WCF NetCore Skip Certificate Validation












1














I'm trying to use a WCF api with .Net Core 2.1.2, but I'm currently facing some issues with certified validations.



The main problem is, when I'm DEBUGGING I can make requests against the server. When I deploy a executable file of my project and run in my machine, I can make requests either. But, when I copy the same executable to the acceptance environment, the code throws an exception "could not establish trust relationship for the SSL/TLS secure channel"



My machine is outside of the acceptance environment (I'm using a VPN). The acceptance machine is inside the environment.



Any ideas of what is going on ?



Thanks !



private WSClient InstantiateProxy()
{
WSClient accessWSClient = new WSClient(EndpointConfiguration.MIAccessPort, Configuration["AppConfiguration:Endpoint"]);

accessWSClient.ClientCredentials.Windows.ClientCredential =
new NetworkCredential(Configuration["AppConfiguration:Username"], Configuration["AppConfiguration:Password"]);

ConfigureBinding(accessWSClient);

accessWSClient.ClientCredentials.ServiceCertificate.SslCertificateAuthentication = new X509ServiceCertificateAuthentication
{
CertificateValidationMode = X509CertificateValidationMode.None,
RevocationMode = X509RevocationMode.NoCheck,
};

return accessWSClient;
}

private static void ConfigureBinding(WSClient accessWSClient)
{
System.ServiceModel.BasicHttpBinding binding = new System.ServiceModel.BasicHttpBinding
{
MaxBufferSize = int.MaxValue,
ReaderQuotas = System.Xml.XmlDictionaryReaderQuotas.Max,
MaxReceivedMessageSize = int.MaxValue,
AllowCookies = true
};

binding.Security.Mode = System.ServiceModel.BasicHttpSecurityMode.Transport;
binding.Security.Transport.ClientCredentialType = System.ServiceModel.HttpClientCredentialType.Windows;

accessWSClient.Endpoint.Binding = binding;
}









share|improve this question





























    1














    I'm trying to use a WCF api with .Net Core 2.1.2, but I'm currently facing some issues with certified validations.



    The main problem is, when I'm DEBUGGING I can make requests against the server. When I deploy a executable file of my project and run in my machine, I can make requests either. But, when I copy the same executable to the acceptance environment, the code throws an exception "could not establish trust relationship for the SSL/TLS secure channel"



    My machine is outside of the acceptance environment (I'm using a VPN). The acceptance machine is inside the environment.



    Any ideas of what is going on ?



    Thanks !



    private WSClient InstantiateProxy()
    {
    WSClient accessWSClient = new WSClient(EndpointConfiguration.MIAccessPort, Configuration["AppConfiguration:Endpoint"]);

    accessWSClient.ClientCredentials.Windows.ClientCredential =
    new NetworkCredential(Configuration["AppConfiguration:Username"], Configuration["AppConfiguration:Password"]);

    ConfigureBinding(accessWSClient);

    accessWSClient.ClientCredentials.ServiceCertificate.SslCertificateAuthentication = new X509ServiceCertificateAuthentication
    {
    CertificateValidationMode = X509CertificateValidationMode.None,
    RevocationMode = X509RevocationMode.NoCheck,
    };

    return accessWSClient;
    }

    private static void ConfigureBinding(WSClient accessWSClient)
    {
    System.ServiceModel.BasicHttpBinding binding = new System.ServiceModel.BasicHttpBinding
    {
    MaxBufferSize = int.MaxValue,
    ReaderQuotas = System.Xml.XmlDictionaryReaderQuotas.Max,
    MaxReceivedMessageSize = int.MaxValue,
    AllowCookies = true
    };

    binding.Security.Mode = System.ServiceModel.BasicHttpSecurityMode.Transport;
    binding.Security.Transport.ClientCredentialType = System.ServiceModel.HttpClientCredentialType.Windows;

    accessWSClient.Endpoint.Binding = binding;
    }









    share|improve this question



























      1












      1








      1







      I'm trying to use a WCF api with .Net Core 2.1.2, but I'm currently facing some issues with certified validations.



