locked
The remote certificate is invalid according to the validation procedure RRS feed

  • Question

  • User1497757439 posted

    I am trying to send post request to a soap web service with basic authentication, i am getting this error "The remote certificate is invalid according to the validation procedure"
    When i am testing with SOAPUI  it is working fine..


    public static void CallWebService()
    {
    var _url = "url";
    var _action = "action";

    XmlDocument soapEnvelopeXml = CreateSoapEnvelope();
    HttpWebRequest webRequest = CreateWebRequest(_url, _action);
    InsertSoapEnvelopeIntoWebRequest(soapEnvelopeXml, webRequest);

    // begin async call to web request.
    IAsyncResult asyncResult = webRequest.BeginGetResponse(null, null);

    // suspend this thread until call is complete. You might want to
    // do something usefull here like update your UI.
    asyncResult.AsyncWaitHandle.WaitOne();

    // get the response from the completed web request.
    string soapResult;
    using (WebResponse webResponse = webRequest.EndGetResponse(asyncResult))
    {
    using (StreamReader rd = new StreamReader(webResponse.GetResponseStream()))
    {
    soapResult = rd.ReadToEnd();
    }
    Console.Write(soapResult);
    }

    }


    private static HttpWebRequest CreateWebRequest(string url, string action)
    {
    HttpWebRequest webRequest = (HttpWebRequest)WebRequest.Create(url);
    webRequest.Headers.Add("SOAPAction", action);
    webRequest.ContentType = "text/xml;charset=\"utf-8\"";
    webRequest.Accept = "text/xml";
    webRequest.Method = "POST";
    return webRequest;
    }

    private static XmlDocument CreateSoapEnvelope()
    {
    XmlDocument soapEnvelop = new XmlDocument();
    soapEnvelop.LoadXml(@"<SOAP-ENV:Envelope xmlns:SOAP-ENV=""http://schemas.xmlsoap.org/soap/envelope/"" xmlns:xsi=""http://www.w3.org/1999/XMLSchema-instance"" xmlns:xsd=""http://www.w3.org/1999/XMLSchema""><SOAP-ENV:Header><AUTHHEADER xmlns=""http://tempuri.org/""><USERNAME>xxx</USERNAME><PASSWORD>xxxxx</PASSWORD></AUTHHEADER></SOAP-ENV:Header><SOAP-ENV:Body><inv:H'> <inv:h> <inv:Header> <inv:CreationDateTime>2019-06-17</inv:CreationDateTime> <inv:SONO>1</inv:SONO> <inv:POID>1</inv:POID> <inv:GrossWeight>1</inv:GrossWeight> <inv:NetWeight>1</inv:NetWeight> <inv:InvoiceNo>1</inv:InvoiceNo> </inv:Header> <!-- from 1 to unbounded --> <inv:Line> <inv:SONO>1</inv:SONO> <inv:POID>1</inv:POID> <inv:Materialnumber>1</inv:Materialnumber> <inv:QTY>1</inv:QTY> <inv:Amount>100</inv:Amount> </inv:Line> </inv:I> </inv:I></SOAP-ENV:Body></SOAP-ENV:Envelope>");
    return soapEnvelop;
    }

    private static void InsertSoapEnvelopeIntoWebRequest(XmlDocument soapEnvelopeXml, HttpWebRequest webRequest)
    {
    using (Stream stream = webRequest.GetRequestStream())
    {
    soapEnvelopeXml.Save(stream);
    }
    }

    protected void Button1_Click(object sender, EventArgs e)
    {
    CallWebService();
    }

    Monday, June 24, 2019 7:21 AM

All replies

  • User-943250815 posted

    ASP.NET validate Server Certificates as any Browser, but this Certificate should be installed on right place for the right user
    https://blogs.msdn.microsoft.com/jpsanders/2009/09/16/troubleshooting-asp-net-the-remote-certificate-is-invalid-according-to-the-validation-procedure/

    Or use ServerCertificateValidationCallback to property to a method to use for custom validation.
    https://docs.microsoft.com/en-us/dotnet/api/system.net.servicepointmanager.servercertificatevalidationcallback?view=netframework-4.8
    https://docs.microsoft.com/en-us/dotnet/api/system.net.security.remotecertificatevalidationcallback?view=netframework-4.8

    As a test and you can by-pass Certificate Validation Check setting ServicePointManager.ServerCertificateValidationCallBack before call WebService.

    System.Net.ServicePointManager.ServerCertificateValidationCallback = New System.Net.Security.RemoteCertificateValidationCallback(AddressOf MyValidateAnyCert)

    Where "MyValidateAnyCert" is a function like, here it always return TRUE:

    Public Shared Function MyValidateAnyCert(ByVal sender As Object, ByVal certificate As X509Certificate, ByVal chain As X509Chain, ByVal sslPolicyErrors As SslPolicyErrors) As Boolean
    Return True ' Just return true, do not validate cert
    End Function

    Just in case, if you get SSL/TLS exception use

    System.Net.ServicePointManager.SecurityProtocol = System.Net.ServicePointManager.SecurityProtocol Or System.Net.SecurityProtocolType.Tls11 Or System.Net.SecurityProtocolType.Tls12

    Attention changes on ServicePointManager are Global

    Tuesday, June 25, 2019 11:59 AM
  • User-330142929 posted

    Hi,

    The error typically indicates that the server might be insecure since the certificate of the server is not identified by your current host. Because the server uses the certificate to represent its identity(we need to use https to access the resource on the server), we should trust the identity of the server, or we will get this error. There are commonly two ways to solve this.
    1. Install the server certificate in our local Root CA to trust the certificate of the server.
    We could download the certificate by using the browser address bar and then install it in local Trusted Root Certification Authorities.  Please refer to the below link.
    https://www.attachmate.com/documentation/gateway-1-1/gateway-admin-guide/data/fxg_add_untrusted_cert.htm
    2. Directly return the validation result.
    Before invoking the service, we could add the below code to directly return the validation result.

    ServicePointManager.ServerCertificateValidationCallback +=delegate {
    return true;
    };

    In your practical project, we could add the code snippets to CallWebService method.
    Feel free to let me know if the problem still exists.
    Best Regards
    Abraham

    Wednesday, June 26, 2019 7:02 AM