zt:Consuming Webservices over HTTPS (SSL)

转载 2004年07月09日 13:58:00

When Webservices are used, a common concern is security: SOAP messages are transferred in plain text over the network, so anyone with a sniffer could intercept the SOAP message and read it. In my opinion this could happen also to binary data, but probably it requires a little bit more hacker skills. So a solution is to use HTTPS (SSL) instead of HTTP, so the communication is encrypted. To accomplish this, you need to get and install a certificate (issued by a Certificate Authority) on your webserver. In a production environment you would buy a certificate from Verisign or another well known CA, or you would install your own CA, which is a component of Windows Server. If you only want to play with HTTPS, SSL and certificates or your project is in the development phase, you can also generate a test certificate using the MakeCert.exe tool (included in the .NET Framework SDK). After that you have to add this certificate to a website in IIS, and set a port which HTTPS should use.

When you browse to a HTTPS site, you probably get a dialog window asking you if you want to trust the certificate provided by the webserver. So the responsibility of accepting the certificate is handled by the user. Let's get back to the webservice scenario, if you want to invoke a webservice located on a webserver which uses SSL and HTTPS there is a problem. When you make the call from code, there is no dialog window popping up, and asking if you trust the certificate (luckily because this would be pretty ugly in server-side scenarios); probably you'll get following exception:
An unhandled exception of type 'System.Net.WebException' occurred in system.dll

Additional information: The underlying connection was closed: Could not establish trust relationship with remote server.

But there is a solution for this problem, you can solve this in your code by creating your own CertificatePolicy class (which implements the ICertificatePolicy interface). In this class you will have to write your own CheckValidationResult function that has to return true or false, like you would press yes or no in the dialog window. For development purposes I've created the following class which accepts all certificates, so you won't get the nasty WebException anymore:
public class TrustAllCertificatePolicy : System.Net.ICertificatePolicy
 public TrustAllCertificatePolicy()

 public bool CheckValidationResult(ServicePoint sp,
  X509Certificate cert,WebRequest req, int problem)
  return true;

As you can see the CheckValidationResult function always returns true, so all certificates will be trusted. If you want to make this class a little bit more secure, you can add additional checks using the X509Certificate parameter for example. To use this CertificatePolicy, you'll have to tell the ServicePointManager to use it:
System.Net.ServicePointManager.CertificatePolicy = new TrustAllCertificatePolicy();
This must be done (one time during the application life cycle) before making the call to your webservice.


参考文档: https://developer.android.com/training/articles/security-ssl.html?hl=zh-cn https://github.co...
  • lintcgirl
  • lintcgirl
  • 2016年07月29日 17:18
  • 1565


  • huwei2003
  • huwei2003
  • 2016年12月07日 15:51
  • 3050

解决android 6.0 webview加载https出现空白页问题

解决android 6.0 webview加载https出现空白页问题由于公司项目换成的https接口,其他数据都能加载正常,而webview加载https页面出现空白页,查看logcat: Thi...
  • sheilazxx
  • sheilazxx
  • 2016年11月21日 15:00
  • 5385

Running Confluence Over SSL or HTTPS

  • 2015年07月28日 13:33
  • 22KB
  • 下载

008-httpd_http over ssl(https)

008-httpd_http over ssl(https) 008-httpd_http over sslhttps https http over ssl 图解 配置httpd支持https 测...
  • u010796631
  • u010796631
  • 2016年01月16日 22:42
  • 652


  • 2010年09月29日 21:57
  • 74KB
  • 下载

利用RPC Over HTTPS发布Exchange服务器

  • 2012年01月01日 13:26
  • 611KB
  • 下载


和工商对接数据,对方提供的webservices地址 带有https:, 并提供了证书、访问的用户名和密码。 用java调用,开发工具输入https直接访问不了,网站教的办法也不行, 最后改用C#...
  • li34442779
  • li34442779
  • 2016年09月22日 14:31
  • 1860


  • 2015年04月22日 12:21
  • 154KB
  • 下载


  • 2013年11月14日 09:22
  • 1.23MB
  • 下载
您举报文章:zt:Consuming Webservices over HTTPS (SSL)