[我正在构建.NET Core 3.1应用程序,试图通过HTTPS调用WCF服务并暂时禁用服务器证书的SSL身份验证。
有一个明确记录的方法可以实现这一目标。即,通过在ServiceCertificate.SslCertificateAuthentication
类上设置ChannelFactory
属性。
下面是用于设置het绑定,端点和ClientCredentials的代码。
var endpointAddress = new EndpointAddress("https://*.com");
var binding = new BasicHttpsBinding();
binding.Security.Mode = BasicHttpsSecurityMode.Transport;
binding.Security.Transport = new HttpTransportSecurity()
{
ClientCredentialType = HttpClientCredentialType.None
};
var factory = new ChannelFactory<IService>(binding, endpointAddress);
factory.Credentials.ServiceCertificate.SslCertificateAuthentication = new X509ServiceCertificateAuthentication()
{
CertificateValidationMode = X509CertificateValidationMode.None,
RevocationMode = X509RevocationMode.NoCheck
};
factory.Credentials.ServiceCertificate.Authentication.CertificateValidationMode = X509CertificateValidationMode.None;
factory.Credentials.ServiceCertificate.Authentication.RevocationMode = X509RevocationMode.NoCheck;
var client = factory.CreateChannel();
client.Call();
但是,当我运行此代码时,我收到异常链:
我希望WCF客户端跳过SSL身份验证。
我还尝试通过扩展X509CertificateValidator
并以以下方式配置它来使用自定义证书验证器:
factory.Credentials.ServiceCertificate.SslCertificateAuthentication = new X509ServiceCertificateAuthentication()
{
CertificateValidationMode = X509CertificateValidationMode.Custom,
CustomCertificateValidator = new CustomCertificateValidator();
};
factory.Credentials.ServiceCertificate.Authentication.CertificateValidationMode = X509CertificateValidationMode.Custom;
factory.Credentials.ServiceCertificate.Authentication.CustomCertificateValidator = new CustomCertificateValidator();
正如您可能期望的那样,我收到与以前相同的例外。更糟糕的是,我的CustomCertificate.Validate(..)方法根本没有被调用。
WCF似乎提供了可以进行很多控制的API,但是无论我尝试什么,我的策略/配置似乎都不会受到任何尊重。
这里可能会发生什么?
下面的代码在DotCore项目中要求SSL身份验证时将起作用。
Uri uri = new Uri("https://vabqia969vm:21011");
BasicHttpsBinding binding = new BasicHttpsBinding();
binding.Security.Mode = BasicHttpsSecurityMode.Transport;
binding.Security.Transport.ClientCredentialType = HttpClientCredentialType.None;
ChannelFactory<IService> factory = new ChannelFactory<IService>(binding, new EndpointAddress(uri));
factory.Credentials.ServiceCertificate.SslCertificateAuthentication = new System.ServiceModel.Security.X509ServiceCertificateAuthentication()
{
CertificateValidationMode = System.ServiceModel.Security.X509CertificateValidationMode.None,
RevocationMode = System.Security.Cryptography.X509Certificates.X509RevocationMode.NoCheck
};
//these two lines will not work.
//factory.Credentials.ServiceCertificate.Authentication.CertificateValidationMode = System.ServiceModel.Security.X509CertificateValidationMode.None;
//factory.Credentials.ServiceCertificate.Authentication.RevocationMode = System.Security.Cryptography.X509Certificates.X509RevocationMode.NoCheck;
var client = factory.CreateChannel();
var result = client.TestAsync();
Console.WriteLine(result.Result);
在我这边,它运作良好。我认为服务器端出了点问题。如您所知,我们应该确保客户端和服务器端之间的绑定类型是一致的。服务器端的详细信息是什么?