开发者

HttpRequest with ssl: Certificate not recognized when run under IIS

开发者 https://www.devze.com 2023-02-17 19:53 出处:网络
We run a soap service app (wse 3 but also complying with WCF). Apart from being a service itself, the app also retrieves information from a third party using a HttpRequest instance with ssl.

We run a soap service app (wse 3 but also complying with WCF). Apart from being a service itself, the app also retrieves information from a third party using a HttpRequest instance with ssl. When running that HttpRequest instance with a开发者_如何学Go unit test, the third party service recognizes the given certificate and it works just fine. However, when our soap service app is running in IIS, the third party does not recognize the certificate anymore.

What is different when an HttpClient is run under IIS? Does it change the requests I send using HttpRequest? How can I set this straight (configuration?)?


This article gave me an idea how to solve the problem. Asp.net checks whether a server certificate's name "CN= ..." matches the server's domain name.

So if the external server's certificate does not comply to that rule a https request from a asp.net application will not trust the connection. So if you have no chance to change the external server's configuration (3rd party) you have to disable the check.

It can be switched off by passing a custom delegate to asp.net's (mainly) static ServicePointManager class.

I put that bit into a static constructor of my https connector-class: (however that check will be switched off for any https connection in the whole application)

public class MyExternalSslServiceConnector : IMyExternalServiceConnector
{
protected string ServiceUrl { get; set; }
public X509Certificate2 SslCertificate { get; set; }

static MyExternalSslServiceConnector()
{
    ServicePointManager.ServerCertificateValidationCallback = delegate { return true; };
}

public MyExternalSslServiceConnector(string myExternalServiceUrl, X509Certificate2 sslCertificate)
{
    this.ServiceUrl = myExternalServiceUrl;
    this.SslCertificate = sslCertificate;
}

// further implementation using HttpRequest class [...]
}

Kind regards, C.


It seems that you haven't enough rights for using your certificate within IIS, you can use the Microsoft Windows HTTP Services Certificate Configuration Tool (WinHttpCertCfg.exe) to install the client certificate and to grant access to the client certificate for additional user accounts such as the Network Service account.

To see more about this follow to this MSDN article.

0

精彩评论

暂无评论...
验证码 换一张
取 消