Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

How to accept a self-signed SSL certificate in a WCF client?

This may be a stupid question but I just can't find the answer.

What I would like to do: I have a WCF service hosted by IIS. It is working perfectly, I can access the wsdl, I have a self-signed certificate for the server etc. I would like to call this service from a WPF client.

The problem is, since I have a self-signed certificate, I get the following exception when calling the service: Could not establish trust relationship for the SSL/TLS secure channel with authority 'localhost'.

If I access the site (or the service) from a browser, it is no problem, because the browser warns me about the certificate, and gives me the choice of viewing the page anyway. But the WPF client just throws an exception.

I don't want to completely turn off the authentication process, I simply would like to give the users the option of ignoring this warning (as browsers do).

Can anyone provide some code for this? If you ran into a good, detailed tutorial about this, it would be awesome too. (See, my problem with the tutorials I've found is the lack of details)

like image 492
Tenshiko Avatar asked Feb 12 '11 08:02

Tenshiko


People also ask

How to configure WCF service with SSL certificate?

How to: Configure an IIS-hosted WCF service with SSL 1 Creating a Self-Signed Certificate. Open Internet Information Services Manager (inetmgr.exe), and select your computer name in the left-hand tree view. 2 Add SSL Binding. ... 3 Configure Virtual Directory for SSL. ... 4 Configure WCF Service for HTTP Transport Security. ...

What type of SSL certificate is used for a web server?

In this scenario, the service is hosted under Internet Information Services (IIS) which is configured with Secure Sockets Layer (SSL). The service is configured with an SSL (X.509) certificate to allow clients to verify the identity of the server.

What is a client SSL connection?

client’s SSL connection. be using in a setup where clients talk directly to your application. your server. subcommands and helper script to run as a certificate authority. On the need in the “Certificate Assistant” submenu of the application menu.

How do I create a self signed certificate in Windows 10?

Creating a Self-Signed Certificate Open Internet Information Services Manager (inetmgr.exe), and select your computer name in the left-hand tree view. In the Server Certificates window click the Create Self-Signed Certificate…. Enter a friendly name for the self-signed certificate and click OK.


2 Answers

Here's the minimum amount of code you need to make WCF client accept an arbitrary certificate. This is not secure. Use for testing only. Don't blame me if this code goes berserk and eats your little kitten.

ServicePointManager.ServerCertificateValidationCallback +=
            new System.Net.Security.RemoteCertificateValidationCallback(EasyCertCheck);

The call back:

bool EasyCertCheck(object sender, X509Certificate cert,
        X509Chain chain, System.Net.Security.SslPolicyErrors error)
{
    return true;
}

Code shamelessly lifted from the least helpful answer to Is it possible to force the WCF test client to accept a self-signed certificate?

like image 109
user8032 Avatar answered Sep 22 '22 00:09

user8032


You can register the certificate yourself. If load the certificate in the client as well, and then register the it as trusted you shouldn't get that warning.

You need to find a X509CertificateCollection and add the certificate to that collection. I had this kind of problem with a SmtpClient running over Ssl.

By hooking the System.Net.ServicePointManager.ServerCertificateValidationCallback or implementing System.Net.ICertificatePolicy and identify my own installed certificate as valid/trusted (attached to the System.Net.ServicePointManager.CertificatePolicy).

This is not WCF stuff per se, but from what I could tell, this should translate to WCF as well. It all depends what WCF is uses under the hood.

like image 26
John Leidegren Avatar answered Sep 21 '22 00:09

John Leidegren