Login/Register
Is it possible to force the WCF test client to accept a self-signed certificate?
Asked Answered
wcfsslssl-certificateself-signedwcftestclient
W

7

29

I have a WCF web service running in IIS 7 using a self-signed certificate (it's a proof of concept to make sure this is the route I want to go). It's required to use SSL.

Is it possible to use the WCF Test Client to debug this service without needing a non-self-signed certificate?

When I try I get this error:

Error: Cannot obtain Metadata from https:///Service1.svc If this is a Windows (R) Communication Foundation service to which you have access, please check that you have enabled metadata publishing at the specified address. For help enabling metadata publishing, please refer to the MSDN documentation at http://go.microsoft.com/fwlink/?LinkId=65455.WS-Metadata Exchange Error URI: https:///Service1.svc Metadata contains a reference that cannot be resolved: 'https:///Service1.svc'. Could not establish trust relationship for the SSL/TLS secure channel with authority ''. The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel. The remote certificate is invalid according to the validation procedure.HTTP GET Error URI: https:///Service1.svc There was an error downloading 'https:///Service1.svc'. The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel. The remote certificate is invalid according to the validation procedure.

EDIT: This question is specifically about using the WCF Test Client to test a web service already secured via SSL using a self-signed certificate. The server is already set up to accept any certificate provided, it's the WCF Test Client I don't see a way to do this for.

Wobble answered 8/5, 2010 at 1:8 Comment(0)
B
12

You can create a non self-signed certificate in development area and then use this certificate in IIS for applying the SSL. The steps are:

  1. Create self-signed certificate

    makecert -r -pe -n "CN=My Root Authority" -a sha1 -sky signature 
    -ss CA -sr CurrentUser  
    -cy authority 
    -sv CA.pvk CA.cer

  2. Create a non self-signed certificate for SSL which signed by this root certificate and then create pfx-file from that

    makecert -pe -n "CN=servername" -a sha1 -sky exchange
    -eku 1.3.6.1.5.5.7.3.1 -ic CA.cer -iv CA.pvk
    -sp "Microsoft RSA SChannel Cryptographic Provider"
    -sy 12 -sv server.pvk server.cer

pvk2pfx -pvk server.pvk -spc server.cer -pfx server.pfx

now you just need to import the server.pfx into the IIS and setup the web site binding to use this certificate and also install the CA.cer in Local Computer \ Trusted Root Certification Authorities store in both server and client by doing this WCF client would work with the service through HTTPS without any problem.

Bolton answered 28/3, 2012 at 1:12 Comment(2)
You beauty! one more trick is you may get an invalid password error which you can solve by passing the password on the commandline on the last line: pvk2pfx -pvk server.pvk -pi "yourpw" -spc server.cer -pfx server.pfx -po "yourpw"Sensualist
I got an error about an incorrect password when adding the pfx on the server, but I just skipped typing in a password and all seemed to be ok.Ruelle
F
5

you should be able to do this if you replace the WCF Test Client with WCFStorm Lite Edition. It's free and is quite a bit more flexible than MS's test client... for example, it'll let you specify a user name & password if you're doing username authentication.

Facetiae answered 28/5, 2010 at 18:31 Comment(1)
If you're like me, and don't like downloading software you've never heard of, here's the Visual Studio magazine review of WFCStorm. visualstudiomagazine.com/articles/2012/10/29/…Lafayette
S
3

The answer from this question helped in my case. Be sure to use exact machine name as certificate expects. For exampe machine/service.svc may not work, while machine.domain/service.svc - works.

Stockwell answered 20/10, 2011 at 8:48 Comment(1)
Mine was the other way (as in machine.domain failed while machine just worked). Thanks!Beastings
D
2

To answer your question... here is how you force your WCF test client to accept a self-signed certificate...

        using (ServiceReference1.Service1Client proxy = new ServiceReference1.Service1Client())
        {
            System.Net.Security.RemoteCertificateValidationCallback callBack = (sender, certificate, chain, sslPolicyErrors) => true;
            ServicePointManager.ServerCertificateValidationCallback += callBack;

            Console.WriteLine(proxy.GetData(35));

            ServicePointManager.ServerCertificateValidationCallback -= callBack;
        }
Diluent answered 19/12, 2013 at 10:30 Comment(1)
I think he meant the WCFTestClient.exe. Whatever, your answer helped me with my WCF test client Project.Glossematics
S
1

Yes it is possible.

Just download the generated WSDL from the service (https://localhost/Service1.svc?singleWsdl) and supply the path to this file when adding a service in the WCF Test Client.

Simons answered 27/11, 2017 at 12:54 Comment(0)
B
0

I had the same issue after adding a https binding to my site in IIS and choosing the IIS Express Development Certificate.

It turned out that for https to work I also had to input the host name for the binding. In my case localhost.

Edit Site Binding

Burthen answered 15/9, 2023 at 13:10 Comment(0)
P
-4

You can supply your own method to validate the certificate.

Try this:

ServicePointManager.ServerCertificateValidationCallback +=
            new System.Net.Security.RemoteCertificateValidationCallback(EasyCertCheck);

The call back:

bool EasyCertCheck(object sender, X509Certificate cert,
        X509Chain chain, System.Net.Security.SslPolicyErrors error)
{
    return true;
}
Picrate answered 8/5, 2010 at 1:19 Comment(2)
I do not see any way to add this code to the WCF Test Client (code which I do not control). I have already added this call to my own code (server side).Wobble
Of course, this is exactly the right approach if you are trying to force any other C# WCF client to accept a self-signed security certificate.Capability

© 2022 - 2024 — McMap. All rights reserved.