Sunday, September 20, 2009

Another Code Snippet Test…

This time I’m trying to post code snippets … with another Plugin I found on my friend’s blog (Andrea Dottor).

using System;
 
public class Class1
{
    public Class1()
    {
    }
}

Will it be right-formatted ?

Posted by Igor Antonacci at 6:51 PM 0 comments Links to this post

Beginning ASP.NET MVC 1.0 is on my desk...

Since few weeks, I got Beginning with ASP.NET MVC 1.0 , a book from my friend Simone Chiaretta and Keyvan Nayyeri .
I really appreciated their very hard work described in blogs so I’m really eating all pages of their book.

beginningaspnetmvc-cover-small

I’m a novice in the ASP.NET MVC area but I’ve been a Web Programmers since I started my career: my really first work was as a stager to understand all technologies coming up from the raising Internet Era.

Since then, I changed a lot of “career paths” but, at the end, I really liked to write tons of Javascript beside Server-side code…and ASP.NET MVC brought this pleasure back.

I’ll try to keep you updated Chapter by Chapter, in the meanwhile I’m reading it so we can share the pleasure.

Stay tuned!

Posted by Igor Antonacci at 6:32 PM 0 comments Links to this post
Labels: ,

Thursday, September 3, 2009

SSL Certificate Validation in Web Services

Sometimes, when you’re at development stage, you create a “self-made” SSL certificate for your sites (IIS in our example);

Such certificate is not “really” valid as the Issuer is not a trusted Certificate Authority (remember, you created it).

When you’re developing a Web Service Client (or WCF Service Client) , Visual Studio creates the proxy for you but he doesn’t care of the issue above.

As soon as you call the Web Service (using an https protocol), you’ll receive

The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel.

The trick here is writing the following line of code ONCE in your application (at the beginning or, at least, BEFORE calling the Web Service) 

ServicePointManager.ServerCertificateValidationCallback += 
new RemoteCertificateValidationCallback(
    (obj, x509cert, chain, policyErrors ) => { return true; }
);

It overrides the method the .NET Framework calls to validate the certificate. In our case we use an anonymous delegate that returns ALWAYS true.

BE AWARE: it exposes you (and your application) to a very high risk if you put such code in production. SSL Certificate MUST BE ALWAYS valid (at least on prod environments smile_wink).

Posted by Igor Antonacci at 3:18 PM 1 comments Links to this post
Subscribe to: Posts (Atom)