是否可以强制 WCF 测试客户端接受自签名证书?

发布于 2024-09-01 07:03:08 字数 905 浏览 14 评论 0原文

我有一个使用自签名证书在 IIS 7 中运行的 WCF Web 服务(这是一个概念证明,以确保这是我想要走的路线)。需要使用 SSL。

是否可以使用 WCF 测试客户端来调试此服务,而无需非自签名证书?

当我尝试时出现此错误:

错误:无法从中获取元数据 https:///Service1.svc 如果这是 Windows (R) 通信 您拥有的基金会服务 访问权限,请检查您是否拥有 启用元数据发布 指定地址。如需帮助启用 元数据发布,请参考 MSDN 文档位于 http://go.microsoft.com/fwlink/?LinkId=65455.WS -元数据 交换错误 URI: https:///Service1.svc 元数据包含一个参考 无法解决: 'https:///Service1.svc'。 无法建立信任关系 对于 SSL/TLS 安全通道 权威 ''。这 底层连接已关闭: 无法建立信任关系 用于 SSL/TLS 安全通道。这 远程证书无效 根据验证 procedure.HTTP GET 错误 URI: https:///Service1.svc 下载时出现错误 'https:///Service1.svc'。 底层连接已关闭: 无法建立信任关系 用于 SSL/TLS 安全通道。这 远程证书无效 根据验证程序。

编辑:这个问题具体是关于使用 WCF 测试客户端 来测试已使用自签名证书通过 SSL 保护的 Web 服务。服务器已设置为接受提供的任何证书,这是 WCF 测试客户端,我看不到执行此操作的方法。

I have a WCF web service running in IIS 7 using a self-signed certificate (it's a proof of concept to make sure this is the route I want to go). It's required to use SSL.

Is it possible to use the WCF Test Client to debug this service without needing a non-self-signed certificate?

When I try I get this error:

Error: Cannot obtain Metadata from
https:///Service1.svc
If this is a Windows (R) Communication
Foundation service to which you have
access, please check that you have
enabled metadata publishing at the
specified address. For help enabling
metadata publishing, please refer to
the MSDN documentation at
http://go.microsoft.com/fwlink/?LinkId=65455.WS-Metadata
Exchange Error URI:
https:///Service1.svc
Metadata contains a reference that
cannot be resolved:
'https:///Service1.svc'.
Could not establish trust relationship
for the SSL/TLS secure channel with
authority ''. The
underlying connection was closed:
Could not establish trust relationship
for the SSL/TLS secure channel. The
remote certificate is invalid
according to the validation
procedure.HTTP GET Error URI:
https:///Service1.svc
There was an error downloading
'https:///Service1.svc'.
The underlying connection was closed:
Could not establish trust relationship
for the SSL/TLS secure channel. The
remote certificate is invalid
according to the validation procedure.

EDIT: This question is specifically about using the WCF Test Client to test a web service already secured via SSL using a self-signed certificate. The server is already set up to accept any certificate provided, it's the WCF Test Client I don't see a way to do this for.

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(7

甜扑 2024-09-08 07:03:08

您可以在开发区域创建一个非自签名证书,然后在 IIS 中使用该证书来应用 SSL。步骤是:

  1. 创建自签名证书

    makecert -r -pe -n "CN=我的根权限" -a sha1 -sky 签名 
        -ss CA -sr 当前用户  
        -cy权威 
        -sv CA.pvk CA.cer
  2. 为 SSL 创建一个由该根证书签名的非自签名证书,然后从中创建 pfx 文件

    makecert -pe -n "CN=服务器名称" -a sha1 -sky 交换
        -eku 1.3.6.1.5.5.7.3.1 -ic CA.cer -iv CA.pvk
        -sp“Microsoft RSA SChannel 加密提供程序”
        -sy 12 -sv 服务器.pvk 服务器.cer
    
    pvk2pfx -pvk server.pvk -spc server.cer -pfx server.pfx

现在您只需导入server.pfx 进入 IIS 并设置网站绑定以使用此证书,并在 本地计算机 \ 中安装 CA.cer >受信任的根证书颁发机构存储在服务器和客户端中,通过执行此操作,WCF 客户端将通过 HTTPS 使用服务,不会出现任何问题。

You can create a non self-signed certificate in development area and then use this certificate in IIS for applying the SSL. The steps are:

  1. Create self-signed certificate

    makecert -r -pe -n "CN=My Root Authority" -a sha1 -sky signature 
        -ss CA -sr CurrentUser  
        -cy authority 
        -sv CA.pvk CA.cer
  2. Create a non self-signed certificate for SSL which signed by this root certificate and then create pfx-file from that

    makecert -pe -n "CN=servername" -a sha1 -sky exchange
        -eku 1.3.6.1.5.5.7.3.1 -ic CA.cer -iv CA.pvk
        -sp "Microsoft RSA SChannel Cryptographic Provider"
        -sy 12 -sv server.pvk server.cer
    
    pvk2pfx -pvk server.pvk -spc server.cer -pfx server.pfx

now you just need to import the server.pfx into the IIS and setup the web site binding to use this certificate and also install the CA.cer in Local Computer \ Trusted Root Certification Authorities store in both server and client by doing this WCF client would work with the service through HTTPS without any problem.

爱要勇敢去追 2024-09-08 07:03:08

you should be able to do this if you replace the WCF Test Client with WCFStorm Lite Edition. It's free and is quite a bit more flexible than MS's test client... for example, it'll let you specify a user name & password if you're doing username authentication.

月下客 2024-09-08 07:03:08

这个问题的答案有帮助就我而言。请务必使用证书所期望的准确机器名称。例如,machine/service.svc 可能无法工作,而 machine.domain/service.svc - 可以工作。

The answer from this question helped in my case. Be sure to use exact machine name as certificate expects. For exampe machine/service.svc may not work, while machine.domain/service.svc - works.

演多会厌 2024-09-08 07:03:08

要回答您的问题...以下是如何强制 WCF 测试客户端接受自签名证书...

        using (ServiceReference1.Service1Client proxy = new ServiceReference1.Service1Client())
        {
            System.Net.Security.RemoteCertificateValidationCallback callBack = (sender, certificate, chain, sslPolicyErrors) => true;
            ServicePointManager.ServerCertificateValidationCallback += callBack;

            Console.WriteLine(proxy.GetData(35));

            ServicePointManager.ServerCertificateValidationCallback -= callBack;
        }

To answer your question... here is how you force your WCF test client to accept a self-signed certificate...

        using (ServiceReference1.Service1Client proxy = new ServiceReference1.Service1Client())
        {
            System.Net.Security.RemoteCertificateValidationCallback callBack = (sender, certificate, chain, sslPolicyErrors) => true;
            ServicePointManager.ServerCertificateValidationCallback += callBack;

            Console.WriteLine(proxy.GetData(35));

            ServicePointManager.ServerCertificateValidationCallback -= callBack;
        }
高冷爸爸 2024-09-08 07:03:08

是的,这是可能的。

只需从服务下载生成的 WSDL (https://localhost/Service1.svc?singleWsdl) 并在 WCF 测试客户端中添加服务时提供此文件的路径。

Yes it is possible.

Just download the generated WSDL from the service (https://localhost/Service1.svc?singleWsdl) and supply the path to this file when adding a service in the WCF Test Client.

拍不死你 2024-09-08 07:03:08

在 IIS 中将 https 绑定添加到我的网站并选择 IIS Express 开发证书后,我遇到了同样的问题。

事实证明,要使 https 正常工作,我还必须输入绑定的主机名。就我而言,localhost

编辑站点绑定

I had the same issue after adding a https binding to my site in IIS and choosing the IIS Express Development Certificate.

It turned out that for https to work I also had to input the host name for the binding. In my case localhost.

Edit Site Binding

爱情眠于流年 2024-09-08 07:03:08

您可以提供自己的方法来验证证书。

试试这个:

ServicePointManager.ServerCertificateValidationCallback +=
            new System.Net.Security.RemoteCertificateValidationCallback(EasyCertCheck);

回电:

bool EasyCertCheck(object sender, X509Certificate cert,
        X509Chain chain, System.Net.Security.SslPolicyErrors error)
{
    return true;
}

You can supply your own method to validate the certificate.

Try this:

ServicePointManager.ServerCertificateValidationCallback +=
            new System.Net.Security.RemoteCertificateValidationCallback(EasyCertCheck);

The call back:

bool EasyCertCheck(object sender, X509Certificate cert,
        X509Chain chain, System.Net.Security.SslPolicyErrors error)
{
    return true;
}
~没有更多了~
我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
原文