WCF NetCore Skip Certificate Validation
up vote
1
down vote
favorite
I'm trying to use a WCF api with .Net Core 2.1.2, but I'm currently facing some issues with certified validations.
The main problem is, when I'm DEBUGGING I can make requests against the server. When I deploy a executable file of my project and run in my machine, I can make requests either. But, when I copy the same executable to the acceptance environment, the code throws an exception "could not establish trust relationship for the SSL/TLS secure channel"
My machine is outside of the acceptance environment (I'm using a VPN). The acceptance machine is inside the environment.
Any ideas of what is going on ?
Thanks !
private WSClient InstantiateProxy()
WSClient accessWSClient = new WSClient(EndpointConfiguration.MIAccessPort, Configuration["AppConfiguration:Endpoint"]);
accessWSClient.ClientCredentials.Windows.ClientCredential =
new NetworkCredential(Configuration["AppConfiguration:Username"], Configuration["AppConfiguration:Password"]);
ConfigureBinding(accessWSClient);
accessWSClient.ClientCredentials.ServiceCertificate.SslCertificateAuthentication = new X509ServiceCertificateAuthentication
CertificateValidationMode = X509CertificateValidationMode.None,
RevocationMode = X509RevocationMode.NoCheck,
;
return accessWSClient;
private static void ConfigureBinding(WSClient accessWSClient)
System.ServiceModel.BasicHttpBinding binding = new System.ServiceModel.BasicHttpBinding
MaxBufferSize = int.MaxValue,
ReaderQuotas = System.Xml.XmlDictionaryReaderQuotas.Max,
MaxReceivedMessageSize = int.MaxValue,
AllowCookies = true
;
binding.Security.Mode = System.ServiceModel.BasicHttpSecurityMode.Transport;
binding.Security.Transport.ClientCredentialType = System.ServiceModel.HttpClientCredentialType.Windows;
accessWSClient.Endpoint.Binding = binding;
wcf .net-core ssl-certificate x509certificate2
add a comment |
up vote
1
down vote
favorite
I'm trying to use a WCF api with .Net Core 2.1.2, but I'm currently facing some issues with certified validations.
The main problem is, when I'm DEBUGGING I can make requests against the server. When I deploy a executable file of my project and run in my machine, I can make requests either. But, when I copy the same executable to the acceptance environment, the code throws an exception "could not establish trust relationship for the SSL/TLS secure channel"
My machine is outside of the acceptance environment (I'm using a VPN). The acceptance machine is inside the environment.
Any ideas of what is going on ?
Thanks !
private WSClient InstantiateProxy()
WSClient accessWSClient = new WSClient(EndpointConfiguration.MIAccessPort, Configuration["AppConfiguration:Endpoint"]);
accessWSClient.ClientCredentials.Windows.ClientCredential =
new NetworkCredential(Configuration["AppConfiguration:Username"], Configuration["AppConfiguration:Password"]);
ConfigureBinding(accessWSClient);
accessWSClient.ClientCredentials.ServiceCertificate.SslCertificateAuthentication = new X509ServiceCertificateAuthentication
CertificateValidationMode = X509CertificateValidationMode.None,
RevocationMode = X509RevocationMode.NoCheck,
;
return accessWSClient;
private static void ConfigureBinding(WSClient accessWSClient)
System.ServiceModel.BasicHttpBinding binding = new System.ServiceModel.BasicHttpBinding
MaxBufferSize = int.MaxValue,
ReaderQuotas = System.Xml.XmlDictionaryReaderQuotas.Max,
MaxReceivedMessageSize = int.MaxValue,
AllowCookies = true
;
binding.Security.Mode = System.ServiceModel.BasicHttpSecurityMode.Transport;
binding.Security.Transport.ClientCredentialType = System.ServiceModel.HttpClientCredentialType.Windows;
accessWSClient.Endpoint.Binding = binding;
wcf .net-core ssl-certificate x509certificate2
add a comment |
up vote
1
down vote
favorite
up vote
1
down vote
favorite
I'm trying to use a WCF api with .Net Core 2.1.2, but I'm currently facing some issues with certified validations.
