One problem I ran into when working with the JASIG CAS .NET client was
that my test server does not have a real certificate - it's a
self-signed thing which works in theory but will cause connection
failures in .NET unless you take measures to ignore those errors. The
problem I ended up with is the browser reported an infinite redirect
because the web app could never perform the validation callback because
the SSL CONNECT was failing due to an untrusted root error.
The System.Net.ServicePointManager.ServerCertificateValidationCallback
gives you a way to ignore errors with SSL certificates. I modified the
Global.asax of the ExampleWebSite to ignore these errors. WARNING: you
should not use this setup for a production system; the code I've given
will happily accept any SSL Cert, no matter how bogus. You can check
the docs for RemoteCertificateValidationCallback to see how you can
refine it to ignore only certain classes of problems, but I still
wouldn't recommend modifying the default behavior on any kind of
publicly accessible system - this kind of trick is strictly for
development environments.
<%@ Application Language="C#" %>
<%@ Import Namespace="System.Net.Security" %>
<%@ Import Namespace="System.Security.Cryptography.X509Certificates" %>
<script runat="server">
public bool RemoteCertificateValidationCallback(
Object sender,
X509Certificate certificate,
X509Chain chain,
SslPolicyErrors sslPolicyErrors
)
{
// DANGEROUS! completely disable SSL validation if the test
server has a bad Cert / bad Cert chain
return true;
}
void Application_Start(object sender, EventArgs e)
{
log4net.Config.XmlConfigurator.Configure();
// WARNING: Disable SSL validation for all WebRequests out of
this application. DO NOT use this on a production server!
System.Net.ServicePointManager.ServerCertificateValidationCallback +=
RemoteCertificateValidationCallback;
}
</script>
--
You are currently subscribed to [email protected] as:
[email protected]
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