      The main problem is, when I'm DEBUGGING I can make requests against the server. When I deploy a executable file of my project and run in my machine, I can make requests either. But, when I copy the same executable to the acceptance environment, the code throws an exception "could not establish trust relationship for the SSL/TLS secure channel"



      My machine is outside of the acceptance environment (I'm using a VPN). The acceptance machine is inside the environment.



      Any ideas of what is going on ?



      Thanks !



      private WSClient InstantiateProxy()
      {
      WSClient accessWSClient = new WSClient(EndpointConfiguration.MIAccessPort, Configuration["AppConfiguration:Endpoint"]);

      accessWSClient.ClientCredentials.Windows.ClientCredential =
      new NetworkCredential(Configuration["AppConfiguration:Username"], Configuration["AppConfiguration:Password"]);

      ConfigureBinding(accessWSClient);

      accessWSClient.ClientCredentials.ServiceCertificate.SslCertificateAuthentication = new X509ServiceCertificateAuthentication
      {
      CertificateValidationMode = X509CertificateValidationMode.None,
      RevocationMode = X509RevocationMode.NoCheck,
      };

      return accessWSClient;
      }

      private static void ConfigureBinding(WSClient accessWSClient)
      {
      System.ServiceModel.BasicHttpBinding binding = new System.ServiceModel.BasicHttpBinding
      {
      MaxBufferSize = int.MaxValue,
      ReaderQuotas = System.Xml.XmlDictionaryReaderQuotas.Max,
      MaxReceivedMessageSize = int.MaxValue,
      AllowCookies = true
      };

      binding.Security.Mode = System.ServiceModel.BasicHttpSecurityMode.Transport;
      binding.Security.Transport.ClientCredentialType = System.ServiceModel.HttpClientCredentialType.Windows;

      accessWSClient.Endpoint.Binding = binding;
      }









      share|improve this question















      I'm trying to use a WCF api with .Net Core 2.1.2, but I'm currently facing some issues with certified validations.



      The main problem is, when I'm DEBUGGING I can make requests against the server. When I deploy a executable file of my project and run in my machine, I can make requests either. But, when I copy the same executable to the acceptance environment, the code throws an exception "could not establish trust relationship for the SSL/TLS secure channel"



      My machine is outside of the acceptance environment (I'm using a VPN). The acceptance machine is inside the environment.



      Any ideas of what is going on ?



      Thanks !



      private WSClient InstantiateProxy()
      {
      WSClient accessWSClient = new WSClient(EndpointConfiguration.MIAccessPort, Configuration["AppConfiguration:Endpoint"]);

      accessWSClient.ClientCredentials.Windows.ClientCredential =
      new NetworkCredential(Configuration["AppConfiguration:Username"], Configuration["AppConfiguration:Password"]);

      ConfigureBinding(accessWSClient);

      accessWSClient.ClientCredentials.ServiceCertificate.SslCertificateAuthentication = new X509ServiceCertificateAuthentication
      {
      CertificateValidationMode = X509CertificateValidationMode.None,
      RevocationMode = X509RevocationMode.NoCheck,
      };

      return accessWSClient;
      }

      private static void ConfigureBinding(WSClient accessWSClient)
      {
      System.ServiceModel.BasicHttpBinding binding = new System.ServiceModel.BasicHttpBinding
      {
      MaxBufferSize = int.MaxValue,
      ReaderQuotas = System.Xml.XmlDictionaryReaderQuotas.Max,
      MaxReceivedMessageSize = int.MaxValue,
      AllowCookies = true
      };

      binding.Security.Mode = System.ServiceModel.BasicHttpSecurityMode.Transport;
      binding.Security.Transport.ClientCredentialType = System.ServiceModel.HttpClientCredentialType.Windows;

      accessWSClient.Endpoint.Binding = binding;
      }






      wcf .net-core ssl-certificate x509certificate2






      share|improve this question















      share|improve this question













      share|improve this question




      share|improve this question








      edited Nov 10 at 20:17

























      asked Nov 10 at 19:46









      Lucas Freitas

      4402924




      4402924
























          1 Answer
          1






          active

          oldest

          votes


















          1














          Had the same issue recently, this solved for me (using dependency injection).
          Then it is just to call AddWcfClient from startup in order to inject correct httpBinding for each environment.