The main problem is, when I'm DEBUGGING I can make requests against the server. When I deploy a executable file of my project and run in my machine, I can make requests either. But, when I copy the same executable to the acceptance environment, the code throws an exception "could not establish trust relationship for the SSL/TLS secure channel"
My machine is outside of the acceptance environment (I'm using a VPN). The acceptance machine is inside the environment.
Any ideas of what is going on ?
Thanks !
private WSClient InstantiateProxy()
WSClient accessWSClient = new WSClient(EndpointConfiguration.MIAccessPort, Configuration["AppConfiguration:Endpoint"]);
accessWSClient.ClientCredentials.Windows.ClientCredential =
new NetworkCredential(Configuration["AppConfiguration:Username"], Configuration["AppConfiguration:Password"]);
ConfigureBinding(accessWSClient);
accessWSClient.ClientCredentials.ServiceCertificate.SslCertificateAuthentication = new X509ServiceCertificateAuthentication
CertificateValidationMode = X509CertificateValidationMode.None,
RevocationMode = X509RevocationMode.NoCheck,
;
return accessWSClient;
private static void ConfigureBinding(WSClient accessWSClient)
System.ServiceModel.BasicHttpBinding binding = new System.ServiceModel.BasicHttpBinding
MaxBufferSize = int.MaxValue,
ReaderQuotas = System.Xml.XmlDictionaryReaderQuotas.Max,
MaxReceivedMessageSize = int.MaxValue,
AllowCookies = true
;
binding.Security.Mode = System.ServiceModel.BasicHttpSecurityMode.Transport;
binding.Security.Transport.ClientCredentialType = System.ServiceModel.HttpClientCredentialType.Windows;
accessWSClient.Endpoint.Binding = binding;
wcf .net-core ssl-certificate x509certificate2
I'm trying to use a WCF api with .Net Core 2.1.2, but I'm currently facing some issues with certified validations.
The main problem is, when I'm DEBUGGING I can make requests against the server. When I deploy a executable file of my project and run in my machine, I can make requests either. But, when I copy the same executable to the acceptance environment, the code throws an exception "could not establish trust relationship for the SSL/TLS secure channel"
My machine is outside of the acceptance environment (I'm using a VPN). The acceptance machine is inside the environment.
Any ideas of what is going on ?
Thanks !
private WSClient InstantiateProxy()
WSClient accessWSClient = new WSClient(EndpointConfiguration.MIAccessPort, Configuration["AppConfiguration:Endpoint"]);
accessWSClient.ClientCredentials.Windows.ClientCredential =
new NetworkCredential(Configuration["AppConfiguration:Username"], Configuration["AppConfiguration:Password"]);
ConfigureBinding(accessWSClient);
accessWSClient.ClientCredentials.ServiceCertificate.SslCertificateAuthentication = new X509ServiceCertificateAuthentication
CertificateValidationMode = X509CertificateValidationMode.None,
RevocationMode = X509RevocationMode.NoCheck,
;
return accessWSClient;
private static void ConfigureBinding(WSClient accessWSClient)
System.ServiceModel.BasicHttpBinding binding = new System.ServiceModel.BasicHttpBinding
MaxBufferSize = int.MaxValue,
ReaderQuotas = System.Xml.XmlDictionaryReaderQuotas.Max,
MaxReceivedMessageSize = int.MaxValue,
AllowCookies = true
;
binding.Security.Mode = System.ServiceModel.BasicHttpSecurityMode.Transport;
binding.Security.Transport.ClientCredentialType = System.ServiceModel.HttpClientCredentialType.Windows;
accessWSClient.Endpoint.Binding = binding;
wcf .net-core ssl-certificate x509certificate2
wcf .net-core ssl-certificate x509certificate2
edited Nov 10 at 20:17
asked Nov 10 at 19:46
Lucas Freitas
4402924
4402924
add a comment |
add a comment |
1 Answer
1
active
oldest
votes
up vote
1
down vote
Had the same issue recently, this solved for me (using dependency injection).
Then it is just to call AddWcfClient from startup in order to inject correct httpBinding for each environment.
My case was that I had http addresses in DEV and https addresses in PROD, so this guy should give you the correct instance of httpBinding for wcf wether is https or not.
