在.NET調用加了SSL驗證的WebService可讓我費了不少心思。要使用SSL證書加密,必須要根據證書創建X509Certificate實例,添加到WebService實例的ClientCertificates集合屬性中:
string certificateFile = AppDomain.CurrentDomain.BaseDirectory + @"/certificate.cer";
System.Security.Cryptography.X509Certificates.X509Certificate certificate =
System.Security.Cryptography.X509Certificates.X509Certificate.CreateFromCertFile(certificateFile);
creatinoService.ClientCertificates.Add(certificate);
但是我這裏,調用卻會提示出現:The remote certificate is invalid according to the validation procedure.異常,它的內部異常是WebException: The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel。通過網絡資源找到了解決方案:
using System.Net;
using System.Security.Cryptography.X509Certificates;
public class MyPolicy : ICertificatePolicy {
public bool CheckValidationResult(
ServicePoint srvPoint
, X509Certificate certificate
, WebRequest request
, int certificateProblem) {
//Return True to force the certificate to be accepted.
return true;
} // end CheckValidationResult
} // class MyPolicy
System.Net.ServicePointManager.CertificatePolicy = new MyPolicy();
通過上面的代碼,馬上就解決了我的問題。
但是由於是使用.NET 2.0,它會提示你CertificatePolicy 屬性已經過期了,我們可以使用下面的回調方式來替代它:
System.Net.ServicePointManager.ServerCertificateValidationCallback =
new System.Net.Security.RemoteCertificateValidationCallback(RemoteCertificateValidationCallback);
增加一個靜態回調函數:
public static bool RemoteCertificateValidationCallback(
Object sender,
X509Certificate certificate,
X509Chain chain,
System.Net.Security.SslPolicyErrors sslPolicyErrors
)
{
//Return True to force the certificate to be accepted.
return false;
}
你會發現,這樣同樣也能解決這個問題。
相關文章:
http://blog.joycode.com/mvm/archive/2006/03/25/734...
http://blog.jerrysherman.com/PermaLink,guid,c26899...