMyCert()
{
try
{
string certPath = @"C:\MyCerts\MyCert.cer";
var cert = X509Certificate.CreateFromCertFile(certPath);
return cert;
}
catch (Exception ex)
{throw;}
}
}
选择你喜欢的口味
lambda表达式
//Trust all certificates
System.Net.ServicePointManager.ServerCertificateValidationCallback =
((sender, certificate, chain, sslPolicyErrors) => true);
// trust sender (more secure)
System.Net.ServicePointManager.ServerCertificateValidationCallback
= ((sender, cert, chain, errors) => cert.Subject.Contains("YourServerName"));
或纯clode(更适合测试)
这是伟大的,我喜欢“更安全”的选择,以及排序检查证书可能是远程关闭!
//Trust all certificates
System.Net.ServicePointManager.ServerCertificateValidationCallback =
((sender, certificate, chain, sslPolicyErrors) => true);
// trust sender (more secure)
System.Net.ServicePointManager.ServerCertificateValidationCallback
= ((sender, cert, chain, errors) => cert.Subject.Contains("YourServerName"));
// validate cert
// allows for validation of SSL conversations
ServicePointManager.ServerCertificateValidationCallback += new RemoteCertificateValidationCallback(ValidateRemoteCertificate);
// callback used to validate the certificate in an SSL conversation
private static bool ValidateRemoteCertificate(object sender, X509Certificate cert, X509Chain chain, SslPolicyErrors policyErrors)
{
bool result = false;
if (cert.Subject.ToUpper().Contains("YourServerName"))
{
result = true;
}
return result;
}