          My case was that I had http addresses in DEV and https addresses in PROD, so this guy should give you the correct instance of httpBinding for wcf wether is https or not.



          Gist here



          public static class HttpBindingExtensions
          {
          public static BasicHttpBinding Https => new BasicHttpBinding
          {
          MaxReceivedMessageSize = int.MaxValue,
          MaxBufferSize = int.MaxValue,
          Security = new BasicHttpSecurity()
          {
          Mode = BasicHttpSecurityMode.Transport
          }
          };
          public static BasicHttpBinding Http => new BasicHttpBinding
          {
          MaxReceivedMessageSize = int.MaxValue,
          MaxBufferSize = int.MaxValue
          };

          public static IServiceCollection AddWcfClient<I, T>(this IServiceCollection services, string key)
          where I : class
          where T : class, I
          => services.AddScoped<I>(x => GetWcfInstance<I, T>(key, x));

          private static T GetWcfInstance<I, T>(string key, IServiceProvider x) where I : class where T : class, I
          {
          var type = typeof(T);
          var ctorInfo = type.GetConstructor(new { typeof(BasicHttpBinding), typeof(EndpointAddress) });

          var config = (IConfiguration)x.GetService(typeof(IConfiguration));
          var instance = (T)ctorInfo?.Invoke(new object { config.GetHttpBinding(key), config.GetEndpointAddress(key) });
          return instance;
          }

          public static EndpointAddress GetEndpointAddress(this IConfiguration config, string key)
          {
          return new EndpointAddress(config[key]);
          }
          public static BasicHttpBinding GetHttpBinding(this IConfiguration config, string key)
          {
          return GetHttpBinding(config[key]);
          }
          public static BasicHttpBinding GetHttpBinding(string uri)
          {
          return uri.StartsWithIgnoreCase("https") ? Https : Http;
          }
          }





          share|improve this answer





















          • Unfortunately our problem is a bit different, the solution presented is already directly assigned in my code in the lines binding.Security.Mode = System.ServiceModel.BasicHttpSecurityMode.Transport; binding.Security.Transport.ClientCredentialType = System.ServiceModel.HttpClientCredentialType.Windows; All of my requests are HTTPS, so I always assign TransportType to binding. It may be that the real problem is something related to networking, since deploy works externally, but not internally.
            – Lucas Freitas
            Nov 11 at 3:20













          Your Answer






          StackExchange.ifUsing("editor", function () {
          StackExchange.using("externalEditor", function () {
          StackExchange.using("snippets", function () {
          StackExchange.snippets.init();
          });
          });
          }, "code-snippets");

          StackExchange.ready(function() {
          var channelOptions = {
          tags: "".split(" "),
          id: "1"
          };
          initTagRenderer("".split(" "), "".split(" "), channelOptions);

          StackExchange.using("externalEditor", function() {
          // Have to fire editor after snippets, if snippets enabled
          if (StackExchange.settings.snippets.snippetsEnabled) {
          StackExchange.using("snippets", function() {
          createEditor();
          });
          }
          else {
          createEditor();
          }
          });

          function createEditor() {
          StackExchange.prepareEditor({
          heartbeatType: 'answer',
          autoActivateHeartbeat: false,
          convertImagesToLinks: true,
          noModals: true,
          showLowRepImageUploadWarning: true,
          reputationToPostImages: 10,
          bindNavPrevention: true,
          postfix: "",
          imageUploader: {
          brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
          contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
          allowUrls: true
          },
          onDemand: true,
          discardSelector: ".discard-answer"
          ,immediatelyShowMarkdownHelp:true
          });


          }
          });














          draft saved

          draft discarded


















          StackExchange.ready(
          function () {
          StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53242780%2fwcf-netcore-skip-certificate-validation%23new-answer', 'question_page');
          }
          );

          Post as a guest















          Required, but never shown

























          1 Answer
          1






          active

          oldest

          votes








          1 Answer
          1






          active

          oldest

          votes









          active

          oldest

          votes






          active

          oldest

          votes









          1














          Had the same issue recently, this solved for me (using dependency injection).
          Then it is just to call AddWcfClient from startup in order to inject correct httpBinding for each environment.



