我正在尝试找到一种在请求Https资源时忽略证书检查的方法,到目前为止,我在Internet上找到了一些有用的文章。
但是我仍然有一些问题。请检查我的代码。我只是不明白代码ServicePointManager.ServerCertificateValidationCallback
是什么意思。
什么时候调用此委托(delegate)方法?还有一个问题,我应该在哪里写这段代码?在ServicePointManager.ServerCertificateValidationCallback
执行之前还是在Stream stream = request.GetRequestStream()
之前?
public HttpWebRequest GetRequest()
{
CookieContainer cookieContainer = new CookieContainer();
// Create a request to the server
HttpWebRequest request = (HttpWebRequest)WebRequest.Create(_remoteUrl);
#region Set request parameters
request.Method = _context.Request.HttpMethod;
request.UserAgent = _context.Request.UserAgent;
request.KeepAlive = true;
request.CookieContainer = cookieContainer;
request.PreAuthenticate = true;
request.AllowAutoRedirect = false;
#endregion
// For POST, write the post data extracted from the incoming request
if (request.Method == "POST")
{
Stream clientStream = _context.Request.InputStream;
request.ContentType = _context.Request.ContentType;
request.ContentLength = clientStream.Length;
ServicePointManager.ServerCertificateValidationCallback = delegate(
Object obj, X509Certificate certificate, X509Chain chain,
SslPolicyErrors errors)
{
return (true);
};
Stream stream = request.GetRequestStream();
....
}
....
return request;
}
}
最佳答案
由于只有一个全局ServicePointManager,因此设置ServicePointManager.ServerCertificateValidationCallback将产生所有后续请求都将继承此策略的结果。由于它是全局“设置”,因此最好在Application_Start的Global.asax方法中进行设置。
设置回调将覆盖默认行为,您可以自己创建自定义验证例程。