WCF NetCore Skip Certificate Validation









up vote
0
down vote

favorite












I'm trying to use a WCF api with .Net Core 2.1.2, but I'm currently facing some issues with certified validations.



The main problem is, when I'm DEBUGGING I can make requests against the server. When I deploy a executable file of my project and run in my machine, I can make requests either. But, when I copy the same executable to the acceptance environment, the code throws an exception "could not establish trust relationship for the SSL/TLS secure channel"



My machine is outside of the acceptance environment (I'm using a VPN). The acceptance machine is inside the environment.



Any ideas of what is going on ?



Thanks !



private WSClient InstantiateProxy()

WSClient accessWSClient = new WSClient(EndpointConfiguration.MIAccessPort, Configuration["AppConfiguration:Endpoint"]);

accessWSClient.ClientCredentials.Windows.ClientCredential =
new NetworkCredential(Configuration["AppConfiguration:Username"], Configuration["AppConfiguration:Password"]);

ConfigureBinding(accessWSClient);

accessWSClient.ClientCredentials.ServiceCertificate.SslCertificateAuthentication = new X509ServiceCertificateAuthentication

CertificateValidationMode = X509CertificateValidationMode.None,
RevocationMode = X509RevocationMode.NoCheck,
;

return accessWSClient;


private static void ConfigureBinding(WSClient accessWSClient)

System.ServiceModel.BasicHttpBinding binding = new System.ServiceModel.BasicHttpBinding

MaxBufferSize = int.MaxValue,
ReaderQuotas = System.Xml.XmlDictionaryReaderQuotas.Max,
MaxReceivedMessageSize = int.MaxValue,
AllowCookies = true
;

binding.Security.Mode = System.ServiceModel.BasicHttpSecurityMode.Transport;
binding.Security.Transport.ClientCredentialType = System.ServiceModel.HttpClientCredentialType.Windows;

accessWSClient.Endpoint.Binding = binding;










share|improve this question



























    up vote
    0
    down vote

    favorite












    I'm trying to use a WCF api with .Net Core 2.1.2, but I'm currently facing some issues with certified validations.



    The main problem is, when I'm DEBUGGING I can make requests against the server. When I deploy a executable file of my project and run in my machine, I can make requests either. But, when I copy the same executable to the acceptance environment, the code throws an exception "could not establish trust relationship for the SSL/TLS secure channel"



    My machine is outside of the acceptance environment (I'm using a VPN). The acceptance machine is inside the environment.



    Any ideas of what is going on ?



    Thanks !



    private WSClient InstantiateProxy()

    WSClient accessWSClient = new WSClient(EndpointConfiguration.MIAccessPort, Configuration["AppConfiguration:Endpoint"]);

    accessWSClient.ClientCredentials.Windows.ClientCredential =
    new NetworkCredential(Configuration["AppConfiguration:Username"], Configuration["AppConfiguration:Password"]);

    ConfigureBinding(accessWSClient);

    accessWSClient.ClientCredentials.ServiceCertificate.SslCertificateAuthentication = new X509ServiceCertificateAuthentication

    CertificateValidationMode = X509CertificateValidationMode.None,
    RevocationMode = X509RevocationMode.NoCheck,
    ;

    return accessWSClient;


    private static void ConfigureBinding(WSClient accessWSClient)

    System.ServiceModel.BasicHttpBinding binding = new System.ServiceModel.BasicHttpBinding

    MaxBufferSize = int.MaxValue,
    ReaderQuotas = System.Xml.XmlDictionaryReaderQuotas.Max,
    MaxReceivedMessageSize = int.MaxValue,
    AllowCookies = true
    ;

    binding.Security.Mode = System.ServiceModel.BasicHttpSecurityMode.Transport;
    binding.Security.Transport.ClientCredentialType = System.ServiceModel.HttpClientCredentialType.Windows;

    accessWSClient.Endpoint.Binding = binding;










    share|improve this question

























      up vote
      0
      down vote

      favorite









      up vote
      0
      down vote

      favorite











      I'm trying to use a WCF api with .Net Core 2.1.2, but I'm currently facing some issues with certified validations.



