c# – 绕过DotNet核心服务堆栈上的SSL证书验证

我知道.Net Core中不再存在ServicePointManager.ServerCertificateValidationCallback,而是替换为:

using(var handler = new System.Net.Http.HttpClientHandler())
{
    using (var httpClient = new System.Net.Http.HttpClient(handler))
    {
        handler.ServerCertificateCustomValidationCallback = (request, cert, chain, errors) =>
        {
            return true;
        };

    }
}

但是,我们目前正在使用ServiceStack.Core库,据我所知,它不会暴露像这样的属性或处理程序本身.

我如何告诉ServiceStack客户端在此代码中绕过ssl验证?

using(var client = new JsonServiceClient("https://www.google.com"))
{
    var response = client.Get("/results");
}

如果有办法,Windows和Linux上的工作方式是否相同?

解决方法:

JsonServiceClient构建于.NET HttpWebRequest之上,已经在.NET Core中重写为wrapper over HttpClient,因此我们通常建议.NET Core避免这种开销(比.NET 4.5慢得多)并转而使用JsonHttpClient in ServiceStack.HttpClient代替它直接使用HttpClient,您可以在其中注入自己的HttpClientHandler:

var client = new JsonHttpClient(baseUrl)
{
    HttpMessageHandler = new HttpClientHandler
    {
        UseCookies = true,
        AutomaticDecompression = DecompressionMethods.GZip | DecompressionMethods.Deflate,
        ServerCertificateCustomValidationCallback = (req,cert,chain,errors) => true
    }
};

请注意,建议使用reuse HttpClient instances,因此您应尽可能重用HttpClient实例并避免丢弃它们.

上一篇:使用ServiceStack和C#将数据发布到SQL Server


下一篇:ServiceStack.Redis高效封装和简易破解