This is a mirror of official site: http://jasper-net.blogspot.com/

Making Web Client requests behave from .NET or in reality misbehave – ignoring Certificate Issues from HttpWebRequest

| Monday, September 6, 2010
Many times, especially during development, you could have certificates that are out of date, aren’t singed by any real authority (makecert, etc.), or even don’t match the host name that the request is issued against, but you want to test, etc.

One example is if you want to run Fiddler to get a good over-the-wire trace of the HTTP traffic, when the endpoint is accessed over HTTPS.  With Fiddler, you can capture HTTPS traffic, only thing is, it sticks it’s own certificate in the chain which doesn't match the DNS name of the host.  So, your HttpWebRequest call will fail regardless.

So, to have HttpWebRequest ignore all errors (this is testing only mode – don’t do this in production – or do it carefully) establish the certificate validation callback using the following – which basically, regardless of the SSL Policy error, just returns “true” – basically, nothing is ever wrong.

public class AcceptAllCertificates
{
   public AcceptAllCertificates()
   {
       System.Net.ServicePointManager.ServerCertificateValidationCallback +=
           ((sender, certificate, certicateChain, sslPolicyErrors) => true);
   }
}

The key thing is, this becomes over-arching – that means, SerivcePointManager now implements this policy across all subsequent calls.  You need to call this at application startup, or somewhere before issuing requests. You can extend this and implement your own rules, but this is something I just used to take a good Fiddler trace against an external HTTPS endpoint that I didn’t control without having exceptions tossed.

There are a whole bunch of other things that you can take advantage of in ServicePointManager – things such as the HttpConnection limit, which is based upon a W3 spec, but for internal back-end service calls over REST and the like, you may want to affect.

namespace System.Net
{
   // Summary:
   //     Manages the collection of System.Net.ServicePoint objects.
   public class ServicePointManager
   {
       // Summary:
       //     The default number of non-persistent connections (4) allowed on a System.Net.ServicePoint
       //     object connected to an HTTP/1.0 or later server. This field is constant but
       //     is no longer used in the .NET Framework 2.0.
       public const int DefaultNonPersistentConnectionLimit = 4;
       //
       // Summary:
       //     The default number of persistent connections (2) allowed on a System.Net.ServicePoint
       //     object connected to an HTTP/1.1 or later server. This field is constant and
       //     is used to initialize the System.Net.ServicePointManager.DefaultConnectionLimit
       //     property if the value of the System.Net.ServicePointManager.DefaultConnectionLimit
       //     property has not been set either directly or through configuration.
       public const int DefaultPersistentConnectionLimit = 2;

       // Summary:
       //     Gets or sets policy for server certificates.
       //
       // Returns:
       //     An object that implements the System.Net.ICertificatePolicy interface.
       [Obsolete("CertificatePolicy is obsoleted for this type, please use ServerCertificateValidationCallback instead. http://go.microsoft.com/fwlink/?linkid=14202")]
       public static ICertificatePolicy CertificatePolicy { get; set; }

Read more: Shawn Cicoria

Posted via email from .NET Info

0 comments: