WCF connected service ServicePointManager.ServerCertificateValidationCallback not executed

Question

I added WCF connected service reference in my project and set ServicePointManager.ServerCertificateValidationCallback function. For some reason, this callback function is ignored when i am requesting server. I have to notify user about certificate problems and proceed request if user confirms.

static async Task Main(string[] args)
{
    ServicePointManager.ServerCertificateValidationCallback = MyServerCertificateValidationCallback;
    var data = new DataSoapClient(DataSoapClient.EndpointConfiguration.DataSoap);
    data.Endpoint.Address = new EndpointAddress("https://open.helios.eu/demo/Data.asmx");
    (data.Endpoint.Binding as BasicHttpBinding).Security.Mode = BasicHttpSecurityMode.Transport;
    var result = (await data.GetInfoAsync("GETREDIRECTINFO", string.Empty)).Body.GetInfoResult;
    Console.WriteLine(result);
}

private static bool MyServerCertificateValidationCallback(object sender, X509Certificate certificate, X509Chain chain, SslPolicyErrors sslPolicyErrors)
{
    // function won't execute
    return true;
}

Answer 1

Finally i found a solution for my problem. As Abraham Quian mentioned, callback is not working in .net core so I had to use different approach and use X509CertificateValidator. Here is a code snippet:

        static async Task Main(string[] args)
        {
            var data = new ServiceReference1.Service1Client(Service1Client.EndpointConfiguration.BasicHttpsBinding_IService1);
            data.Endpoint.Address = new EndpointAddress("https://localhost:5035/Service1.svc");
            (data.Endpoint.Binding as BasicHttpBinding).Security.Mode = BasicHttpSecurityMode.Transport;

            data.ClientCredentials.ServiceCertificate.SslCertificateAuthentication = new X509ServiceCertificateAuthentication();
            data.ClientCredentials.ServiceCertificate.SslCertificateAuthentication.CertificateValidationMode = X509CertificateValidationMode.Custom;
            data.ClientCredentials.ServiceCertificate.SslCertificateAuthentication.CustomCertificateValidator = new Validator();

            var result = await data.GetDataAsync(1);
            Console.WriteLine(result);
        }

And there is validator:

    internal class Validator : X509CertificateValidator
    {
        public override void Validate(X509Certificate2 certificate)
        {
            X509Chain chain = new X509Chain();
            if (!chain.Build(certificate))
            {
                Console.WriteLine($"{chain.ChainStatus.FirstOrDefault().StatusInformation}. Press y to proceed...");
                if(Console.ReadKey().KeyChar != 'y')
                    throw new SecurityTokenValidationException("Service certification is not valid.");
            }
        }
    }

Answer 2

ServicePointManager.ServerCertificateValidationCallback += delegate
            {
                return true;
            };

This code snippet is valid in the Dotnetframework project, it is invalid in the Dotnet Core project. Generally, in the case of ensuring that the certificate can be trusted, we should install the certificate provided by the server to the Root CA certificate store on the client-side.

In addition, the following code snippet applies to both the DotNet Core project and the Dotnetframework project.

ServiceReference1.TestServiceClient client = new ServiceReference1.TestServiceClient();
        client.ClientCredentials.ServiceCertificate.SslCertificateAuthentication = new System.ServiceModel.Security.X509ServiceCertificateAuthentication
        {
            CertificateValidationMode = System.ServiceModel.Security.X509CertificateValidationMode.None,
            RevocationMode = System.Security.Cryptography.X509Certificates.X509RevocationMode.NoCheck
        };

Feel free to let me know if the problem still exists.