| 发表于:2008-01-08 10:45:004楼 得分:0 |
要使用ssl证书加密,必须要根据证书创建x509certificate实例,添加到webservice实例的clientcertificates集合属性中:
string certificatefile = appdomain.currentdomain.basedirectory + @"\certificate.cer";
system.security.cryptography.x509certificates.x509certificate certificate =
system.security.cryptography.x509certificates.x509certificate.createfromcertfile(certificatefile);
creatinoservice.clientcertificates.add(certificate);
调用会提示出现:the remote certificate is invalid according to the validation procedure.异常,它的内部异常是webexception: the underlying connection was closed: could not establish trust relationship for the ssl/tls secure channel。
解决方案,声明一个类:
using system.net;
using system.security.cryptography.x509certificates;
public class mypolicy : icertificatepolicy {
public bool checkvalidationresult(
servicepoint srvpoint
, x509certificate certificate
, webrequest request
, int certificateproblem) {
//return true to force the certificate to be accepted.
return true;
} // end checkvalidationresult
} // class mypolicy
system.net.servicepointmanager.certificatepolicy = new mypolicy();
但是由于是使用.net 2.0,它会提示certificatepolicy 属性已经过期了,可以使用下面的回调方式来替代它:
system.net.servicepointmanager.servercertificatevalidationcallback =
new system.net.security.remotecertificatevalidationcallback(remotecertificatevalidationcallback);
增加一个静态回调函数 remotecertificatevalidationcallback:
public static bool remotecertificatevalidationcallback(
object sender,
x509certificate certificate,
x509chain chain,
system.net.security.sslpolicyerrors sslpolicyerrors
)
{
//return true to force the certificate to be accepted.
return true;
}
以上方法是我从国外的网络上搜集整理出来的。并不是完全是自己的原创。
| | |
|
