tags:

views:

509

answers:

3
+1  Q: 

Is it possible to force the WCF test client to accept a self-signed certificate?

I have a WCF web service running in IIS 7 using a self-signed certificate (it's a proof of concept to make sure this is the route I want to go). It's required to use SSL.

Is it possible to use the WCF Test Client to debug this service without needing a non-self-signed certificate?

When I try I get this error:

Error: Cannot obtain Metadata from https:///Service1.svc If this is a Windows (R) Communication Foundation service to which you have access, please check that you have enabled metadata publishing at the specified address. For help enabling metadata publishing, please refer to the MSDN documentation at http://go.microsoft.com/fwlink/?LinkId=65455.WS-Metadata Exchange Error URI: https:///Service1.svc Metadata contains a reference that cannot be resolved: 'https:///Service1.svc'. Could not establish trust relationship for the SSL/TLS secure channel with authority ''. The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel. The remote certificate is invalid according to the validation procedure.HTTP GET Error URI: https:///Service1.svc There was an error downloading 'https:///Service1.svc'. The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel. The remote certificate is invalid according to the validation procedure.

EDIT: This question is specifically about using the WCF Test Client to test a web service already secured via SSL using a self-signed certificate. The server is already set up to accept any certificate provided, it's the WCF Test Client I don't see a way to do this for.

A: 

You can supply your own method to validate the certificate.

Try this:

ServicePointManager.ServerCertificateValidationCallback +=
            new System.Net.Security.RemoteCertificateValidationCallback(EasyCertCheck);

The call back:

bool EasyCertCheck(object sender, X509Certificate cert,
        X509Chain chain, System.Net.Security.SslPolicyErrors error)
{
    return true;
}
rgunawan  2010-05-08 01:19:58
I do not see any way to add this code to the WCF Test Client (code which I do not control). I have already added this call to my own code (server side).
Lawrence Johnston  2010-05-10 15:06:56
A: 

Check this code sample: Securing WCF (Windows Communication Foundation) transport wit SSL

EDIT: Client Config Settings:

I have a behaviour in my client config to disable certificate validation for testing (although i'm using a service certificate with message security rather than SSL), I'm not sure if you can modify the client config file but I think the principal should be the same. You could look into those config settings.

<behaviors>
  <endpointBehaviors>
    <behavior name="DisableServiceCertificateValidation">
      <clientCredentials>
        <serviceCertificate>
          <authentication certificateValidationMode="None"
                          revocationMode="NoCheck" />
        </serviceCertificate>
      </clientCredentials>
    </behavior>
  </endpointBehaviors>
</behaviors>

Have you tried modifying the client config with something like the above? There's a section describing Editing Client Configuration on this MSDN Link.

Tanner  2010-05-10 11:03:43
I do not see any way to add this code to the WCF Test Client (code which I do not control). I have already added this call to my own code (server side).
Lawrence Johnston  2010-05-10 15:07:34
Thanks for the negative... but you didn't specify all of that info when you posted originally.
Tanner  2010-05-11 08:59:51
Yes, I did. Quote: "Is it possible to use the WCF Test Client to debug this service without needing a non-self-signed certificate?" and the title "Is it possible to force the WCF test client to accept a self-signed certificate?". These both very specifically state "The WCF Test Client".
Lawrence Johnston  2010-05-11 16:33:42
WCF test client is a pretty generic phrase, but I now know what you are referring to. You win!
Tanner  2010-05-12 14:39:29
+1  A: 

Hi Lawrence, you should be able to do this if you replace the WCF Test Client with WCFStorm Lite Edition. It's free and is quite a bit more flexible than MS's test client... for example, it'll let you specify a user name & password if you're doing username authentication.

Warren  2010-05-28 18:31:40

related questions

Why is access denied when installing SSL cert on IIS 5?
What does a PHP developer need to know about https / secure socket layer connections?
Am I turning away customers by disabling SSL 2.0 and PCT 1.0 in IIS5?
Coding Dojo with IE and SSL
Enforce SSL in code in an ashx handler
How to connect to PostgreSQL from .NET using TLS with both client and server authentication?
HELP SSL GURUs!!! ... Problems with SSL Connection
What's a clean/simple way to ensure the security of a page?
How to specify accepted certificates for Client Authentication in .NET SslStream
SharePoint stream file for preview
Problem with Oracle Application Server SSL Certificates
Is there a limit with the number of SSL connections?
Testing HTTPS files with MAMP
Cheapest SSL certificates
Limiting traffic to SSL version of page only
How do I support SSL Client Certificate authentication?
Why can't I connect to my CAS server with Perl's AuthCAS?
Is there a way to make Firefox ignore invalid ssl-certificates?
How do I create a self signed SSL certificate to use while testing a web app.
Can a proxy server cache SSL GETs? If not, would response body encryption suffice?
HTTPS in IIS 5.1
How do you redirect HTTPS to HTTP?
Debugging: IE6 + SSL + AJAX + post form = 404 error
How do I add SSL to a .net application that uses httplistener - it will *not* be running on IIS
Options for Google Maps over SSL