views:

1358

answers:

2

Hi,

How can I turn off certificate revocation for a WCF service's client? The client proxy was generated by wsdl.exe and inherits SoapHttpClientProtocol.

+4  A: 

I think you're looking for ServicePointManager.ServerCertificateValidationCallback:

http://msdn.microsoft.com/en-gb/library/system.net.servicepointmanager.servercertificatevalidationcallback.aspx

Which takes a RemoteCertificateValidationCallback Delegate:

http://msdn.microsoft.com/en-gb/library/system.net.security.remotecertificatevalidationcallback.aspx

I've never dealt with a revoked certificate (other issues such as expired) before but I'm guessing you'd just do something like:

class Program
{
    static void Main(string[] args)
    {
     ServicePointManager.ServerCertificateValidationCallback +=
      new RemoteCertificateValidationCallback(ValidateCertificate);

     // Do WCF calls...
    }

    public static bool ValidateCertificate(object sender, X509Certificate cert, X509Chain chain, SslPolicyErrors sslPolicyErrors)
    {
     if(sslPolicyErrors == SslPolicyErrors.RemoteCertificateChainErrors)
     {
      foreach(X509ChainStatus chainStatus in chain.ChainStatus)
      {
       if(chainStatus.Status == X509ChainStatusFlags.Revoked)
       {
        return true;
       }
      }
     }

     return false;
    }
}
Kev
+1  A: 

You can set certificate validation and revocation options in the config file for your application:

http://www.request-response.com/blog/PermaLink,guid,e9bb929b-d0b4-4626-b302-1d2715fc344a.aspx

jezell