Making HttpWebRequest work while having Fiddler decrypt SSL
Just a quick reminder to myself, so that I can forget about it...
Fiddler can act as a man-in-the-middle and decrypt SSL traffic, but then System.Net.Security rightfully complains about an invalid remote certificate ("The remote certificate is invalid according to the validation procedure."). This results in a System.Net.WebException "The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel.".
To prevent this from happening:
ServicePointManager.ServerCertificateValidationCallback = delegate { return true; };
Just be sure to not include this in production code :-)
ServicePointManager.ServerCertificateValidationCallback = delegate { return true; };
What do I replace ‘true’ with? My application wants to connect, but I get the error:
“The remote server returned an error: (401) Unauthorized.”
Comment by TheDirtyBird — 28 August 2008 @ 15:42
The only thing this line of code does, is accepting certificates regardless of their validity.
If you get a 401 response, this means that you need to provide credentials — that’s not affected by the
ServerCertificateValidationCallback. What happens if you go to that URL using a browser?Comment by Arnout — 28 August 2008 @ 15:55