          My case was that I had http addresses in DEV and https addresses in PROD, so this guy should give you the correct instance of httpBinding for wcf wether is https or not.



          Gist here



          public static class HttpBindingExtensions
          {
          public static BasicHttpBinding Https => new BasicHttpBinding
          {
          MaxReceivedMessageSize = int.MaxValue,
          MaxBufferSize = int.MaxValue,
          Security = new BasicHttpSecurity()
          {
          Mode = BasicHttpSecurityMode.Transport
          }
          };
          public static BasicHttpBinding Http => new BasicHttpBinding
          {
          MaxReceivedMessageSize = int.MaxValue,
          MaxBufferSize = int.MaxValue
          };

          public static IServiceCollection AddWcfClient<I, T>(this IServiceCollection services, string key)
          where I : class
          where T : class, I
          => services.AddScoped<I>(x => GetWcfInstance<I, T>(key, x));

          private static T GetWcfInstance<I, T>(string key, IServiceProvider x) where I : class where T : class, I
          {
          var type = typeof(T);
          var ctorInfo = type.GetConstructor(new { typeof(BasicHttpBinding), typeof(EndpointAddress) });

          var config = (IConfiguration)x.GetService(typeof(IConfiguration));
          var instance = (T)ctorInfo?.Invoke(new object { config.GetHttpBinding(key), config.GetEndpointAddress(key) });
          return instance;
          }

          public static EndpointAddress GetEndpointAddress(this IConfiguration config, string key)
          {
          return new EndpointAddress(config[key]);
          }
          public static BasicHttpBinding GetHttpBinding(this IConfiguration config, string key)
          {
          return GetHttpBinding(config[key]);
          }
          public static BasicHttpBinding GetHttpBinding(string uri)
          {
          return uri.StartsWithIgnoreCase("https") ? Https : Http;
          }
          }





          share|improve this answer





















          • Unfortunately our problem is a bit different, the solution presented is already directly assigned in my code in the lines binding.Security.Mode = System.ServiceModel.BasicHttpSecurityMode.Transport; binding.Security.Transport.ClientCredentialType = System.ServiceModel.HttpClientCredentialType.Windows; All of my requests are HTTPS, so I always assign TransportType to binding. It may be that the real problem is something related to networking, since deploy works externally, but not internally.
            – Lucas Freitas
            Nov 11 at 3:20


















          1














          Had the same issue recently, this solved for me (using dependency injection).
          Then it is just to call AddWcfClient from startup in order to inject correct httpBinding for each environment.



          My case was that I had http addresses in DEV and https addresses in PROD, so this guy should give you the correct instance of httpBinding for wcf wether is https or not.



          Gist here



          public static class HttpBindingExtensions
          {
          public static BasicHttpBinding Https => new BasicHttpBinding
          {
          MaxReceivedMessageSize = int.MaxValue,
          MaxBufferSize = int.MaxValue,
          Security = new BasicHttpSecurity()
          {
          Mode = BasicHttpSecurityMode.Transport
          }
          };
          public static BasicHttpBinding Http => new BasicHttpBinding
          {
          MaxReceivedMessageSize = int.MaxValue,
          MaxBufferSize = int.MaxValue
          };

          public static IServiceCollection AddWcfClient<I, T>(this IServiceCollection services, string key)
          where I : class
          where T : class, I
          => services.AddScoped<I>(x => GetWcfInstance<I, T>(key, x));

          private static T GetWcfInstance<I, T>(string key, IServiceProvider x) where I : class where T : class, I
          {
          var type = typeof(T);
          var ctorInfo = type.GetConstructor(new { typeof(BasicHttpBinding), typeof(EndpointAddress) });

          var config = (IConfiguration)x.GetService(typeof(IConfiguration));
          var instance = (T)ctorInfo?.Invoke(new object { config.GetHttpBinding(key), config.GetEndpointAddress(key) });
          return instance;
          }

