Saturday, December 5, 2009

ASMX services and Self-Signed Certificates

When you try to call a web service that uses a self-signed certificate from a client application you get the following error:
The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel.

This is because your system marks the certificate as invalid. There are 3 tests that must be checked before a certificate is marked as valid:

  1. The certificate must be issued by a trusted certification authority.
  2. The certificate is not outdated.
  3. The hostname must match the certificate subject.

If one of those three tests return false then the certificate is marked as invalid. When you are just testing your application, you can make your client proxy ignore these tests and just call the service.

Therefore create a class file that contains the following code:


   1:  using System.Net.Security;
   2:  using System.Security.Cryptography.X509Certificates;
   4:       class Certificates
   5:       {
   6:            public static bool ValidateRemoteCertificate(object sender, X509Certificate certificate, X509Chain chain, SslPolicyErrors policyErrors)
   7:            {
   8:                 //Return True to force the certificate to be accepted.      
   9:                 //Needed so that calling web services with self-signed certs will work.
  10:                 return true;
  11:            }
  12:        }

Afterwards add the following lines to the Application_BeginRequest event in the global.asax file or the OnInit event of any page that needs to call a web services that uses a self-signed certificate. 


   1:  using System; 
   2:  using System.Net; 
   3:  using System.Net.Security; 
   5:       protected void Application_BeginRequest(Object sender, EventArgs e) 
   6:       { 
   7:             ServicePointManager.ServerCertificateValidationCallback = new RemoteCertificateValidationCallback(Certificates.ValidateRemoteCertificate); 
   8:       } 

Of course, ignoring the certificate errors within the code could open up a security risk depending on what it is being used for.

1 comment:

Arumugam said...

thank very much for your help.i am very happy now.My project Manager siva sankar only given your url for fixing my problem.