Tutorial :.net WebService, bypass ssl validation!



Question:

Well im working agains a webservice that has a certificate that is not 100% correctly setup the certificate is setup for the domain *.domain1.com and the api is located at soap.shop.domain1.com/SOAP now i cant connect to this webservice as i then get a WebException "Could Not establish trush relationship for the SSL/TLS secure channel. --> The remote certificate is invalid according to the validation procedure.

Now my question is there any way to bypass this check i use a normal Web Reference (2.0) not a Service Reference..


Solution:1

Yes, you can use the following to have ASP.NET ignore the certificate warnings:

using System;  using System.Net;  using System.Security.Cryptography.X509Certificates;    namespace YourNamespace      public class TrustAllCertificatePolicy : System.Net.ICertificatePolicy      {          public TrustAllCertificatePolicy() {}            public bool CheckValidationResult(ServicePoint sp, X509Certificate cert,WebRequest req, int problem)          {              return true;          }      }  }  


Solution:2

For those who can't determine where to start with this answer, it may not be obvious. The posters above are getting it right, but it wasn't apparent upfront on what to do with the given code.

Let's say you have a class somewhere that needs to call a web service with a certificate.

Here's my finished solution:

public class MyClass  {        public  bool TrustAllCertificatesCallback(object sender, X509Certificate cert,                                                  X509Chain chain, SslPolicyErrors errors)      {          return true;      }        public string CallSomeWebService(string someParam)      {          try          {               ServicePointManager.ServerCertificateValidationCallback = TrustAllCertificatesCallback;                  RemoteWebService ws = new RemoteWebService();                //add the client cert to the web service call.              ws.ClientCertificates.Add(GetMyCert());                //call the web service              string response = ws.SomeMethod(someParam);                return response.ToString();          }          catch (Exception ex)          {throw;}      }        public X509Certificate GetMyCert()      {          try          {              string certPath = @"C:\MyCerts\MyCert.cer";              var cert = X509Certificate.CreateFromCertFile(certPath);              return cert;          }          catch (Exception ex)          {throw;}      }  }  


Solution:3

System.Net.ServicePointManager.ServerCertificateValidationCallback = _     Function(a, b, c, d) True  


Solution:4

pick you flavor..

lambda expresions

            //Trust all certificates              System.Net.ServicePointManager.ServerCertificateValidationCallback =                  ((sender, certificate, chain, sslPolicyErrors) => true);                // trust sender (more secure)              System.Net.ServicePointManager.ServerCertificateValidationCallback                  = ((sender, cert, chain, errors) => cert.Subject.Contains("YourServerName"));  

or plain clode (better for testing)

            // validate cert              // allows for validation of SSL conversations              ServicePointManager.ServerCertificateValidationCallback += new RemoteCertificateValidationCallback(ValidateRemoteCertificate);        // callback used to validate the certificate in an SSL conversation      private static bool ValidateRemoteCertificate(object sender, X509Certificate cert, X509Chain chain, SslPolicyErrors policyErrors)      {          bool result = false;          if (cert.Subject.ToUpper().Contains("YourServerName"))          {              result = true;          }            return result;      }  


Solution:5

You need to handle the event that validates the certificate and just set it to always return true. See the following post for details:

http://8r13n.wordpress.com/2007/07/24/bypassing-certificate-validation-in-net/


Note:If u also have question or solution just comment us below or mail us on toontricks1994@gmail.com
Previous
Next Post »