The Windows Web Services API lacks the capability to ignore SSL Certificate Errors in Windows 8.1 Apps RRS feed

  • Question

  • I have a C++ Windows 8.1 App that consumes a web service using the Windows Web Services API http://msdn.microsoft.com/en-us/library/windows/desktop/dd430470(v=vs.85).aspx.

    It turns out that the following error is generated when trying to ignore SSL certificate errors.

    "The property 'WS_SECURITY_BINDING_PROPERTY_CERT_FAILURES_TO_IGNORE' is not supported in a process running in an AppContainer.s"

    The following code demonstrates how I setup a WS_SECURITY_BINDING_PROPERTY to ignore SSL certificate errors.

    securityBindingPropertiesArray[0].id = WS_SECURITY_BINDING_PROPERTY_CERT_FAILURES_TO_IGNORE;
    securityBindingPropertiesArray[0].valueSize = sizeof(dwIgnoreCnCertValue);
    securityBindingPropertiesArray[0].value = &dwIgnoreCnCertValue;

    My expectation is that I should be able to ignore SSL errors in a Windows 8.1 store app since the capability to ignore SSL errors is possible with the C# class HttpClient.  I looked at possibly using WS_CERTIFICATE_VALIDATION_CALLBACK, but unfortunately the callback function is only supported for desktop apps.  Is there some other way to ignore SSL certificate errors with the Windows Web Services API?

    Thursday, December 19, 2013 4:06 AM


All replies

  • The error you get seems pretty conclusive. Windows Store apps always run in AppContainers.

    Windows.Web.Http.HttpClient is not a C# or .Net Framework class. It is a Windows Runtime class and can be called from C++. You can use it with an HttpBaseProtocolFilter to ignore SSL errors.

    There is a sample demonstrating using HttpClient in a C++ app: HttpClient sample 


    Thursday, December 19, 2013 4:20 AM
  • Thanks Rob for the reply.  I used wsutil to generate the C proxy classes needed to communicate with a web service.  Using HttpClient would require me to construct the soap message going to the service and deconstruct the soap message on the client.  Shouldn't there be a way to ignore SSL errors for clients using the Windows Web Services API?
    Thursday, December 19, 2013 5:21 AM
  • Any hope that a feature will be added to the Windows Web Services API that will allow a user to ignore SSL certificate errors? It would be nice to ignore SSL cert errors regardless of the technology used.
    Thursday, January 16, 2014 2:04 AM
  • Hi Nick,

    We cannot comment on future functionality, but thank you for the request!


    Thursday, January 16, 2014 2:16 AM