      The main problem is, when I'm DEBUGGING I can make requests against the server. When I deploy a executable file of my project and run in my machine, I can make requests either. But, when I copy the same executable to the acceptance environment, the code throws an exception "could not establish trust relationship for the SSL/TLS secure channel"



      My machine is outside of the acceptance environment (I'm using a VPN). The acceptance machine is inside the environment.



      Any ideas of what is going on ?



      Thanks !



      private WSClient InstantiateProxy()

      WSClient accessWSClient = new WSClient(EndpointConfiguration.MIAccessPort, Configuration["AppConfiguration:Endpoint"]);

      accessWSClient.ClientCredentials.Windows.ClientCredential =
      new NetworkCredential(Configuration["AppConfiguration:Username"], Configuration["AppConfiguration:Password"]);

      ConfigureBinding(accessWSClient);

      accessWSClient.ClientCredentials.ServiceCertificate.SslCertificateAuthentication = new X509ServiceCertificateAuthentication

      CertificateValidationMode = X509CertificateValidationMode.None,
      RevocationMode = X509RevocationMode.NoCheck,
      ;

      return accessWSClient;


      private static void ConfigureBinding(WSClient accessWSClient)

      System.ServiceModel.BasicHttpBinding binding = new System.ServiceModel.BasicHttpBinding

      MaxBufferSize = int.MaxValue,
      ReaderQuotas = System.Xml.XmlDictionaryReaderQuotas.Max,
      MaxReceivedMessageSize = int.MaxValue,
      AllowCookies = true
      ;

      binding.Security.Mode = System.ServiceModel.BasicHttpSecurityMode.Transport;
      binding.Security.Transport.ClientCredentialType = System.ServiceModel.HttpClientCredentialType.Windows;

      accessWSClient.Endpoint.Binding = binding;










      share|improve this question















      I'm trying to use a WCF api with .Net Core 2.1.2, but I'm currently facing some issues with certified validations.



      The main problem is, when I'm DEBUGGING I can make requests against the server. When I deploy a executable file of my project and run in my machine, I can make requests either. But, when I copy the same executable to the acceptance environment, the code throws an exception "could not establish trust relationship for the SSL/TLS secure channel"



      My machine is outside of the acceptance environment (I'm using a VPN). The acceptance machine is inside the environment.



      Any ideas of what is going on ?



      Thanks !



      private WSClient InstantiateProxy()

      WSClient accessWSClient = new WSClient(EndpointConfiguration.MIAccessPort, Configuration["AppConfiguration:Endpoint"]);

      accessWSClient.ClientCredentials.Windows.ClientCredential =
      new NetworkCredential(Configuration["AppConfiguration:Username"], Configuration["AppConfiguration:Password"]);

      ConfigureBinding(accessWSClient);

      accessWSClient.ClientCredentials.ServiceCertificate.SslCertificateAuthentication = new X509ServiceCertificateAuthentication

      CertificateValidationMode = X509CertificateValidationMode.None,
      RevocationMode = X509RevocationMode.NoCheck,
      ;

      return accessWSClient;


      private static void ConfigureBinding(WSClient accessWSClient)

      System.ServiceModel.BasicHttpBinding binding = new System.ServiceModel.BasicHttpBinding

      MaxBufferSize = int.MaxValue,
      ReaderQuotas = System.Xml.XmlDictionaryReaderQuotas.Max,
      MaxReceivedMessageSize = int.MaxValue,
      AllowCookies = true
      ;

      binding.Security.Mode = System.ServiceModel.BasicHttpSecurityMode.Transport;
      binding.Security.Transport.ClientCredentialType = System.ServiceModel.HttpClientCredentialType.Windows;

      accessWSClient.Endpoint.Binding = binding;







      wcf .net-core ssl-certificate x509certificate2






      share|improve this question















      share|improve this question













      share|improve this question




      share|improve this question








      edited Nov 10 at 20:17

























      asked Nov 10 at 19:46









      Lucas Freitas

      4082924




      4082924






















          1 Answer
          1






          active

          oldest

          votes

















          up vote
          1
          down vote













          Had the same issue recently, this solved for me (using dependency injection).
          Then it is just to call AddWcfClient from startup in order to inject correct httpBinding for each environment.