Gist here
public static class HttpBindingExtensions
public static BasicHttpBinding Https => new BasicHttpBinding
MaxReceivedMessageSize = int.MaxValue,
MaxBufferSize = int.MaxValue,
Security = new BasicHttpSecurity()
Mode = BasicHttpSecurityMode.Transport
;
public static BasicHttpBinding Http => new BasicHttpBinding
MaxReceivedMessageSize = int.MaxValue,
MaxBufferSize = int.MaxValue
;
public static IServiceCollection AddWcfClient<I, T>(this IServiceCollection services, string key)
where I : class
where T : class, I
=> services.AddScoped<I>(x => GetWcfInstance<I, T>(key, x));
private static T GetWcfInstance<I, T>(string key, IServiceProvider x) where I : class where T : class, I
var type = typeof(T);
var ctorInfo = type.GetConstructor(new typeof(BasicHttpBinding), typeof(EndpointAddress) );
var config = (IConfiguration)x.GetService(typeof(IConfiguration));
var instance = (T)ctorInfo?.Invoke(new object config.GetHttpBinding(key), config.GetEndpointAddress(key) );
return instance;
public static EndpointAddress GetEndpointAddress(this IConfiguration config, string key)
return new EndpointAddress(config[key]);
public static BasicHttpBinding GetHttpBinding(this IConfiguration config, string key)
return GetHttpBinding(config[key]);
public static BasicHttpBinding GetHttpBinding(string uri)
return uri.StartsWithIgnoreCase("https") ? Https : Http;
Unfortunately our problem is a bit different, the solution presented is already directly assigned in my code in the linesbinding.Security.Mode = System.ServiceModel.BasicHttpSecurityMode.Transport;
binding.Security.Transport.ClientCredentialType = System.ServiceModel.HttpClientCredentialType.Windows;
All of my requests are HTTPS, so I always assign TransportType to binding. It may be that the real problem is something related to networking, since deploy works externally, but not internally.
– Lucas Freitas
Nov 11 at 3:20
add a comment |
Your Answer
StackExchange.ifUsing("editor", function ()
StackExchange.using("externalEditor", function ()
StackExchange.using("snippets", function ()
StackExchange.snippets.init();
);
);
, "code-snippets");
StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "1"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);
else
createEditor();
);
function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader:
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
,
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);
);
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53242780%2fwcf-netcore-skip-certificate-validation%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
up vote
1
down vote
Had the same issue recently, this solved for me (using dependency injection).
Then it is just to call AddWcfClient from startup in order to inject correct httpBinding for each environment.
My case was that I had http addresses in DEV and https addresses in PROD, so this guy should give you the correct instance of httpBinding for wcf wether is https or not.
Gist here
public static class HttpBindingExtensions
public static BasicHttpBinding Https => new BasicHttpBinding
MaxReceivedMessageSize = int.MaxValue,
MaxBufferSize = int.MaxValue,
Security = new BasicHttpSecurity()
Mode = BasicHttpSecurityMode.Transport
;
public static BasicHttpBinding Http => new BasicHttpBinding
MaxReceivedMessageSize = int.MaxValue,
MaxBufferSize = int.MaxValue
;
public static IServiceCollection AddWcfClient<I, T>(this IServiceCollection services, string key)
where I : class
where T : class, I
=> services.AddScoped<I>(x => GetWcfInstance<I, T>(key, x));
private static T GetWcfInstance<I, T>(string key, IServiceProvider x) where I : class where T : class, I
var type = typeof(T);
var ctorInfo = type.GetConstructor(new typeof(BasicHttpBinding), typeof(EndpointAddress) );
var config = (IConfiguration)x.GetService(typeof(IConfiguration));
var instance = (T)ctorInfo?.Invoke(new object config.GetHttpBinding(key), config.GetEndpointAddress(key) );
return instance;
public static EndpointAddress GetEndpointAddress(this IConfiguration config, string key)
return new EndpointAddress(config[key]);
public static BasicHttpBinding GetHttpBinding(this IConfiguration config, string key)
return GetHttpBinding(config[key]);
public static BasicHttpBinding GetHttpBinding(string uri)
return uri.StartsWithIgnoreCase("https") ? Https : Http;
Unfortunately our problem is a bit different, the solution presented is already directly assigned in my code in the linesbinding.Security.Mode = System.ServiceModel.BasicHttpSecurityMode.Transport;
binding.Security.Transport.ClientCredentialType = System.ServiceModel.HttpClientCredentialType.Windows;
All of my requests are HTTPS, so I always assign TransportType to binding. It may be that the real problem is something related to networking, since deploy works externally, but not internally.
