阿不

不抛弃，不放弃

:: 管理 ::

158 随笔 :: 0 文章 :: 2073 评论 :: 66 Trackbacks

在.NET调用加了SSL验证的WebService可让我费了不少心思。要使用SSL证书加密，必须要根据证书创建X509Certificate实例，添加到WebService实例的ClientCertificates集合属性中：

string certificateFile = AppDomain.CurrentDomain.BaseDirectory + @"\certificate.cer";
System.Security.Cryptography.X509Certificates.X509Certificate certificate =
System.Security.Cryptography.X509Certificates.X509Certificate.CreateFromCertFile(certificateFile);
creatinoService.ClientCertificates.Add(certificate);

但是我这里，调用却会提示出现:The remote certificate is invalid according to the validation procedure.异常，它的内部异常是WebException: The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel。通过网络资源找到了解决方案：

using System.Net;
using System.Security.Cryptography.X509Certificates;
public class MyPolicy : ICertificatePolicy {
public bool CheckValidationResult(
ServicePoint srvPoint
, X509Certificate certificate
, WebRequest request
, int certificateProblem) {
//Return True to force the certificate to be accepted.
return true;
} // end CheckValidationResult
} // class MyPolicy
System.Net.ServicePointManager.CertificatePolicy = new MyPolicy();

通过上面的代码，马上就解决了我的问题。

但是由于是使用.NET 2.0，它会提示你CertificatePolicy 属性已经过期了，我们可以使用下面的回调方式来替代它：

System.Net.ServicePointManager.ServerCertificateValidationCallback =
new System.Net.Security.RemoteCertificateValidationCallback(RemoteCertificateValidationCallback);

增加一个静态回调函数：

 public static bool RemoteCertificateValidationCallback(
Object sender,
X509Certificate certificate,
X509Chain chain,
System.Net.Security.SslPolicyErrors sslPolicyErrors
)
{
//Return True to force the certificate to be accepted.
        return true;
}