C# 无法为具有“localhost”权限的SSL/TLS安全通道建立信任关系
对我来说又是一个奇怪的问题 在我将wcf从http重新集中到https之后,当我尝试调用非UI的.svc方法时,我开始遇到此异常,即无法为SSL/TLS安全通道建立信任关系,权限为“localhost”的问题。 同样在InnerException中,我得到了这样一个消息:根据验证过程,远程证书无效 我有:C# 无法为具有“localhost”权限的SSL/TLS安全通道建立信任关系,c#,asp.net-mvc,wcf,ssl,C#,Asp.net Mvc,Wcf,Ssl,对我来说又是一个奇怪的问题 在我将wcf从http重新集中到https之后,当我尝试调用非UI的.svc方法时,我开始遇到此异常,即无法为SSL/TLS安全通道建立信任关系,权限为“localhost”的问题。 同样在InnerException中,我得到了这样一个消息:根据验证过程,远程证书无效 我有: FunctionalApplicationBlock.InitializeWithShielding("BusinessServices Application");
FunctionalApplicationBlock.InitializeWithShielding("BusinessServices Application");
if (Microsoft.WindowsAzure.CloudConfigurationManager.GetSetting("SkipServerCertificateValidation") == "true")
{
ServicePointManager.ServerCertificateValidationCallback = (snder, cert, chain, error) => true;
}
<system.identityModel>
<identityConfiguration>
<certificateValidation certificateValidationMode="None"/>
</identityConfiguration>
</system.identityModel>
在Globasl.asax中
我有:
FunctionalApplicationBlock.InitializeWithShielding("BusinessServices Application");
if (Microsoft.WindowsAzure.CloudConfigurationManager.GetSetting("SkipServerCertificateValidation") == "true")
{
ServicePointManager.ServerCertificateValidationCallback = (snder, cert, chain, error) => true;
}
<system.identityModel>
<identityConfiguration>
<certificateValidation certificateValidationMode="None"/>
</identityConfiguration>
</system.identityModel>
在Web.config中
我的装订是:
<behaviors>
<serviceBehaviors>
<behavior name="CustomeBehavior">
<serviceAuthorization principalPermissionMode="Custom">
<authorizationPolicies>
<add policyType="Security.BusinessAuthorizationPolicy, Security" />
</authorizationPolicies>
</serviceAuthorization>
<serviceMetadata httpGetEnabled="true" httpsGetEnabled="true" />
<serviceDebug includeExceptionDetailInFaults="true" />
</behavior>
<behavior name="SecurityOff">
<serviceMetadata httpGetEnabled="true" httpsGetEnabled="true" />
<serviceDebug includeExceptionDetailInFaults="true" />
</behavior>
</serviceBehaviors>
</behaviors>
<protocolMapping>
<add binding="basicHttpsBinding" scheme="https" />
</protocolMapping>
<serviceHostingEnvironment aspNetCompatibilityEnabled="true" multipleSiteBindingsEnabled="true" minFreeMemoryPercentageToActivateService="0" />
<bindings>
<basicHttpsBinding>
<binding name="BasicHttpsBinding" sendTimeout="00:05:00" maxBufferPoolSize="2147483647" maxBufferSize="2147483647" maxReceivedMessageSize="2147483647" messageEncoding="Text">
<readerQuotas maxDepth="2000000" maxStringContentLength="2147483647" maxArrayLength="2147483647" maxBytesPerRead="2147483647" maxNameTableCharCount="2147483647" />
<security mode="Transport">
<transport clientCredentialType="None" />
</security>
</binding>
</basicHttpsBinding>
</bindings>
我看不出哪里会有问题。此外,我仍然能够从HomeController调用.svc方法,而不会出现任何问题
所以,我的问题是——这可能是什么,为什么在从http更改为https后会发生这种情况,或者还有其他原因
编辑:
客户端设置:
public static ChannelFactory<IBusiness> CreateFactory()
{
var authorization = new Authorization()
{
Key = GlobalConfig.BusinessAuthorizationKey
};
AddressHeader header = AddressHeader.CreateAddressHeader(authorization);
var address = new EndpointAddress(new Uri(ClientConfig.BusinessServiceEndpoint), header);
var channel = new ChannelFactory<IBusiness>(address.ResolveBinding(), address);
var bind = Helper.ResolveBinding(address);
if (bind is BasicHttpBinding)
{
var bindings = bind as BasicHttpBinding;
bindings.MaxBufferPoolSize = 2147483647;
bindings.MaxBufferSize = 2147483647;
bindings.MaxReceivedMessageSize = 2147483647;
bindings.MessageEncoding = WSMessageEncoding.Text;
bindings.ReaderQuotas.MaxArrayLength = 2147483647;
bindings.ReaderQuotas.MaxBytesPerRead = 2147483647;
bindings.ReaderQuotas.MaxDepth = 2147483647;
bindings.ReaderQuotas.MaxNameTableCharCount = 2147483647;
bindings.ReaderQuotas.MaxStringContentLength = 2147483647;
bindings.Security.Transport.ClientCredentialType = HttpClientCredentialType.None;
channel.Endpoint.Binding = bindings;
}
else
{
var bindings = bind as BasicHttpsBinding;
bindings.MaxBufferPoolSize = 2147483647;
bindings.MaxBufferSize = 2147483647;
bindings.MaxReceivedMessageSize = 2147483647;
bindings.MessageEncoding = WSMessageEncoding.Text;
bindings.ReaderQuotas.MaxArrayLength = 2147483647;
bindings.ReaderQuotas.MaxBytesPerRead = 2147483647;
bindings.ReaderQuotas.MaxDepth = 2147483647;
bindings.ReaderQuotas.MaxNameTableCharCount = 2147483647;
bindings.ReaderQuotas.MaxStringContentLength = 2147483647;
bindings.Security.Transport.ClientCredentialType = HttpClientCredentialType.None;
channel.Endpoint.Binding = bindings;
}
return channel;
}
我想你无论如何都需要得到有效的证书。同时,您可以尝试使用powershell中的信息创建自签名证书
get-help about_signing
此外,您还需要将证书添加到IIS中,以便处理它 我只是加了一句
ServicePointManager.ServerCertificateValidationCallback = (snder, cert, chain, error) => true;
在工厂创建中。这个东西以前在一次调用后从未刷新过,这就是我在一切正常时出现此错误的原因。Em..我是否理解正确,我需要将IIS中的自签名证书添加到我的业务服务中?嗯,多亏了尝试,但我已经绑定了自签名证书。刚刚发现。更新了我的问题。据我所知,我应该在我的通道中禁用证书验证,这是最糟糕的解决方案。请看这个答案的人不要这样做。这完全绕过了证书验证,这意味着您绕过了SSL/TLS应该提供的中间人保护。正确的做法是找出您的证书无法验证的原因,然后修复该问题,而不是绕过它。