我正在尝试访问需要自己颁发的证书的WebService,我在验证过程中遇到错误。
BasicHttpsBinding _binding;
EndpointAddress _address;
X509Certificate2 _certificate;
public ServiceAccess() //Constructor
{
_binding = new BasicHttpsBinding(BasicHttpsSecurityMode.TransportWithCredential);
//With Credential because I've read on many tutorials that if I don't use this mode,
//IIS will validate the certificate first and fail without ever calling my custom validator
_certificate = new X509Certificate2(); //I don't know why 2 except for the identity code below
Byte[] bytes = Loader.EmbeddedResources.ToByteArray("Namespace.Project.certificate.crt");
_certificate.Import(bytes);
EndpointIdentity identity = EndpointIdentity.Create509CertificateIdentity(_certificate);
_address = new EndpointAddress(new Uri("https://www.service.com/secure"), identity);
}
public void Start()
{
ServiceClient client = new ServiceClient(_binding, _address);
client.ClientCredentials.ServiceCertificate.Authentication.CertificateValidationMode = X509CertificateValidationMode.Custom;
client.ClientCredentials.ServiceCertificate.Authentication.CustomCertificateValidator = new CustomCertificateValidator();
client.ClientCredentials.ClientCertificate.Certificate = _certificate; //why do I need to set this certificate again if I already defined it in the endpointAddress?
try
{
client.DoSomething();
}
catch (Exception ex)
{
//Error estabilishing a secure connection
//Error the certificate doesn't have a private key
}
}
我的自定义验证器:
public class CustomValidator : X509CertificateValidator
{
public override void Validate(X509Certificate2 certificate)
{
//This never gets called
throw new Exception("Custom Validator Called!");
}
}
由于证书是由他们自己发布的,我想添加自定义验证器进行调试,并使其跳过导致验证错误的任何内容,但保留其他所有内容。 我怎样才能做到这一点?