none
ServerCertificateValidationCallback not called every time. RRS feed

  • Question

  • I'm using the ServerCertificateValidationCallback to help with invalid SSL certificates and it works fine for the first web service.  Then it seems like it just randomly uses the callback.  For most subsequent web service calls, it won't even hit my break point.  Then on occasion (and seemingly random) it might hit it with a different call.

    Should it be called every time?  Is there a way to make sure it's called?  Even though I've accepted an "invalid" certificate once, there are times where I may change my mind and want to return a different result.

    Thanks!

     

    Thursday, September 30, 2010 4:07 PM

Answers

  • I thought I would post them even through this is an old question. 

     After researching I did not find any answers on solving this simple solution. The issue is that once the web service is called the default servicepoint idle time is set to 15 minutes so the CertificateCallback is only called after the servicepoint connection is closed.  To resolve this you need to set the  ServicePointManager.MaxServicePointIdleTime = 0  which essentially  will force the connection to drop and then will fire the ServerCertificateValidationCallback on your next web service  request.  Simple solution -

    Hope this helps saves developed time for anyone that reads this.

    • Marked as answer by Dan Slacker Thursday, March 24, 2011 7:47 PM
    Thursday, March 24, 2011 6:59 PM
  • Do you use the same proxy instance or a new one?

    Possibly .Net caches the underlying connection, see some details here:

    http://www.west-wind.com/weblog/posts/51891.aspx

    Try to set keepAlive to false on the httpTransport binding element.


    http://webservices20.blogspot.com/
    WCF Security, Interoperability And Performance Blog
    • Marked as answer by Bin-ze Zhao Wednesday, October 6, 2010 9:12 AM
    Thursday, September 30, 2010 10:34 PM

All replies

  • I believe once a session is established there are no more callback until it is renewed.

    Maybe someone else can verify.

    Note that this does not seem to be a Wcf specific question so you might get good feedback in the general BCL and asp.net forums as well.


    http://webservices20.blogspot.com/
    WCF Security, Interoperability And Performance Blog
    Thursday, September 30, 2010 5:12 PM
  • What do you mean, until it is renewed?

    What is happening is I make a web service call that I have my callback just returning true.  That service is done and over with and later in my processing, I make a completely different call (to the same server) and that one doesn't check the callback (it just assumes it's ok.)

    So, is there any way to flush that cached information, so that it doesn't assume the previous result still stands?

    Thanks... Dan

    Thursday, September 30, 2010 7:11 PM
  • Do you use the same proxy instance or a new one?

    Possibly .Net caches the underlying connection, see some details here:

    http://www.west-wind.com/weblog/posts/51891.aspx

    Try to set keepAlive to false on the httpTransport binding element.


    http://webservices20.blogspot.com/
    WCF Security, Interoperability And Performance Blog
    • Marked as answer by Bin-ze Zhao Wednesday, October 6, 2010 9:12 AM
    Thursday, September 30, 2010 10:34 PM
  • I thought I would post them even through this is an old question. 

     After researching I did not find any answers on solving this simple solution. The issue is that once the web service is called the default servicepoint idle time is set to 15 minutes so the CertificateCallback is only called after the servicepoint connection is closed.  To resolve this you need to set the  ServicePointManager.MaxServicePointIdleTime = 0  which essentially  will force the connection to drop and then will fire the ServerCertificateValidationCallback on your next web service  request.  Simple solution -

    Hope this helps saves developed time for anyone that reads this.

    • Marked as answer by Dan Slacker Thursday, March 24, 2011 7:47 PM
    Thursday, March 24, 2011 6:59 PM
  • Thanks for the information.  I did eventually find a workaround, but this may be helpful in the future.
    Thursday, March 24, 2011 7:47 PM
  • Thanks, that saved me a headache.

    dm

    Thursday, January 8, 2015 11:21 PM
  • God bless you. It worked!
    Tuesday, July 31, 2018 3:40 PM
  • Really Thanks for your solution. It saved my day :)
    Tuesday, August 13, 2019 6:42 PM