How to ignore a certificate error with c# 2.0 WebClient - without the certificate

后端 未结 6 2089
时光说笑
时光说笑 2020-11-28 06:42

Using Visual Studio 2005 - C# 2.0, System.Net.WebClient.UploadData(Uri address, byte[] data) Windows Server 2003

So here\'s a stripped down version of

相关标签:
6条回答
  • 2020-11-28 07:02

    This is somewhat the code we're using (not polished yet - I don't think I have the error-handling setup correctly but it should be close) based on thomas's suggestion (this is .NET 4.0 code, though):

    var sslFailureCallback = new RemoteCertificateValidationCallback(delegate { return true; });
    
    try
    {
    
        if (ignoreSslErrors)
        {
            ServicePointManager.ServerCertificateValidationCallback += sslFailureCallback;
        }
    
        response = webClient.UploadData(Options.Address, "POST", Encoding.ASCII.GetBytes(Options.PostData));
    
    }
    catch (Exception err)
    {
        PageSource = "POST Failed:\r\n\r\n" + err;
        return PageSource;
    }
    finally
    {
        if (ignoreSslErrors)
        {
            ServicePointManager.ServerCertificateValidationCallback -= sslFailureCallback;
        }
    }
    
    0 讨论(0)
  • 2020-11-28 07:03

    The SSL certificate is for a machine to establish a trust relationship. If you type in one IP address, and end up talking to another, that sounds the same as a DNS hijack security fault, the kind of thing SSL is intending to help you avoid - and perhaps something you don't want to put up with from "them".

    If you may end up talking to more than machine (ideally they would make it appear as one for you), you will need a certificate for each of the possible machines to initiate trust.

    To ignore trust (I've only ever had to do this temporarily in development scenarios) the following snippet may work for you, but I strongly recommend you consider the impact of ignoring trust before using it:

    public static void InitiateSSLTrust()
    {
        try
        {
            //Change SSL checks so that all checks pass
            ServicePointManager.ServerCertificateValidationCallback =
               new RemoteCertificateValidationCallback(
                    delegate
                    { return true; }
                );
        }
        catch (Exception ex)
        {
            ActivityLog.InsertSyncActivity(ex);
        }
    }
    
    0 讨论(0)
  • 2020-11-28 07:03

    This code is much broader than you might expect. It is process-wide. The process might be the exe, IIS on this machine, or even DLLHost.exe. After calling it, have a finally block that restores things to normal by removing the delegate that always returns true.

    0 讨论(0)
  • 2020-11-28 07:08

    I wanted to disable SSL verification for a specific domain without globally deactivating it because there might be other requests running which should not be affected, so I came up with this solution (please note that uri is a variable inside a class:

            private byte[] UploadValues(string method, NameValueCollection data)
            {
                var client = new WebClient();
    
                try
                {
                    ServicePointManager.ServerCertificateValidationCallback +=
                        ServerCertificateValidation;
    
                    returnrclient.UploadValues(uri, method, parameters);
    
                }
                finally
                {
                    ServicePointManager.ServerCertificateValidationCallback -=
                        ServerCertificateValidation;
                }
            }
    
            private bool ServerCertificateValidation(object sender,
                X509Certificate certificate, X509Chain chain,
                SslPolicyErrors sslPolicyErrors)
            {
                var request = sender as HttpWebRequest;
                if (request != null && request.Address.Host.Equals(
                    this.uri.Host, StringComparison.OrdinalIgnoreCase))
                    return true;
                return false;
            }
    
    0 讨论(0)
  • 2020-11-28 07:11

    I realize this is an old post, but I just wanted to show that there is a more short-hand way of doing this (with .NET 3.5+ and later).

    Maybe it's just my OCD, but I wanted to minimize this code as much as possible. This seems to be the shortest way to do it, but I've also listed some longer equivalents below:

    // 79 Characters (72 without spaces)
    ServicePointManager.ServerCertificateValidationCallback = (a, b, c, d) => true;
    

    Shortest way in .NET 2.0 (which is what the question was specifically asking about)

    // 84 Characters
    ServicePointManager.ServerCertificateValidationCallback = delegate { return true; };
    

    It's unfortunate that the lambda way requires you to define the parameters, otherwise it could be even shorter.

    And in case you need a much longer way, here are some additional alternatives:

    ServicePointManager.ServerCertificateValidationCallback = (sender, cert, chain, errors) => true;
    
    ServicePointManager.ServerCertificateValidationCallback = delegate(object sender, X509Certificate certificate, X509Chain chain, SslPolicyErrors errors) { return true; };
    
    // 255 characters - lots of code!
    ServicePointManager.ServerCertificateValidationCallback =
        new RemoteCertificateValidationCallback(
            delegate(object sender, X509Certificate certificate, X509Chain chain, SslPolicyErrors errors)
            {
                return true;
            });
    
    0 讨论(0)
  • 2020-11-28 07:13

    Here is the VB.net code to make WebClient ignore the SSL cert.

    Net.ServicePointManager.ServerCertificateValidationCallback = New Net.Security.RemoteCertificateValidationCallback(Function() True)
    
    0 讨论(0)
提交回复
热议问题