          My case was that I had http addresses in DEV and https addresses in PROD, so this guy should give you the correct instance of httpBinding for wcf wether is https or not.



          Gist here



          public static class HttpBindingExtensions

          public static BasicHttpBinding Https => new BasicHttpBinding

          MaxReceivedMessageSize = int.MaxValue,
          MaxBufferSize = int.MaxValue,
          Security = new BasicHttpSecurity()

          Mode = BasicHttpSecurityMode.Transport

          ;
          public static BasicHttpBinding Http => new BasicHttpBinding

          MaxReceivedMessageSize = int.MaxValue,
          MaxBufferSize = int.MaxValue
          ;

          public static IServiceCollection AddWcfClient<I, T>(this IServiceCollection services, string key)
          where I : class
          where T : class, I
          => services.AddScoped<I>(x => GetWcfInstance<I, T>(key, x));

          private static T GetWcfInstance<I, T>(string key, IServiceProvider x) where I : class where T : class, I

          var type = typeof(T);
          var ctorInfo = type.GetConstructor(new typeof(BasicHttpBinding), typeof(EndpointAddress) );

          var config = (IConfiguration)x.GetService(typeof(IConfiguration));
          var instance = (T)ctorInfo?.Invoke(new object config.GetHttpBinding(key), config.GetEndpointAddress(key) );
          return instance;


          public static EndpointAddress GetEndpointAddress(this IConfiguration config, string key)

          return new EndpointAddress(config[key]);

          public static BasicHttpBinding GetHttpBinding(this IConfiguration config, string key)

          return GetHttpBinding(config[key]);

          public static BasicHttpBinding GetHttpBinding(string uri)

          return uri.StartsWithIgnoreCase("https") ? Https : Http;







          share|improve this answer




















          • Unfortunately our problem is a bit different, the solution presented is already directly assigned in my code in the lines binding.Security.Mode = System.ServiceModel.BasicHttpSecurityMode.Transport; binding.Security.Transport.ClientCredentialType = System.ServiceModel.HttpClientCredentialType.Windows; All of my requests are HTTPS, so I always assign TransportType to binding. It may be that the real problem is something related to networking, since deploy works externally, but not internally.
            – Lucas Freitas
            Nov 11 at 3:20











          Your Answer






          StackExchange.ifUsing("editor", function ()
          StackExchange.using("externalEditor", function ()
          StackExchange.using("snippets", function ()
          StackExchange.snippets.init();
          );
          );
          , "code-snippets");

          StackExchange.ready(function()
          var channelOptions =
          tags: "".split(" "),
          id: "1"
          ;
          initTagRenderer("".split(" "), "".split(" "), channelOptions);

          StackExchange.using("externalEditor", function()
          // Have to fire editor after snippets, if snippets enabled
          if (StackExchange.settings.snippets.snippetsEnabled)
          StackExchange.using("snippets", function()
          createEditor();
          );

          else
          createEditor();

          );

          function createEditor()
          StackExchange.prepareEditor(
          heartbeatType: 'answer',
          convertImagesToLinks: true,
          noModals: true,
          showLowRepImageUploadWarning: true,
          reputationToPostImages: 10,
          bindNavPrevention: true,
          postfix: "",
          imageUploader:
          brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
          contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
          allowUrls: true
          ,
          onDemand: true,
          discardSelector: ".discard-answer"
          ,immediatelyShowMarkdownHelp:true
          );



          );













           

          draft saved


          draft discarded


















          StackExchange.ready(
          function ()
          StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53242780%2fwcf-netcore-skip-certificate-validation%23new-answer', 'question_page');

          );

          Post as a guest















          Required, but never shown

























          1 Answer
          1






          active

          oldest

          votes








          1 Answer
          1






          active

          oldest

          votes









          active

          oldest

          votes






          active

          oldest

          votes








          up vote
          1
          down vote













          Had the same issue recently, this solved for me (using dependency injection).
          Then it is just to call AddWcfClient from startup in order to inject correct httpBinding for each environment.



