Ignore certificate errors in development (SignalR) #16919
Comments
cedemax
changed the title
|
The problem here is you're now outside the bounds of how it would work in production. By trusting the certs properly you emulate what you would see in production, and you don't run the risk of turning cert validation off in production. |
I would use IWebHostEnvironment.IsDevelopment() to make sure that I only do this in development. The dev environment is different from the production environment also in the case that I have to put some extra build steps to ensure that my linux environment for service B trusts the self-signed certificate of my dev-PC, which runs service A. I would like to avoid this step. |
|
Okay I found a solution: This works for me at least |
The problem currently
I'm running service A under IIS on my windows dev PC, and service B on Kestrel in a linux docker container on the same PC. I'm trying to connect to a SignalR hub on service A from service B, but service B does not trust the self-signed certificate of service A. Everything works normally if I run B outside the container.
Proposed solution:
I would like to be able to just ignore certificate errors in the Development environment, since the other solution of installing the certificates in the docker container is more difficult.
Something like
or
Would be very easy to use, and easier to find than some platform dependent tutorial on installing certificates.
Additional context
A and B are both AspNetCore 3.0.0. I'm running both in Debug mode from Visual Studio 16.3.8.
SignalR .Net client is version 3.0.0
I found proposed solutions online, like using
ServicePointManager.ServerCertificateValidationCallback += (...) => true;, but the callback never gets called by the SignalR client. Is this a bug?The text was updated successfully, but these errors were encountered: