使用不受信任的证书进行 WP7 HttWebRequest POST?
我正在开发一个进行 REST 服务调用的 Windows Phone 7 应用程序。托管 Web 服务的第三方在当前环境中具有无效证书。当我在 Firefox 中点击 URL 时,我收到有关证书的警告,并询问我是否要继续。我还使用 Poster FF 扩展来测试通话。如果我首先在 Firefox 中接受无效的证书,它可以与 Poster 一起使用。如果我不这样做,那么海报将不会提出请求。
在我的 WP7 模拟器中,我根本无法发出请求。我在 EndGetResponse 方法中收到 404 错误。我提出了与海报中相同的请求,所以我知道该请求没有任何问题。我已经使用相同的代码成功访问了另一个网络服务(不涉及证书),所以我认为这不是代码。我唯一能想到的是 WP7 不允许请求无效的证书。有没有人有过这种情况的经验?有什么办法解决吗?
有没有办法让我的应用程序接受所有通信,即使存在无效的证书?
I'm working on a Windows Phone 7 application that makes a REST service call. The third party that hosts the web services has an invalid certificate in the current environment. When I hit the URL in Firefox, I get a warning about the cert and I am asked if I want to continue. I'm also using the Poster FF extension to test the call. It works with Poster if I first accept the invalid cert in Firefox. If I don't, then POSTER wont make the request.
In my WP7 Emulator, I can't make the request at all. I get a 404 at the EndGetResponse method. I making the same request as in Poster, so I know there is nothing wrong with the request. I have successfully hit another web service using the same code (no certs involved), so I don't think it's the code. The only thing I can think of is that WP7 doesn't allow requests to an invalid cert. Has anyone had experience with this situation? Is there any way around it?
Is there a way I can tell my app to accept all communication, even if there is an invalid cert?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(3)
遗憾的是,无法在电话上执行此操作。通常,即在桌面上,这行简单的代码将禁用证书检查。
如果您查看手机上的 ServicePointManager,就会发现没有可挂钩的回调。这是一个巨大的痛苦。
您是否考虑过写信给服务所有者并询问他们为什么是不良互联网公民? (本质上,您在这里看到的是正在运行的 Web 安全,无论好坏)
正如 Matt 所说,您也许能够在 Web 服务器上编写简单的中继代码。它不一定是一项特殊服务,但可能只是一个为您进行调用并输出 RAW 文本或 XML 的网页。您的电话客户端只需获取此页面并手动选择响应。
有志者事竟成。
卢克
There is sadly no way to do this on the phone. Ordinarily, i.e. on the desktop this simple line of code will disable certificate checking.
If you look at the ServicePointManager on the phone, there's no callback to hook into. It's a massive pain in the arrrrse.
Have you considered writing to the service owner and asking why they're being bad internet citizens? (essentially, what you're seeing here is web security in action, for better or worse)
As Matt says, you might be able to code a simple relay on a web server. It doesn't have to be a special service, but maybe just a web page that does the call for you and spits out RAW text or XML. Your phone client just GETs this page and picks through the response manually.
Where there's a will there's a way.
Luke
您需要在话机上安装颁发方的根CA证书。
您可以通过将 RootCA 通过电子邮件发送给电话用户来完成此操作。他们单击附件,系统会提示他们询问是否要在手机上安装证书。
完成后,您的请求应该会得到通过。
然而,我不相信有一种方法可以在您的应用程序中以编程方式执行此操作。
You need to install the root CA cert of the issuing party on the phone.
You can do this by emailing the RootCA to the user of the phone. They click on the attachement and it will prompt them to ask if they want to install the certificate on the phone.
Once you have done that your requests should go through.
I dont believe there is a way to do this programatically in your app however.
我不知道如何在手机上安装额外的证书。
在这种情况下,我会在您的应用程序和第 3 方网站之间创建一个代理服务,并让您的应用程序调用该服务。如果需要,您可以将代理放在有效的证书后面。
I'm not aware of a way to install additional certificates on the phone.
In this situation I'd create a proxy service between your app and the 3rd party site and have your app call that. If you need to, you could put the proxy behind a valid cert.