          My case was that I had http addresses in DEV and https addresses in PROD, so this guy should give you the correct instance of httpBinding for wcf wether is https or not.



          Gist here



          public static class HttpBindingExtensions

          public static BasicHttpBinding Https => new BasicHttpBinding

          MaxReceivedMessageSize = int.MaxValue,
          MaxBufferSize = int.MaxValue,
          Security = new BasicHttpSecurity()

          Mode = BasicHttpSecurityMode.Transport

          ;
          public static BasicHttpBinding Http => new BasicHttpBinding

          MaxReceivedMessageSize = int.MaxValue,
          MaxBufferSize = int.MaxValue
          ;

          public static IServiceCollection AddWcfClient<I, T>(this IServiceCollection services, string key)
          where I : class
          where T : class, I
          => services.AddScoped<I>(x => GetWcfInstance<I, T>(key, x));

          private static T GetWcfInstance<I, T>(string key, IServiceProvider x) where I : class where T : class, I

          var type = typeof(T);
          var ctorInfo = type.GetConstructor(new typeof(BasicHttpBinding), typeof(EndpointAddress) );

          var config = (IConfiguration)x.GetService(typeof(IConfiguration));
          var instance = (T)ctorInfo?.Invoke(new object config.GetHttpBinding(key), config.GetEndpointAddress(key) );
          return instance;


          public static EndpointAddress GetEndpointAddress(this IConfiguration config, string key)

          return new EndpointAddress(config[key]);

          public static BasicHttpBinding GetHttpBinding(this IConfiguration config, string key)

          return GetHttpBinding(config[key]);

          public static BasicHttpBinding GetHttpBinding(string uri)

          return uri.StartsWithIgnoreCase("https") ? Https : Http;







          share|improve this answer




















          • Unfortunately our problem is a bit different, the solution presented is already directly assigned in my code in the lines binding.Security.Mode = System.ServiceModel.BasicHttpSecurityMode.Transport; binding.Security.Transport.ClientCredentialType = System.ServiceModel.HttpClientCredentialType.Windows; All of my requests are HTTPS, so I always assign TransportType to binding. It may be that the real problem is something related to networking, since deploy works externally, but not internally.
            – Lucas Freitas
            Nov 11 at 3:20















          up vote
          1
          down vote













          Had the same issue recently, this solved for me (using dependency injection).
          Then it is just to call AddWcfClient from startup in order to inject correct httpBinding for each environment.



          My case was that I had http addresses in DEV and https addresses in PROD, so this guy should give you the correct instance of httpBinding for wcf wether is https or not.



          Gist here



          public static class HttpBindingExtensions

          public static BasicHttpBinding Https => new BasicHttpBinding

          MaxReceivedMessageSize = int.MaxValue,
          MaxBufferSize = int.MaxValue,
          Security = new BasicHttpSecurity()

