一聚教程网:一个值得你收藏的教程网站

热门教程

zt:Consuming Webservices over HTTPS (SSL)

时间:2022-07-02 11:24:20 编辑:袖梨 来源:一聚教程网

When Webservices are used, a common concern is security: SOAP messages are transferred in plain text over the network, so anyone with a sniffer could intercept the SOAP message and read it. In my opinion this could happen also to binary data, but probably it requires a little bit more hacker skills. So a solution is to use HTTPS (SSL) instead of HTTP, so the communication is encrypted. To accomplish this, you need to get and install a certificate (issued by a Certificate Authority) on your webserver. In a production environment you would buy a certificate from Verisign or another well known CA, or you would install your own CA, which is a component of Windows Server. If you only want to play with HTTPS, SSL and certificates or your project is in the development phase, you can also generate a test certificate using the MakeCert.exe tool (included in the .NET Framework SDK). After that you have to add this certificate to a website in IIS, and set a port which HTTPS should use.
When you browse to a HTTPS site, you probably get a dialog window asking you if you want to trust the certificate provided by the webserver. So the responsibility of accepting the certificate is handled by the user. Let's get back to the webservice scenario, if you want to invoke a webservice located on a webserver which uses SSL and HTTPS there is a problem. When you make the call from code, there is no dialog window popping up, and asking if you trust the certificate (luckily because this would be pretty ugly in server-side scenarios); probably you'll get following exception:
An unhandled exception of type 'System.Net.WebException' occurred in system.dll

热门栏目