Menu
I'm trying to bypass https certificate validation only to our own testing environment (multiple machines), while trying to keep certificate validation for all the other connection.
From reading online, most (if not all) WCF related suggestion seems to point to the something similar of following
ServicePointManager.ServerCertificateValidationCallback = delegate { return true; };
However, this is a global setting and I would like to apply this for only a specific connection. Is this even possible/supported usage scenario?
968
To check an SSL certificate on any website, all you need to do is follow two simple steps. First, check if the URL of the website begins with HTTPS, where S indicates it has an SSL certificate. Second, click on the padlock icon on the address bar to check all the detailed information related to the certificate.
To program Windows Communication Foundation (WCF) security, X. 509 digital certificates are commonly used to authenticate clients and servers, encrypt, and digitally sign messages.
I was finally able to found a real solution when using .net 4.5.
This code allows you to use a custom validator only for a specific WCF client.
It has been tested against BasicHttpBinding with BasicHttpSecurityMode.Transport.
There is a new property named SslCertificateAuthentication in ClientBase.ClientCredentials.ServiceCertificate.
You can initialize this property with a X509ServiceCertificateAuthentication where you can provide a custom X509CertificateValidator.
For example:
// initialize the ssl certificate authentication
client.ClientCredentials.ServiceCertificate.SslCertificateAuthentication = new X509ServiceCertificateAuthentication()
{
CertificateValidationMode = X509CertificateValidationMode.Custom,
CustomCertificateValidator = new CustomValidator(serverCert)
};
// simple custom validator, only valid against a specific thumbprint
class CustomValidator : X509CertificateValidator
{
private readonly X509Certificate2 knownCertificate;
public CustomValidator(X509Certificate2 knownCertificate)
{
this.knownCertificate = knownCertificate;
}
public override void Validate(X509Certificate2 certificate)
{
if (this.knownCertificate.Thumbprint != certificate.Thumbprint)
{
throw new SecurityTokenValidationException("Unknown certificate");
}
}
}
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
