最近,我们的 Web 托管提供商将所有共享 ASP.NET 网站托管的信任级别改为中等。因此,我们在通过 PayPal 的 SOAP API 完成交易时遇到了一些问题。具体来说,会抛出 SecurityException 异常,堆栈跟踪如下:
[SecurityException: Request for the permission of type 'System.Security.Permissions.SecurityPermission, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089' failed.]
System.Security.CodeAccessSecurityEngine.Check(Object demand, StackCrawlMark& stackMark, Boolean isPermSet) +0
System.Security.CodeAccessPermission.Demand() +58
System.Net.ServicePointManager.set_CertificatePolicy(ICertificatePolicy value) +54
com.paypal.sdk.core.APICallerBase.SetTrustManager() +30
com.paypal.sdk.core.soap.SOAPAPICaller..ctor() +14
com.paypal.sdk.services.CallerServices..ctor() +23
...
我追踪到了 PayPal SOAP SDK 中存在问题的源头。
/// <summary>
/// To Accept all un-trusted certificate
/// </summary>
private void SetTrustManager()
{
//This code is added to accept all un-trusted certificate i.e self-signed certificate
if (Config.Instance.TrustAll)
{
//ServicePointManager.CertificatePolicy = TrustAllCertificatePolicy.Instance;
ServicePointManager.CertificatePolicy = new MyPolicy();
}
} // SetTrustManager
有人知道需要对我们的项目和/或服务器进行哪些更改才能使 SDK 在中等信任环境中运行吗?是否有必要接受所有不受信任的证书?
答案1
恐怕不支持,您需要使用经典的 HTTPS 接口集成。否则,如果您想以任何方式使用 SDK,则必须在服务器上启用完全信任模式。