开发者

Is it possible to force the WCF test client to accept a self-signed certificate?

I have a WCF web service running in IIS 7 using a self-signed certificate (it's a proof of concept to make sure this is the route I want to go). It's required to use SSL.

Is it possible to use the WCF Test Client to debug this service without needing a non-self-signed certificate?

When I try I get this error:

Error: Cannot obtain Metadata from https:///Service1.svc If this is a Windows (R) Communication Foundation service to which you have access, please check that you have enabled metadata publishing at the specified address. For help enabling metadata publishing, please refer to the MSDN documentation at http://go.microsoft.com/fwlink/?LinkId=65455.WS-Metadata Exchange Error URI: https:///Service1.svc Metadata contains a reference that cannot be resolved: 'https:///Service1.svc'. Could not establish trust relationship for the SSL/TLS secure channel with authority ''. The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel. The remote certificate is invalid according to the validation procedure.HTTP GET Error URI: https:///Service1.svc Ther开发者_运维百科e was an error downloading 'https:///Service1.svc'. The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel. The remote certificate is invalid according to the validation procedure.

EDIT: This question is specifically about using the WCF Test Client to test a web service already secured via SSL using a self-signed certificate. The server is already set up to accept any certificate provided, it's the WCF Test Client I don't see a way to do this for.


You can create a non self-signed certificate in development area and then use this certificate in IIS for applying the SSL. The steps are:

  1. Create self-signed certificate

    makecert -r -pe -n "CN=My Root Authority" -a sha1 -sky signature 
        -ss CA -sr CurrentUser  
        -cy authority 
        -sv CA.pvk CA.cer
  2. Create a non self-signed certificate for SSL which signed by this root certificate and then create pfx-file from that

    makecert -pe -n "CN=servername" -a sha1 -sky exchange
        -eku 1.3.6.1.5.5.7.3.1 -ic CA.cer -iv CA.pvk
        -sp "Microsoft RSA SChannel Cryptographic Provider"
        -sy 12 -sv server.pvk server.cer
    
    pvk2pfx -pvk server.pvk -spc server.cer -pfx server.pfx

now you just need to import the server.pfx into the IIS and setup the web site binding to use this certificate and also install the CA.cer in Local Computer \ Trusted Root Certification Authorities store in both server and client by doing this WCF client would work with the service through HTTPS without any problem.


you should be able to do this if you replace the WCF Test Client with WCFStorm Lite Edition. It's free and is quite a bit more flexible than MS's test client... for example, it'll let you specify a user name & password if you're doing username authentication.


The answer from this question helped in my case. Be sure to use exact machine name as certificate expects. For exampe machine/service.svc may not work, while machine.domain/service.svc - works.


To answer your question... here is how you force your WCF test client to accept a self-signed certificate...

        using (ServiceReference1.Service1Client proxy = new ServiceReference1.Service1Client())
        {
            System.Net.Security.RemoteCertificateValidationCallback callBack = (sender, certificate, chain, sslPolicyErrors) => true;
            ServicePointManager.ServerCertificateValidationCallback += callBack;

            Console.WriteLine(proxy.GetData(35));

            ServicePointManager.ServerCertificateValidationCallback -= callBack;
        }


Yes it is possible.

Just download the generated WSDL from the service (https://localhost/Service1.svc?singleWsdl) and supply the path to this file when adding a service in the WCF Test Client.


You can supply your own method to validate the certificate.

Try this:

ServicePointManager.ServerCertificateValidationCallback +=
            new System.Net.Security.RemoteCertificateValidationCallback(EasyCertCheck);

The call back:

bool EasyCertCheck(object sender, X509Certificate cert,
        X509Chain chain, System.Net.Security.SslPolicyErrors error)
{
    return true;
}
0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