          Mode = BasicHttpSecurityMode.Transport

          ;
          public static BasicHttpBinding Http => new BasicHttpBinding

          MaxReceivedMessageSize = int.MaxValue,
          MaxBufferSize = int.MaxValue
          ;

          public static IServiceCollection AddWcfClient<I, T>(this IServiceCollection services, string key)
          where I : class
          where T : class, I
          => services.AddScoped<I>(x => GetWcfInstance<I, T>(key, x));

          private static T GetWcfInstance<I, T>(string key, IServiceProvider x) where I : class where T : class, I

          var type = typeof(T);
          var ctorInfo = type.GetConstructor(new typeof(BasicHttpBinding), typeof(EndpointAddress) );

          var config = (IConfiguration)x.GetService(typeof(IConfiguration));
          var instance = (T)ctorInfo?.Invoke(new object config.GetHttpBinding(key), config.GetEndpointAddress(key) );
          return instance;


          public static EndpointAddress GetEndpointAddress(this IConfiguration config, string key)

          return new EndpointAddress(config[key]);

          public static BasicHttpBinding GetHttpBinding(this IConfiguration config, string key)

          return GetHttpBinding(config[key]);

          public static BasicHttpBinding GetHttpBinding(string uri)

          return uri.StartsWithIgnoreCase("https") ? Https : Http;







          share|improve this answer




















          • Unfortunately our problem is a bit different, the solution presented is already directly assigned in my code in the lines binding.Security.Mode = System.ServiceModel.BasicHttpSecurityMode.Transport; binding.Security.Transport.ClientCredentialType = System.ServiceModel.HttpClientCredentialType.Windows; All of my requests are HTTPS, so I always assign TransportType to binding. It may be that the real problem is something related to networking, since deploy works externally, but not internally.
            – Lucas Freitas
            Nov 11 at 3:20













          up vote
          1
          down vote










          up vote
          1
          down vote









          Had the same issue recently, this solved for me (using dependency injection).
          Then it is just to call AddWcfClient from startup in order to inject correct httpBinding for each environment.



          My case was that I had http addresses in DEV and https addresses in PROD, so this guy should give you the correct instance of httpBinding for wcf wether is https or not.



          Gist here



          public static class HttpBindingExtensions

          public static BasicHttpBinding Https => new BasicHttpBinding

          MaxReceivedMessageSize = int.MaxValue,
          MaxBufferSize = int.MaxValue,
          Security = new BasicHttpSecurity()

          Mode = BasicHttpSecurityMode.Transport

          ;
          public static BasicHttpBinding Http => new BasicHttpBinding

          MaxReceivedMessageSize = int.MaxValue,
          MaxBufferSize = int.MaxValue
          ;

          public static IServiceCollection AddWcfClient<I, T>(this IServiceCollection services, string key)
          where I : class
          where T : class, I
          => services.AddScoped<I>(x => GetWcfInstance<I, T>(key, x));

          private static T GetWcfInstance<I, T>(string key, IServiceProvider x) where I : class where T : class, I

          var type = typeof(T);
          var ctorInfo = type.GetConstructor(new typeof(BasicHttpBinding), typeof(EndpointAddress) );

          var config = (IConfiguration)x.GetService(typeof(IConfiguration));
          var instance = (T)ctorInfo?.Invoke(new object config.GetHttpBinding(key), config.GetEndpointAddress(key) );
          return instance;


          public static EndpointAddress GetEndpointAddress(this IConfiguration config, string key)

          return new EndpointAddress(config[key]);

          public static BasicHttpBinding GetHttpBinding(this IConfiguration config, string key)

          return GetHttpBinding(config[key]);

          public static BasicHttpBinding GetHttpBinding(string uri)

          return uri.StartsWithIgnoreCase("https") ? Https : Http;







          share|improve this answer












          Had the same issue recently, this solved for me (using dependency injection).
          Then it is just to call AddWcfClient from startup in order to inject correct httpBinding for each environment.



          My case was that I had http addresses in DEV and https addresses in PROD, so this guy should give you the correct instance of httpBinding for wcf wether is https or not.



