5
votes

I have 2 apps running inside IIS - Client and Service. Service running just fine, but client isn't.

They talk to each other thru WCF with message security relaying on certificates (it isn't transport security, it's just message security). Both are using self-signed certificates.

But client ends up with error:

System.IdentityModel.Tokens.SecurityTokenValidationException: The X.509 certificate ... is not in the trusted people store. The X.509 certificate ... chain building failed. The certificate that was used has a trust chain that cannot be verified. Replace the certificate or change the certificateValidationMode. A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider

I know how to disable certificate validation on service side and I did it, but how can I disable CA validation on client side?

4

4 Answers

13
votes

If you are making Request to the server from the client application, call the below lines to avoid certification check before making a service request.

Using this code will bypass SSL validation error due to a self-signed certificate.

System.Net.ServicePointManager.ServerCertificateValidationCallback =
                delegate(object sender, X509Certificate certificate, X509Chain chain, SslPolicyErrors sslPolicyErrors)
                { return true; };

Note: Use this for testing purpose only, for actual application use a valid SSL certificate.

2
votes

The solution presented by sudhAnsu63 should work for you.

Alternatively, since you are using Message security you could add this to the client configuration file:

<serviceCertificate>
   <authentication certificateValidationMode="None" />
</serviceCertificate>
0
votes

In code use this:

using System.ServiceModel; // (to ChannelFactory)
using System.IdentityModel;  

ConfigChannel = new ChannelFactory<xxxxxx>(binding, endPoint);
ConfigChannel.Credentials.UserName.UserName = _userName;
ConfigChannel.Credentials.UserName.Password = _password;

ConfigChannel.Credentials.ServiceCertificate.Authentication.CertificateValidationMode = System.ServiceModel.Security.X509CertificateValidationMode.None;
-1
votes

If you pace the self-signed certificate in "trusted root Certification Authorities", you can avoid certificate error.