          public static EndpointAddress GetEndpointAddress(this IConfiguration config, string key)
          {
          return new EndpointAddress(config[key]);
          }
          public static BasicHttpBinding GetHttpBinding(this IConfiguration config, string key)
          {
          return GetHttpBinding(config[key]);
          }
          public static BasicHttpBinding GetHttpBinding(string uri)
          {
          return uri.StartsWithIgnoreCase("https") ? Https : Http;
          }
          }





          share|improve this answer





















          • Unfortunately our problem is a bit different, the solution presented is already directly assigned in my code in the lines binding.Security.Mode = System.ServiceModel.BasicHttpSecurityMode.Transport; binding.Security.Transport.ClientCredentialType = System.ServiceModel.HttpClientCredentialType.Windows; All of my requests are HTTPS, so I always assign TransportType to binding. It may be that the real problem is something related to networking, since deploy works externally, but not internally.
            – Lucas Freitas
            Nov 11 at 3:20
















          1












          1








          1






          Had the same issue recently, this solved for me (using dependency injection).
          Then it is just to call AddWcfClient from startup in order to inject correct httpBinding for each environment.



          My case was that I had http addresses in DEV and https addresses in PROD, so this guy should give you the correct instance of httpBinding for wcf wether is https or not.



          Gist here



          public static class HttpBindingExtensions
          {
          public static BasicHttpBinding Https => new BasicHttpBinding
          {
          MaxReceivedMessageSize = int.MaxValue,
          MaxBufferSize = int.MaxValue,
          Security = new BasicHttpSecurity()
          {
          Mode = BasicHttpSecurityMode.Transport
          }
          };
          public static BasicHttpBinding Http => new BasicHttpBinding
          {
          MaxReceivedMessageSize = int.MaxValue,
          MaxBufferSize = int.MaxValue
          };

          public static IServiceCollection AddWcfClient<I, T>(this IServiceCollection services, string key)
          where I : class
          where T : class, I
          => services.AddScoped<I>(x => GetWcfInstance<I, T>(key, x));

          private static T GetWcfInstance<I, T>(string key, IServiceProvider x) where I : class where T : class, I
          {
          var type = typeof(T);
          var ctorInfo = type.GetConstructor(new { typeof(BasicHttpBinding), typeof(EndpointAddress) });

          var config = (IConfiguration)x.GetService(typeof(IConfiguration));
          var instance = (T)ctorInfo?.Invoke(new object { config.GetHttpBinding(key), config.GetEndpointAddress(key) });
          return instance;
          }

          public static EndpointAddress GetEndpointAddress(this IConfiguration config, string key)
          {
          return new EndpointAddress(config[key]);
          }
          public static BasicHttpBinding GetHttpBinding(this IConfiguration config, string key)
          {
          return GetHttpBinding(config[key]);
          }
          public static BasicHttpBinding GetHttpBinding(string uri)
          {
          return uri.StartsWithIgnoreCase("https") ? Https : Http;
          }
          }





          share|improve this answer












          Had the same issue recently, this solved for me (using dependency injection).
          Then it is just to call AddWcfClient from startup in order to inject correct httpBinding for each environment.



          My case was that I had http addresses in DEV and https addresses in PROD, so this guy should give you the correct instance of httpBinding for wcf wether is https or not.



          Gist here



          public static class HttpBindingExtensions
          {
          public static BasicHttpBinding Https => new BasicHttpBinding
          {
          MaxReceivedMessageSize = int.MaxValue,
          MaxBufferSize = int.MaxValue,
          Security = new BasicHttpSecurity()
          {
          Mode = BasicHttpSecurityMode.Transport
          }
          };
          public static BasicHttpBinding Http => new BasicHttpBinding
          {
          MaxReceivedMessageSize = int.MaxValue,
          MaxBufferSize = int.MaxValue
          };

          public static IServiceCollection AddWcfClient<I, T>(this IServiceCollection services, string key)
          where I : class
          where T : class, I
          => services.AddScoped<I>(x => GetWcfInstance<I, T>(key, x));

          private static T GetWcfInstance<I, T>(string key, IServiceProvider x) where I : class where T : class, I
          {
          var type = typeof(T);
          var ctorInfo = type.GetConstructor(new { typeof(BasicHttpBinding), typeof(EndpointAddress) });