          Gist here



          public static class HttpBindingExtensions

          public static BasicHttpBinding Https => new BasicHttpBinding

          MaxReceivedMessageSize = int.MaxValue,
          MaxBufferSize = int.MaxValue,
          Security = new BasicHttpSecurity()

          Mode = BasicHttpSecurityMode.Transport

          ;
          public static BasicHttpBinding Http => new BasicHttpBinding

          MaxReceivedMessageSize = int.MaxValue,
          MaxBufferSize = int.MaxValue
          ;

          public static IServiceCollection AddWcfClient<I, T>(this IServiceCollection services, string key)
          where I : class
          where T : class, I
          => services.AddScoped<I>(x => GetWcfInstance<I, T>(key, x));

          private static T GetWcfInstance<I, T>(string key, IServiceProvider x) where I : class where T : class, I

          var type = typeof(T);
          var ctorInfo = type.GetConstructor(new typeof(BasicHttpBinding), typeof(EndpointAddress) );

          var config = (IConfiguration)x.GetService(typeof(IConfiguration));
          var instance = (T)ctorInfo?.Invoke(new object config.GetHttpBinding(key), config.GetEndpointAddress(key) );
          return instance;


          public static EndpointAddress GetEndpointAddress(this IConfiguration config, string key)

          return new EndpointAddress(config[key]);

          public static BasicHttpBinding GetHttpBinding(this IConfiguration config, string key)

          return GetHttpBinding(config[key]);

          public static BasicHttpBinding GetHttpBinding(string uri)

          return uri.StartsWithIgnoreCase("https") ? Https : Http;








          share|improve this answer












          share|improve this answer



          share|improve this answer










          answered Nov 10 at 20:37









          tgarcia

          174211




          174211











          • Unfortunately our problem is a bit different, the solution presented is already directly assigned in my code in the lines binding.Security.Mode = System.ServiceModel.BasicHttpSecurityMode.Transport; binding.Security.Transport.ClientCredentialType = System.ServiceModel.HttpClientCredentialType.Windows; All of my requests are HTTPS, so I always assign TransportType to binding. It may be that the real problem is something related to networking, since deploy works externally, but not internally.
            – Lucas Freitas
            Nov 11 at 3:20

















          • Unfortunately our problem is a bit different, the solution presented is already directly assigned in my code in the lines binding.Security.Mode = System.ServiceModel.BasicHttpSecurityMode.Transport; binding.Security.Transport.ClientCredentialType = System.ServiceModel.HttpClientCredentialType.Windows; All of my requests are HTTPS, so I always assign TransportType to binding. It may be that the real problem is something related to networking, since deploy works externally, but not internally.
            – Lucas Freitas
            Nov 11 at 3:20
















          Unfortunately our problem is a bit different, the solution presented is already directly assigned in my code in the lines binding.Security.Mode = System.ServiceModel.BasicHttpSecurityMode.Transport; binding.Security.Transport.ClientCredentialType = System.ServiceModel.HttpClientCredentialType.Windows; All of my requests are HTTPS, so I always assign TransportType to binding. It may be that the real problem is something related to networking, since deploy works externally, but not internally.
          – Lucas Freitas
          Nov 11 at 3:20





          Unfortunately our problem is a bit different, the solution presented is already directly assigned in my code in the lines binding.Security.Mode = System.ServiceModel.BasicHttpSecurityMode.Transport; binding.Security.Transport.ClientCredentialType = System.ServiceModel.HttpClientCredentialType.Windows; All of my requests are HTTPS, so I always assign TransportType to binding. It may be that the real problem is something related to networking, since deploy works externally, but not internally.
          – Lucas Freitas
          Nov 11 at 3:20


















           

          draft saved


          draft discarded















































           


          draft saved


          draft discarded














          StackExchange.ready(
          function ()
          StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53242780%2fwcf-netcore-skip-certificate-validation%23new-answer', 'question_page');

          );

          Post as a guest















          Required, but never shown





















































          Required, but never shown














          Required, but never shown












          Required, but never shown







          Required, but never shown

































          Required, but never shown














          Required, but never shown












          Required, but never shown







          Required, but never shown







          這個網誌中的熱門文章

          How to read a connectionString WITH PROVIDER in .NET Core?

          In R, how to develop a multiplot heatmap.2 figure showing key labels successfully

          Museum of Modern and Contemporary Art of Trento and Rovereto