tag:blogger.com,1999:blog-1482776199578137808.post8484460082702926861..comments2024-03-12T11:12:59.606+02:00Comments on Yaron Naveh's Web Services 2.0 Blog: WCF Gotcha: Disabling SSL ValidationYaron Naveh (MVP)http://www.blogger.com/profile/11793800386245798442noreply@blogger.comBlogger17125tag:blogger.com,1999:blog-1482776199578137808.post-14543268248325851332015-09-28T13:55:58.982+03:002015-09-28T13:55:58.982+03:00I tried to put breakpoint on ServerCertificateVali...I tried to put breakpoint on ServerCertificateValidationCallback, it's calling but still having this exception.erdinchttps://www.blogger.com/profile/06747048405041134453noreply@blogger.comtag:blogger.com,1999:blog-1482776199578137808.post-46232885982969023802015-09-18T17:59:35.494+03:002015-09-18T17:59:35.494+03:00seems like it's not related to WCF - try to re...seems like it's not related to WCF - try to repro it by sending GET or POST to the server using Webclient or HttpWebRequest. Also verify if the ServerCertificateValidationCallback is called at all by putting a breakpoint on it.Yaron Naveh (MVP)https://www.blogger.com/profile/11793800386245798442noreply@blogger.comtag:blogger.com,1999:blog-1482776199578137808.post-27703048095268903962015-09-18T13:40:00.852+03:002015-09-18T13:40:00.852+03:00Hi Yaron,
Thanks for reply.
Here is my inner exc...Hi Yaron,<br /><br />Thanks for reply.<br /><br />Here is my inner exception;<br /><br />Message: <i>The request was aborted: Could not create SSL/TLS secure channel.</i><br /><br />StackTrace: <br /><i> at System.Net.HttpWebRequest.GetResponse()<br /> at System.ServiceModel.Channels.HttpChannelFactory`1.HttpRequestChannel.HttpChannelRequest.WaitForReply(TimeSpan timeout)</i><br /><br />When i try to get data from my WCF service I got this exception.erdinchttps://www.blogger.com/profile/06747048405041134453noreply@blogger.comtag:blogger.com,1999:blog-1482776199578137808.post-51941424262514250742015-09-17T00:08:10.767+03:002015-09-17T00:08:10.767+03:00is there an inner exception?
when you put a breakp...is there an inner exception?<br />when you put a breakpoint on y oru latest code chunk does it get called?Yaron Naveh (MVP)https://www.blogger.com/profile/11793800386245798442noreply@blogger.comtag:blogger.com,1999:blog-1482776199578137808.post-59707926744613250322015-09-16T14:39:37.811+03:002015-09-16T14:39:37.811+03:00Hello Yaron,
I got same error. I have a WCF appli...Hello Yaron,<br /><br />I got same error. I have a WCF application and a Windows Service created developed with c#. When I run the windows service with account logon I certificate authentication works well. But I need to run the windows service with "Local System account". When I change to "Local System account" I got <b>SecurityNegotiationException - Could not establish secure channel for SSL/TLS with authority 'xxx.xxx.xxx.xxx'</b>.<br /><br />I added all certificates to Computer account stores(Personal & Trusted Root Certification Authorities) with mmc window. But I cannot handle and solve this.<br /><br />Also I tried this code to bypass certificate validation but it didn't work.<br /><br /><i><br />System.Net.ServicePointManager.ServerCertificateValidationCallback +=<br /> delegate(object sender, System.Security.Cryptography.X509Certificates.X509Certificate certificate,<br /> System.Security.Cryptography.X509Certificates.X509Chain chain,<br /> System.Net.Security.SslPolicyErrors sslPolicyErrors)<br /> {<br /> return true;<br /> };<br /></i><br /><br />Do you have any ideas about this?<br /><br />Thankserdinchttps://www.blogger.com/profile/06747048405041134453noreply@blogger.comtag:blogger.com,1999:blog-1482776199578137808.post-22107779566763887382014-05-29T01:08:28.627+03:002014-05-29T01:08:28.627+03:00Hi Kedar
You should ask the service author for a ...Hi Kedar<br /><br />You should ask the service author for a sample working soap message. this can help deciding which binding to use.Yaron Naveh (MVP)https://www.blogger.com/profile/11793800386245798442noreply@blogger.comtag:blogger.com,1999:blog-1482776199578137808.post-40515709485474974902014-05-27T16:23:52.092+03:002014-05-27T16:23:52.092+03:00Hi Yaron,
I am facing problem when adding service...Hi Yaron,<br /><br />I am facing problem when adding service reference in my VS2010. When I hit the service address with <b> ?wsdl </b> in browser, it asks me for a certificate and I see the wsdl on IE.But when I do the same in VS2010 it finds the service though but doesnt ask me for certificate and doesnt add code in my app.config for the endpoint. So when I did some research, suggestions were to copy the wsdl into a file and then use svcutil.exe . Tried that as well but gor the port type error when creating proxy. Could you please let me know where the problem could be?<br /><br />Thanks a TonAnonymoushttps://www.blogger.com/profile/08622974737794828125noreply@blogger.comtag:blogger.com,1999:blog-1482776199578137808.post-64534475946859469732009-07-04T13:10:24.735+03:002009-07-04T13:10:24.735+03:00Jon
Client authentication is optional. If you cho...Jon<br /><br />Client authentication is optional. If you choose to use it then you either need a client certificate (as you mentioned) or a client user/pass or something else. It depends if you need it.<br /><br />As for extracting the "public certificate", one way is this:<br /><br />1. Start-->run-->mmc<br />2. File-->add remove snap-in<br />3. Add...<br />4. Choose certificates<br />5. Choose My User Account or Computer Account<br />6. Approve all<br /><br />Now you can see your certificates and right-click-->export... the one you wish.Yaron Naveh (MVP)https://www.blogger.com/profile/11793800386245798442noreply@blogger.comtag:blogger.com,1999:blog-1482776199578137808.post-28977578391869170372009-07-04T04:27:55.035+03:002009-07-04T04:27:55.035+03:00Hi Yaron,
