Warning: file_get_contents(/data/phpspider/zhask/data//catemap/2/.net/24.json): failed to open stream: No such file or directory in /data/phpspider/zhask/libs/function.php on line 167

Warning: Invalid argument supplied for foreach() in /data/phpspider/zhask/libs/tag.function.php on line 1116

Notice: Undefined index: in /data/phpspider/zhask/libs/function.php on line 180

Warning: array_chunk() expects parameter 1 to be array, null given in /data/phpspider/zhask/libs/function.php on line 181
.NET WebRequest使用SSL-can';我无法通过代理_.net_Ssl_Proxy - Fatal编程技术网
Fatal编程技术网
  • .net/
  • .NET WebRequest使用SSL-can';我无法通过代理

.NET WebRequest使用SSL-can';我无法通过代理

.net ssl proxy

.NET WebRequest使用SSL-can';我无法通过代理,.net,ssl,proxy,.net,Ssl,Proxy,我正试图使用SSL从.NET客户端向网站发出请求,我正努力通过公司代理。它一直告诉我403禁止:您的系统策略已拒绝访问请求的URL 这是我正在使用的代码: string uri = "https://www.website.com"; var request = (HttpWebRequest)WebRequest.Create(uri); request.KeepAlive = true; WebRequest.DefaultWebProxy.Credentials = CredentialC

我正试图使用SSL从.NET客户端向网站发出请求,我正努力通过公司代理。它一直告诉我
403禁止:您的系统策略已拒绝访问请求的URL

这是我正在使用的代码:

string uri = "https://www.website.com";
var request = (HttpWebRequest)WebRequest.Create(uri);
request.KeepAlive = true;
WebRequest.DefaultWebProxy.Credentials = CredentialCache.DefaultCredentials;
request.Method = "GET";
response = (HttpWebResponse)await request.GetResponseAsync();
关于这个问题的每个消息来源似乎都声称,将
放在App.config中是解决这个问题的灵丹妙药,但在这里似乎没有什么区别。在我看来,这与上面对
WebRequest.DefaultWebProxy.Credentials
的分配具有相同的效果,但是如果我删除分配并将声明保留在App.config中,我会得到一个错误
407:需要代理身份验证

我已经查看了Fiddler的实际流量。两个事务都由三条消息组成;前两个结果是407,我认为这是正确的。当IE收到上一条消息中的状态
200:Connection-builded
时,我的程序反而得到
403:probled

详细查看内容,唯一的区别是IE使用HTTP/1.0而不是1.1,并提供了更多信息,如用户代理、内容长度、DNT和Pragma。我猜这些都与问题无关,我还没有弄清楚如何设置它们

无论我尝试连接到哪个URL,行为都是相同的。如果我绕过代理服务器,它就会工作

有人能解释一下吗?提前谢谢

编辑:来自Fiddler的详细信息如下。这会很长,但我们要做的是:

.NET客户端发出以下消息:

CONNECT www.website.com:443 HTTP/1.1
Host: www.website.com
Proxy-Connection: Keep-Alive
对于IE,第一条信息是:

CONNECT www.website.com:443 HTTP/1.0
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)
Host: www.website.com
Content-Length: 0
DNT: 1
Proxy-Connection: Keep-Alive
Pragma: no-cache
在这两种情况下,代理人的答复如下:

HTTP/1.1 407 Proxy Authentication Required
Proxy-Authenticate: NEGOTIATE
Proxy-Authenticate: NTLM
Proxy-Authenticate: BASIC realm="[...]"
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Proxy-Connection: close
Set-Cookie: [...]; Path=/
Connection: close
Content-Length: 849
Proxy-Support: Session-Based-Authentication

["Credentials are missing."]
来自.NET的协商消息:

CONNECT www.website.com:443 HTTP/1.1
Proxy-Authorization: Negotiate [...]
Host: www.website.com

CONNECT www.website.com:443 HTTP/1.1
Proxy-Authorization: Negotiate [...]
Host: www.website.com
与IE相比:

