asp.net - 如果.NET中证书已过期，如何调用https asmx Web服务

Question

使用 Visual Studio 从 MVC2 Controller 生成的代码(使用下面的代码)调用 Asmx Web 服务。

由于 Web 服务证书已过期，方法调用引发异常。如何解决这个问题以便网络服务仍然可以使用？

使用 .NET 3.5 和 MVC2。

public class AsmxController : Controller 
{ 
    public ActionResult Index() 
    { 
        var cl = new store2.CommerceSoapClient(); 

        //    System.ServiceModel.Security.SecurityNegotiationException was unhandled by user code 
        //Message=Could not establish trust relationship for the SSL/TLS secure channel with authority 'asmxwebservice.com'. 
        var vl = cl.GetVendorList(  AsmxService.LicenseHeader() , 
            new AsmxService.GetVendorListRequest()); 
        return View(); 
    } 
} 

}

Answer 1

来自James blog :

So, for testing, we needed to find a way to bypass the certificate validation. It turns out that you need to provide a RemoteCertificateValidationCallback delegate and attach it to ServicePointManager.ServerCertificateValidationCallback. What’s not clear is what happens if two threads are competing to set this property to different values, since it’s a static property. Reflector suggests that the property set method doesn’t do anything fancy, so you could easily get into a race condition.

所以，他做了以下事情:

// allows for validation of SSL conversations
ServicePointManager.ServerCertificateValidationCallback += new RemoteCertificateValidationCallback(ValidateRemoteCertificate);

// callback used to validate the certificate in an SSL conversation
private static bool ValidateRemoteCertificate(
object sender,  X509Certificate certificate,    X509Chain chain,    SslPolicyErrors policyErrors)
{
    if (Convert.ToBoolean(ConfigurationManager.AppSettings["IgnoreSslErrors"]))
    {
        // allow any old dodgy certificate...
        return true;
    }
    else
    {
        return policyErrors == SslPolicyErrors.None;
    }
}