I'm really new to WCF (like 4 days ...Hi Yaron,<br /><br />I'm really new to WCF (like 4 days new LOL). So I'm using WSHttp with message level security and the built in UserNamePassword. Now I created a self-signed pfx and put it in LocalMachine\Root (trusted CAs).<br /><br />I never liked any code generated tool so I won't use the proxy that gets created by svcutil. So the client communication layer code is entirely mine but I do use svcutil for getting the base64 public key and hardcoding it into the client code since I'm not able to understand how can I extract that myself.<br /><br />So my question is more like PKI X509 certs related than WCF. Can you please explain the process of extracting that from a pfx? Also how would this enable sideways authentication for both parties using just the server cert? Isn't a cert needed on the client side in order for the server to authenticate to the client?<br /><br />I really enjoy reading your blog. Thanks alot.<br /><br />JonAnonymousnoreply@blogger.comtag:blogger.com,1999:blog-1482776199578137808.post-85766584152529926662009-03-19T00:06:00.000+02:002009-03-19T00:06:00.000+02:00Vinoth - I answered to your mail privatelyVinoth - I answered to your mail privatelyYaron Naveh (MVP)https://www.blogger.com/profile/11793800386245798442noreply@blogger.comtag:blogger.com,1999:blog-1482776199578137808.post-19751040541310153862009-03-18T22:03:00.000+02:002009-03-18T22:03:00.000+02:00This comment has been removed by the author.Vinoth K Ghttps://www.blogger.com/profile/04072376860582763322noreply@blogger.comtag:blogger.com,1999:blog-1482776199578137808.post-31453683609611089592009-03-18T20:12:00.000+02:002009-03-18T20:12:00.000+02:00VinothYou have published the java side stack trace...Vinoth<BR/><BR/>You have published the java side stack trace, but it does not contain all the information. See here how to configure tracing & logging on the WCF side:<BR/><BR/><A HREF="http://blogs.msdn.com/madhuponduru/archive/2006/05/18/601458.aspx" REL="nofollow">http://blogs.msdn.com/madhuponduru/archive/2006/05/18/601458.aspx</A><BR/><BR/>The WCF trace can give us a more detailed exception. Also we would need to look in the actual request that is sent.<BR/><BR/>Not all WCF settings are interoperable (for example the default ones aren't) so depending on your needs you should configure the WCF side correctly.Yaron Naveh (MVP)https://www.blogger.com/profile/11793800386245798442noreply@blogger.comtag:blogger.com,1999:blog-1482776199578137808.post-30847005640010736722009-03-18T20:06:00.000+02:002009-03-18T20:06:00.000+02:00This comment has been removed by the author.Vinoth K Ghttps://www.blogger.com/profile/04072376860582763322noreply@blogger.comtag:blogger.com,1999:blog-1482776199578137808.post-66115724307855498282009-03-18T19:31:00.000+02:002009-03-18T19:31:00.000+02:00Hello Yaron,Thank you for your reply.We are going ...Hello Yaron,<BR/><BR/>Thank you for your reply.<BR/><BR/>We are going to enableECF tracing and send across the trace.<BR/><BR/>Thanks<BR/>- JagdishJagdishhttps://www.blogger.com/profile/11169600033729580535noreply@blogger.comtag:blogger.com,1999:blog-1482776199578137808.post-14068637892676069492009-03-18T02:02:00.000+02:002009-03-18T02:02:00.000+02:00Hi JagdishIt seems like there is a mismatch betwee...Hi Jagdish<BR/><BR/>It seems like there is a mismatch between client and server settings.<BR/><BR/>First I would try to add WCF tracing to the server to see what exactly it complains upon.<BR/><BR/>Then I would build a WCF client that works with this WCF server and compare the outgoing SOAP of the WCF and Java clients.<BR/><BR/>Note that not every WCF setting is interoperable so you need to carefully configure the WCF side.<BR/><BR/>YaronYaron Naveh (MVP)https://www.blogger.com/profile/11793800386245798442noreply@blogger.comtag:blogger.com,1999:blog-1482776199578137808.post-71705457037839699132009-03-18T01:44:00.000+02:002009-03-18T01:44:00.000+02:00Hello Yaron,Your blog is pretty neat and very much...Hello Yaron,<BR/><BR/>Your blog is pretty neat and very much needed for all the folks who are tyring to adventure into WCF especially from Java based client invoked Microsoft implementations.<BR/><BR/>We have disabled as you mentioned <BR/>authentication certificateValidationMode="None"<BR/><BR/>However we get the exception below:<BR/>javax.xml.ws.soap.SOAPFaultException: The security context token is expired or is not valid. The message was not processed.<BR/><BR/>However, we have not added the code that you mentioned along with that config change? Do you think adding the code would solve this issue?<BR/><BR/>Thanks much<BR/>- JagdishJagdishhttps://www.blogger.com/profile/11169600033729580535noreply@blogger.comtag:blogger.com,1999:blog-1482776199578137808.post-67956117563764409142008-12-23T08:27:00.000+02:002008-12-23T08:27:00.000+02:00חבר, אני לא מבין פה כלוםאבל הבלוג שלך נראה מצויין ...חבר, אני לא מבין פה כלום<BR/>אבל הבלוג שלך נראה מצויין ובתמורה קיבלת כמה הקלקות<BR/>:)<BR/><BR/>www.eazybay.blogspot.comOokamihttps://www.blogger.com/profile/10076461234002331682noreply@blogger.com