CONNECT www.website.com:443 HTTP/1.0
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)
Host: www.website.com
DNT: 1
Proxy-Connection: Keep-Alive
Pragma: no-cache
Proxy-Authorization: Negotiate [...]
Content-Length: 0
来自代理的质疑:

HTTP/1.1 407 Proxy Authentication Required
Proxy-Authenticate: NEGOTIATE [...]
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Proxy-Connection: Keep-Alive
Set-Cookie: ...; Path=/
Connection: Keep-Alive
Content-Length: 866
Proxy-Support: Session-Based-Authentication

["Another round of authentication is required."]
最后,来自.NET的挑战响应:

CONNECT www.website.com:443 HTTP/1.1
Proxy-Authorization: Negotiate [...]
Host: www.website.com

CONNECT www.website.com:443 HTTP/1.1
Proxy-Authorization: Negotiate [...]
Host: www.website.com
来自IE:

CONNECT www.website.com:443 HTTP/1.0
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)
Host: www.website.com
Proxy-Authorization: Negotiate [...]
DNT: 1
Proxy-Connection: Keep-Alive
Pragma: no-cache
Content-Length: 0

A SSLv3-compatible ClientHello handshake was found. Fiddler extracted the parameters below.

Version: 3.1 (TLS/1.0)
Random: 54 FE A4 42 3B B5 14 66 0C F1 CE 6B BA 79 B8 EE B7 86 B1 4B 6E 76 F0 42 C6 07 7D 89 78 3E 13 DC
"Time": 2005-06-07 03:54:28
SessionID: empty
Extensions: 
    renegotiation_info  00
    server_name www.website.com
    status_request  OCSP - Implicit Responder
    elliptic_curves secp521r1 [0x19], secp256r1 [0x17], secp384r1 [0x18]
    ec_point_formats    uncompressed [0x0]
Ciphers: 
    [C014]  TLS1_CK_ECDHE_RSA_WITH_AES_256_CBC_SHA
    [C013]  TLS1_CK_ECDHE_RSA_WITH_AES_128_CBC_SHA
    [C00A]  TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
    [C009]  TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
    [0035]  TLS_RSA_AES_256_SHA
    [002F]  TLS_RSA_AES_128_SHA
    [0038]  TLS_DHE_DSS_WITH_AES_256_SHA
    [0032]  TLS_DHE_DSS_WITH_AES_128_SHA
    [000A]  SSL_RSA_WITH_3DES_EDE_SHA
    [0013]  SSL_DHE_DSS_WITH_3DES_EDE_SHA
    [0005]  SSL_RSA_WITH_RC4_128_SHA
    [0004]  SSL_RSA_WITH_RC4_128_MD5

Compression: 
    [00]    NO_COMPRESSION
从代理到.NET客户端的响应如下:

HTTP/1.1 403 Forbidden
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Proxy-Connection: Keep-Alive
Connection: Keep-Alive
Content-Length: 642

[Your system policy has denied access to the requested URL.]
当IE收到:

HTTP/1.1 200 Connection established

Encrypted HTTPS traffic flows through this CONNECT tunnel. HTTPS Decryption is enabled in Fiddler, so decrypted sessions running in this tunnel will be shown in the Web Sessions list.

Secure Protocol: Tls
Cipher: Aes256 256bits
Hash Algorithm: Sha1 160bits
Key Exchange: RsaKeyX 2048bits

== Server Certificate ==========
[...]
我还应该提到,我连接的网站是我们自己的ASP.NET网站,托管在外部服务器上。我假设问题出在代理上,而不是远程服务器上,因为如果我在没有代理的情况下连接,所有请求都可以工作。但是,我也可以通过使用普通的HTTP URI跳过HTTPS连接来完成

再次感谢

你能提供Fiddler的日志吗(去掉或替换任何凭证和IP地址)?@lowleveldesign当然,我已经编辑了这篇文章。听起来对你来说是个问题。询问他们代理策略是什么,这会让你更接近。@Dan-o谢谢。我很害怕。如果/当我设法从他们那里得到一些东西时,我会给你回电的根据IT服务,代理“可能”阻止所有未知程序通过SSL访问互联网。所以我想我还是要坚持下去。谢谢你的建议。