I have two API projects, one that's based on the .NET Framework 4.6.2 (an old API) and one that's based on .NET Core 2.0. The old API can disable self-signed certificate validation quite simply:
System.Net.ServicePointManager.ServerCertificateValidationCallback = delegate { return true; };
However this code does not work in .NET Core (even though it compiles fine), and it is causing me issues when the API tries to communicate (specifically when it tries to get the discovery document from the identity server, which is behind a reverse proxy which, in this environment, has a self-signed certificate that it uses for https). I've seen similar questions on StackOverflow but all the answers have to do with how the HttpClient is created. The issue for me is that I have no control over how the HttpClient is created (the token validation is middleware and I don't see any way to control how it's creating the HttpClient), so I'm wondering if there is a global way in .NET Core to skip self-signed certificate validation?
EDIT: my issue seems closely related to this issue, however I have taken the self-signed certificated and loaded it into the trusted root of both the container (where the api is running) and my local machine (where the container is running) and I still get the certificate validation errors.
See Question&Answers more detail:
os 与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
