Suppress SSL Certificate through .Net Framework - ssl-certificate

if https shows any warning related to SSL certificate how to suppress this kind of warnings through .Net API call or any other ways to restrict through coding in .Net framework.
Referred these documents
ignore Certificate error
Bypass SSL certificate validation

Related

How to require a client certificate to a web application in IIS?

I have created an asp.net web application and deployed it in IIS10. The design of the application is to require a client certificate for each user which will be provided by us. For testing purposes I created a self-signed certificate using the makecert.exe and followed the instructions at https://blog.jayway.com/2014/10/27/configure-iis-to-use-your-self-signed-certificates-with-your-application/. I added the certificate in the MMC Personal Certificates.
I also configured the iisClientCertificateMappingAuthentication in the IIS Configuration Editor using the one-to-one mapping approach. When I tested it on the browser, at first it asked for a digital certificate (which is correct), but when I clicked the certificate I added on the bindings it returns an error "Your client certificate is either not trusted or is invalid."
What should be the problem here since the installed client certificate is already added in the IIS one to one mapping configuration? Do I need additional configuration in the IIS?

Ignoring SSL Errors with Flurl in Xamarin

I would like to have Flurl and the underlying HttpClient library ignore SSL errors so I can dev locally.
Specifically, I have a web api that requires a SSL certificate. I create a temporary one so I can dev locally, however Flurl and HttpClient return an error on the SSL check.
How can I disable the SSL error check?

IIS Express "localhost" Certificate

I need to test SSL on a (owin) self-hosted application. I have been successful when I generate my own certificate(s), and install with netsh.
However, I thought it would be useful to simply leverage the already existing Visual Studio "localhost" certificate; it is the one with the friendly name "IIS Express Developer Certificate". Accordingly, I register it with netsh.
However, now my HttpClient invocation always fails with this exception:
[System.Net.WebException] "The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel."
inner exception:
[AuthenticationException] "The remote certificate is invalid according to the validation procedure."
Is there a fundamental reason why this won't work, or did I just miss something?
To be clear, I am not using IIS Express at all. I am simply using the certificate that is normally used by IIS Express.
By design. Neither IIS Express's certificate or the one you created are self-signed and not trusted by any party by default. Thus, HttpClient or any other built-in classes will refuse to connect.
If you install the certificate to Trusted Roots, then it should work fine. Or in code, you force .NET to trust the certificate via
https://msdn.microsoft.com/en-us/library/system.net.security.remotecertificatevalidationcallback%28v=vs.110%29.aspx?f=255&MSPPError=-2147217396

wcf client certificate validation

We have a wcf service hosted in IIS. We like to restrict the client callers to known clients so we implemented a custom X509CertificateValidator. The service is configured with WSHttpBinding binding and IIS set to SSL and require client certificate. Everything is working as expected.
However, we found that we have other aspx pages hosted within the same site that should not require client certificate. It breaks our usage pattern.
I read that turning the IIS setting from Required Client Certificate to Accept Client certificate does not work. I tried this out, while still passing in the client cert from client and it seems to invoke my custom validator. However, using wcf proxy library, I'm unable to call it without a client cert to verify not passing one in.
If "accept client certificate" is not an option, what is the best alternative? Adding some type of message inspector?
Thanks very much in advance.

Consume Webservice in VS2010 using x.509 authentication

Google and stackoverflow seem to be silent on how to do this. I must be missing something but how do you get VS2010 to allow you to add a x.509 certificate and password to authenticate an SSL service reference so that you can add it to your project?
I am trying to connect to a webservice with an address similar to:
https://services.acme.com/abc/service.wsdl
It requires the x.509 cert and password retrieve the wsdl. This is easy to do in SoapUI, but I can't seem to decipher how to get this going in VS2010.
Okay, so for anyone else who may not know how certificates work in the Microsoft world, VS2010 uses whatever certs you have imported on your machine to try and authenticate. You have to go into IE>Internet Options>Content>Certificates and then import your certificate here. After that, VS2010 will automatically look there for a cert which matches the URL you are using for your wsdl.