.net WebService, bypass ssl validation!

Question

Well im working agains a webservice that has a certificate that is not 100% correctly setup the certificate is setup for the domain *.domain1.com and the api is located at soap.shop.domain1.com/SOAP now i cant connect to this webservice as i then get a WebException "Could Not establish trush relationship for the SSL/TLS secure channel. --> The remote certificate is invalid according to the validation procedure.

Now my question is there any way to bypass this check i use a normal Web Reference (2.0) not a Service Reference..

Answer 1

For those who can't determine where to start with this answer, it may not be obvious. The posters above are getting it right, but it wasn't apparent upfront on what to do with the given code.

Let's say you have a class somewhere that needs to call a web service with a certificate.

Here's my finished solution:

public class MyClass
{

    public  bool TrustAllCertificatesCallback(object sender, X509Certificate cert,
                                                X509Chain chain, SslPolicyErrors errors)
    {
        return true;
    }

    public string CallSomeWebService(string someParam)
    {
        try
        { 
            ServicePointManager.ServerCertificateValidationCallback = TrustAllCertificatesCallback;


            RemoteWebService ws = new RemoteWebService();

            //add the client cert to the web service call.
            ws.ClientCertificates.Add(GetMyCert());

            //call the web service
            string response = ws.SomeMethod(someParam);

            return response.ToString();
        }
        catch (Exception ex)
        {throw;}
    }

    public X509Certificate GetMyCert()
    {
        try
        {
            string certPath = @"C:\MyCerts\MyCert.cer";
            var cert = X509Certificate.CreateFromCertFile(certPath);
            return cert;
        }
        catch (Exception ex)
        {throw;}
    }
}

Answer 2

Yes, you can use the following to have ASP.NET ignore the certificate warnings:

using System;
using System.Net;
using System.Security.Cryptography.X509Certificates;

namespace YourNamespace
    public class TrustAllCertificatePolicy : System.Net.ICertificatePolicy
    {
        public TrustAllCertificatePolicy() {}

        public bool CheckValidationResult(ServicePoint sp, X509Certificate cert,WebRequest req, int problem)
        {
            return true;
        }
    }
}

Answer 3

pick you flavor..

lambda expresions

            //Trust all certificates
            System.Net.ServicePointManager.ServerCertificateValidationCallback =
                ((sender, certificate, chain, sslPolicyErrors) => true);

            // trust sender (more secure)
            System.Net.ServicePointManager.ServerCertificateValidationCallback
                = ((sender, cert, chain, errors) => cert.Subject.Contains("YourServerName"));

or plain clode (better for testing)

            // validate cert
            // allows for validation of SSL conversations
            ServicePointManager.ServerCertificateValidationCallback += new RemoteCertificateValidationCallback(ValidateRemoteCertificate);

    // callback used to validate the certificate in an SSL conversation
    private static bool ValidateRemoteCertificate(object sender, X509Certificate cert, X509Chain chain, SslPolicyErrors policyErrors)
    {
        bool result = false;
        if (cert.Subject.ToUpper().Contains("YourServerName"))
        {
            result = true;
        }

        return result;
    }

Answer 4

System.Net.ServicePointManager.ServerCertificateValidationCallback = _
   Function(a, b, c, d) True

Answer 5

You need to handle the event that validates the certificate and just set it to always return true. See the following post for details:

http://8r13n.wordpress.com/2007/07/24/bypassing-certificate-validation-in-net/