1. 技术文章
  2. Is it possible to force the WCF test client to accept a self-signed certificate?

Is it possible to force the WCF test client to accept a self-signed certificate?

江枫思渺然 提交于 2019-12-29 18:49:13

问题


I have a WCF web service running in IIS 7 using a self-signed certificate (it's a proof of concept to make sure this is the route I want to go). It's required to use SSL.

Is it possible to use the WCF Test Client to debug this service without needing a non-self-signed certificate?

When I try I get this error:

Error: Cannot obtain Metadata from https:///Service1.svc If this is a Windows (R) Communication Foundation service to which you have access, please check that you have enabled metadata publishing at the specified address. For help enabling metadata publishing, please refer to the MSDN documentation at http://go.microsoft.com/fwlink/?LinkId=65455.WS-Metadata Exchange Error URI: https:///Service1.svc Metadata contains a reference that cannot be resolved: 'https:///Service1.svc'. Could not establish trust relationship for the SSL/TLS secure channel with authority ''. The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel. The remote certificate is invalid according to the validation procedure.HTTP GET Error URI: https:///Service1.svc There was an error downloading 'https:///Service1.svc'. The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel. The remote certificate is invalid according to the validation procedure.

EDIT: This question is specifically about using the WCF Test Client to test a web service already secured via SSL using a self-signed certificate. The server is already set up to accept any certificate provided, it's the WCF Test Client I don't see a way to do this for.


回答1:


You can create a non self-signed certificate in development area and then use this certificate in IIS for applying the SSL. The steps are:

  1. Create self-signed certificate

    makecert -r -pe -n "CN=My Root Authority" -a sha1 -sky signature 
    -ss CA -sr CurrentUser  
    -cy authority 
    -sv CA.pvk CA.cer

  2. Create a non self-signed certificate for SSL which signed by this root certificate and then create pfx-file from that

    makecert -pe -n "CN=servername" -a sha1 -sky exchange
    -eku 1.3.6.1.5.5.7.3.1 -ic CA.cer -iv CA.pvk
    -sp "Microsoft RSA SChannel Cryptographic Provider"
    -sy 12 -sv server.pvk server.cer

pvk2pfx -pvk server.pvk -spc server.cer -pfx server.pfx

now you just need to import the server.pfx into the IIS and setup the web site binding to use this certificate and also install the CA.cer in Local Computer \ Trusted Root Certification Authorities store in both server and client by doing this WCF client would work with the service through HTTPS without any problem.




回答2:


you should be able to do this if you replace the WCF Test Client with WCFStorm Lite Edition. It's free and is quite a bit more flexible than MS's test client... for example, it'll let you specify a user name & password if you're doing username authentication.




回答3:


The answer from this question helped in my case. Be sure to use exact machine name as certificate expects. For exampe machine/service.svc may not work, while machine.domain/service.svc - works.




回答4:


To answer your question... here is how you force your WCF test client to accept a self-signed certificate...

        using (ServiceReference1.Service1Client proxy = new ServiceReference1.Service1Client())
        {
            System.Net.Security.RemoteCertificateValidationCallback callBack = (sender, certificate, chain, sslPolicyErrors) => true;
            ServicePointManager.ServerCertificateValidationCallback += callBack;

            Console.WriteLine(proxy.GetData(35));

            ServicePointManager.ServerCertificateValidationCallback -= callBack;
        }



回答5:


Yes it is possible.

Just download the generated WSDL from the service (https://localhost/Service1.svc?singleWsdl) and supply the path to this file when adding a service in the WCF Test Client.




回答6:


You can supply your own method to validate the certificate.

Try this:

ServicePointManager.ServerCertificateValidationCallback +=
            new System.Net.Security.RemoteCertificateValidationCallback(EasyCertCheck);

The call back:

bool EasyCertCheck(object sender, X509Certificate cert,
        X509Chain chain, System.Net.Security.SslPolicyErrors error)
{
    return true;
}


来源:https://stackoverflow.com/questions/2792539/is-it-possible-to-force-the-wcf-test-client-to-accept-a-self-signed-certificate

标签
wcf
ssl
ssl-certificate
self-signed
wcftestclient
易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!