– Lucas Freitas
Nov 11 at 3:20
add a comment |
up vote
1
down vote
Had the same issue recently, this solved for me (using dependency injection).
Then it is just to call AddWcfClient from startup in order to inject correct httpBinding for each environment.
My case was that I had http addresses in DEV and https addresses in PROD, so this guy should give you the correct instance of httpBinding for wcf wether is https or not.
Gist here
public static class HttpBindingExtensions
public static BasicHttpBinding Https => new BasicHttpBinding
MaxReceivedMessageSize = int.MaxValue,
MaxBufferSize = int.MaxValue,
Security = new BasicHttpSecurity()
Mode = BasicHttpSecurityMode.Transport
;
public static BasicHttpBinding Http => new BasicHttpBinding
MaxReceivedMessageSize = int.MaxValue,
MaxBufferSize = int.MaxValue
;
public static IServiceCollection AddWcfClient<I, T>(this IServiceCollection services, string key)
where I : class
where T : class, I
=> services.AddScoped<I>(x => GetWcfInstance<I, T>(key, x));
private static T GetWcfInstance<I, T>(string key, IServiceProvider x) where I : class where T : class, I
var type = typeof(T);
var ctorInfo = type.GetConstructor(new typeof(BasicHttpBinding), typeof(EndpointAddress) );
var config = (IConfiguration)x.GetService(typeof(IConfiguration));
var instance = (T)ctorInfo?.Invoke(new object config.GetHttpBinding(key), config.GetEndpointAddress(key) );
return instance;
public static EndpointAddress GetEndpointAddress(this IConfiguration config, string key)
return new EndpointAddress(config[key]);
public static BasicHttpBinding GetHttpBinding(this IConfiguration config, string key)
return GetHttpBinding(config[key]);
public static BasicHttpBinding GetHttpBinding(string uri)
return uri.StartsWithIgnoreCase("https") ? Https : Http;
Unfortunately our problem is a bit different, the solution presented is already directly assigned in my code in the linesbinding.Security.Mode = System.ServiceModel.BasicHttpSecurityMode.Transport;
binding.Security.Transport.ClientCredentialType = System.ServiceModel.HttpClientCredentialType.Windows;
All of my requests are HTTPS, so I always assign TransportType to binding. It may be that the real problem is something related to networking, since deploy works externally, but not internally.
– Lucas Freitas
Nov 11 at 3:20
add a comment |
up vote
1
down vote
up vote
1
down vote
Had the same issue recently, this solved for me (using dependency injection).
Then it is just to call AddWcfClient from startup in order to inject correct httpBinding for each environment.
My case was that I had http addresses in DEV and https addresses in PROD, so this guy should give you the correct instance of httpBinding for wcf wether is https or not.
Gist here
public static class HttpBindingExtensions
public static BasicHttpBinding Https => new BasicHttpBinding
MaxReceivedMessageSize = int.MaxValue,
MaxBufferSize = int.MaxValue,
Security = new BasicHttpSecurity()
Mode = BasicHttpSecurityMode.Transport
;
public static BasicHttpBinding Http => new BasicHttpBinding
MaxReceivedMessageSize = int.MaxValue,
MaxBufferSize = int.MaxValue
;
public static IServiceCollection AddWcfClient<I, T>(this IServiceCollection services, string key)
where I : class
where T : class, I
=> services.AddScoped<I>(x => GetWcfInstance<I, T>(key, x));
private static T GetWcfInstance<I, T>(string key, IServiceProvider x) where I : class where T : class, I
var type = typeof(T);
var ctorInfo = type.GetConstructor(new typeof(BasicHttpBinding), typeof(EndpointAddress) );
var config = (IConfiguration)x.GetService(typeof(IConfiguration));
var instance = (T)ctorInfo?.Invoke(new object config.GetHttpBinding(key), config.GetEndpointAddress(key) );
return instance;
public static EndpointAddress GetEndpointAddress(this IConfiguration config, string key)
return new EndpointAddress(config[key]);
public static BasicHttpBinding GetHttpBinding(this IConfiguration config, string key)
return GetHttpBinding(config[key]);
public static BasicHttpBinding GetHttpBinding(string uri)
return uri.StartsWithIgnoreCase("https") ? Https : Http;
Had the same issue recently, this solved for me (using dependency injection).
