0

我在我的项目中添加了 WCF 连接服务引用并设置ServicePointManager.ServerCertificateValidationCallback功能。由于某种原因,当我请求服务器时,此回调函数被忽略。如果用户确认,我必须通知用户证书问题并继续请求。

static async Task Main(string[] args)
{
    ServicePointManager.ServerCertificateValidationCallback = MyServerCertificateValidationCallback;
    var data = new DataSoapClient(DataSoapClient.EndpointConfiguration.DataSoap);
    data.Endpoint.Address = new EndpointAddress("https://open.helios.eu/demo/Data.asmx");
    (data.Endpoint.Binding as BasicHttpBinding).Security.Mode = BasicHttpSecurityMode.Transport;
    var result = (await data.GetInfoAsync("GETREDIRECTINFO", string.Empty)).Body.GetInfoResult;
    Console.WriteLine(result);
}

private static bool MyServerCertificateValidationCallback(object sender, X509Certificate certificate, X509Chain chain, SslPolicyErrors sslPolicyErrors)
{
    // function won't execute
    return true;
}
4

2 回答 2

2

最后我找到了解决我的问题的方法。正如 Abraham Quan 所提到的,回调在 .net 核心中不起作用,所以我不得不使用不同的方法并使用 X509CertificateValidator。这是一个代码片段:

        static async Task Main(string[] args)
        {
            var data = new ServiceReference1.Service1Client(Service1Client.EndpointConfiguration.BasicHttpsBinding_IService1);
            data.Endpoint.Address = new EndpointAddress("https://localhost:5035/Service1.svc");
            (data.Endpoint.Binding as BasicHttpBinding).Security.Mode = BasicHttpSecurityMode.Transport;

            data.ClientCredentials.ServiceCertificate.SslCertificateAuthentication = new X509ServiceCertificateAuthentication();
            data.ClientCredentials.ServiceCertificate.SslCertificateAuthentication.CertificateValidationMode = X509CertificateValidationMode.Custom;
            data.ClientCredentials.ServiceCertificate.SslCertificateAuthentication.CustomCertificateValidator = new Validator();

            var result = await data.GetDataAsync(1);
            Console.WriteLine(result);
        }

并且有验证器:

    internal class Validator : X509CertificateValidator
    {
        public override void Validate(X509Certificate2 certificate)
        {
            X509Chain chain = new X509Chain();
            if (!chain.Build(certificate))
            {
                Console.WriteLine($"{chain.ChainStatus.FirstOrDefault().StatusInformation}. Press y to proceed...");
                if(Console.ReadKey().KeyChar != 'y')
                    throw new SecurityTokenValidationException("Service certification is not valid.");
            }
        }
    }
于 2019-10-10T08:47:26.033 回答
0 
ServicePointManager.ServerCertificateValidationCallback += delegate
            {
                return true;
            };

此代码片段在 Dotnetframework 项目中有效,在 Dotnet Core 项目中无效。一般在保证证书可信的情况下,我们应该将服务器提供的证书安装到客户端的Root CA证书库中。 此外,以下代码段适用于 DotNet Core 项目和 Dotnetframework 项目。
在此处输入图像描述

ServiceReference1.TestServiceClient client = new ServiceReference1.TestServiceClient();
        client.ClientCredentials.ServiceCertificate.SslCertificateAuthentication = new System.ServiceModel.Security.X509ServiceCertificateAuthentication
        {
            CertificateValidationMode = System.ServiceModel.Security.X509CertificateValidationMode.None,
            RevocationMode = System.Security.Cryptography.X509Certificates.X509RevocationMode.NoCheck
        };

如果问题仍然存在,请随时告诉我。

于 2019-10-10T03:23:41.297 回答