          var config = (IConfiguration)x.GetService(typeof(IConfiguration));
          var instance = (T)ctorInfo?.Invoke(new object { config.GetHttpBinding(key), config.GetEndpointAddress(key) });
          return instance;
          }

          public static EndpointAddress GetEndpointAddress(this IConfiguration config, string key)
          {
          return new EndpointAddress(config[key]);
          }
          public static BasicHttpBinding GetHttpBinding(this IConfiguration config, string key)
          {
          return GetHttpBinding(config[key]);
          }
          public static BasicHttpBinding GetHttpBinding(string uri)
          {
          return uri.StartsWithIgnoreCase("https") ? Https : Http;
          }
          }






          share|improve this answer












          share|improve this answer



          share|improve this answer










          answered Nov 10 at 20:37









          tgarcia

          174211




          174211












          • Unfortunately our problem is a bit different, the solution presented is already directly assigned in my code in the lines binding.Security.Mode = System.ServiceModel.BasicHttpSecurityMode.Transport; binding.Security.Transport.ClientCredentialType = System.ServiceModel.HttpClientCredentialType.Windows; All of my requests are HTTPS, so I always assign TransportType to binding. It may be that the real problem is something related to networking, since deploy works externally, but not internally.
            – Lucas Freitas
            Nov 11 at 3:20




















          • Unfortunately our problem is a bit different, the solution presented is already directly assigned in my code in the lines binding.Security.Mode = System.ServiceModel.BasicHttpSecurityMode.Transport; binding.Security.Transport.ClientCredentialType = System.ServiceModel.HttpClientCredentialType.Windows; All of my requests are HTTPS, so I always assign TransportType to binding. It may be that the real problem is something related to networking, since deploy works externally, but not internally.
            – Lucas Freitas
            Nov 11 at 3:20


















          Unfortunately our problem is a bit different, the solution presented is already directly assigned in my code in the lines binding.Security.Mode = System.ServiceModel.BasicHttpSecurityMode.Transport; binding.Security.Transport.ClientCredentialType = System.ServiceModel.HttpClientCredentialType.Windows; All of my requests are HTTPS, so I always assign TransportType to binding. It may be that the real problem is something related to networking, since deploy works externally, but not internally.
          – Lucas Freitas
          Nov 11 at 3:20






          Unfortunately our problem is a bit different, the solution presented is already directly assigned in my code in the lines binding.Security.Mode = System.ServiceModel.BasicHttpSecurityMode.Transport; binding.Security.Transport.ClientCredentialType = System.ServiceModel.HttpClientCredentialType.Windows; All of my requests are HTTPS, so I always assign TransportType to binding. It may be that the real problem is something related to networking, since deploy works externally, but not internally.
          – Lucas Freitas
          Nov 11 at 3:20




















          draft saved

          draft discarded




















































          Thanks for contributing an answer to Stack Overflow!


          • Please be sure to answer the question. Provide details and share your research!

          But avoid



          • Asking for help, clarification, or responding to other answers.

          • Making statements based on opinion; back them up with references or personal experience.


          To learn more, see our tips on writing great answers.





          Some of your past answers have not been well-received, and you're in danger of being blocked from answering.


          Please pay close attention to the following guidance:


          • Please be sure to answer the question. Provide details and share your research!

          But avoid



          • Asking for help, clarification, or responding to other answers.

          • Making statements based on opinion; back them up with references or personal experience.


          To learn more, see our tips on writing great answers.




          draft saved


          draft discarded














          StackExchange.ready(
          function () {
          StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53242780%2fwcf-netcore-skip-certificate-validation%23new-answer', 'question_page');
          }
          );

          Post as a guest















          Required, but never shown





















































          Required, but never shown














          Required, but never shown












          Required, but never shown







          Required, but never shown

































          Required, but never shown














          Required, but never shown












          Required, but never shown







          Required, but never shown







          這個網誌中的熱門文章

          Xamarin.form Move up view when keyboard appear

          Post-Redirect-Get with Spring WebFlux and Thymeleaf

          Anylogic : not able to use stopDelay()