Then it is just to call AddWcfClient from startup in order to inject correct httpBinding for each environment.
My case was that I had http addresses in DEV and https addresses in PROD, so this guy should give you the correct instance of httpBinding for wcf wether is https or not.
Gist here
public static class HttpBindingExtensions
public static BasicHttpBinding Https => new BasicHttpBinding
MaxReceivedMessageSize = int.MaxValue,
MaxBufferSize = int.MaxValue,
Security = new BasicHttpSecurity()
Mode = BasicHttpSecurityMode.Transport
;
public static BasicHttpBinding Http => new BasicHttpBinding
MaxReceivedMessageSize = int.MaxValue,
MaxBufferSize = int.MaxValue
;
public static IServiceCollection AddWcfClient<I, T>(this IServiceCollection services, string key)
where I : class
where T : class, I
=> services.AddScoped<I>(x => GetWcfInstance<I, T>(key, x));
private static T GetWcfInstance<I, T>(string key, IServiceProvider x) where I : class where T : class, I
var type = typeof(T);
var ctorInfo = type.GetConstructor(new typeof(BasicHttpBinding), typeof(EndpointAddress) );
var config = (IConfiguration)x.GetService(typeof(IConfiguration));
var instance = (T)ctorInfo?.Invoke(new object config.GetHttpBinding(key), config.GetEndpointAddress(key) );
return instance;
public static EndpointAddress GetEndpointAddress(this IConfiguration config, string key)
return new EndpointAddress(config[key]);
public static BasicHttpBinding GetHttpBinding(this IConfiguration config, string key)
return GetHttpBinding(config[key]);
public static BasicHttpBinding GetHttpBinding(string uri)
return uri.StartsWithIgnoreCase("https") ? Https : Http;
answered Nov 10 at 20:37
tgarcia
174211
174211
Unfortunately our problem is a bit different, the solution presented is already directly assigned in my code in the linesbinding.Security.Mode = System.ServiceModel.BasicHttpSecurityMode.Transport;
binding.Security.Transport.ClientCredentialType = System.ServiceModel.HttpClientCredentialType.Windows;
All of my requests are HTTPS, so I always assign TransportType to binding. It may be that the real problem is something related to networking, since deploy works externally, but not internally.
– Lucas Freitas
Nov 11 at 3:20
add a comment |
Unfortunately our problem is a bit different, the solution presented is already directly assigned in my code in the linesbinding.Security.Mode = System.ServiceModel.BasicHttpSecurityMode.Transport;
binding.Security.Transport.ClientCredentialType = System.ServiceModel.HttpClientCredentialType.Windows;
All of my requests are HTTPS, so I always assign TransportType to binding. It may be that the real problem is something related to networking, since deploy works externally, but not internally.
– Lucas Freitas
Nov 11 at 3:20
Unfortunately our problem is a bit different, the solution presented is already directly assigned in my code in the lines
binding.Security.Mode = System.ServiceModel.BasicHttpSecurityMode.Transport;
binding.Security.Transport.ClientCredentialType = System.ServiceModel.HttpClientCredentialType.Windows;
All of my requests are HTTPS, so I always assign TransportType to binding. It may be that the real problem is something related to networking, since deploy works externally, but not internally.– Lucas Freitas
Nov 11 at 3:20
Unfortunately our problem is a bit different, the solution presented is already directly assigned in my code in the lines
binding.Security.Mode = System.ServiceModel.BasicHttpSecurityMode.Transport;
binding.Security.Transport.ClientCredentialType = System.ServiceModel.HttpClientCredentialType.Windows;
All of my requests are HTTPS, so I always assign TransportType to binding. It may be that the real problem is something related to networking, since deploy works externally, but not internally.– Lucas Freitas
Nov 11 at 3:20
add a comment |
Thanks for contributing an answer to Stack Overflow!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Some of your past answers have not been well-received, and you're in danger of being blocked from answering.
Please pay close attention to the following guidance:
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53242780%2fwcf-netcore-skip-certificate-validation%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown