C# 无法为具有“localhost”权限的SSL/TLS安全通道建立信任关系_C#_Asp.net Mvc_Wcf_Ssl

C# 无法为具有“localhost”权限的SSL/TLS安全通道建立信任关系

c# asp.net-mvc wcf ssl

C# 无法为具有“localhost”权限的SSL/TLS安全通道建立信任关系,c#,asp.net-mvc,wcf,ssl,C#,Asp.net Mvc,Wcf,Ssl,对我来说又是一个奇怪的问题在我将wcf从http重新集中到https之后，当我尝试调用非UI的.svc方法时，我开始遇到此异常，即无法为SSL/TLS安全通道建立信任关系，权限为“localhost”的问题。同样在InnerException中，我得到了这样一个消息：根据验证过程，远程证书无效我有： FunctionalApplicationBlock.InitializeWithShielding("BusinessServices Application");

对我来说又是一个奇怪的问题

在我将wcf从http重新集中到https之后，当我尝试调用非UI的.svc方法时，我开始遇到此异常，即无法为SSL/TLS安全通道建立信任关系，权限为“localhost”的问题。同样在InnerException中，我得到了这样一个消息：根据验证过程，远程证书无效

我有：

            FunctionalApplicationBlock.InitializeWithShielding("BusinessServices Application");

            if (Microsoft.WindowsAzure.CloudConfigurationManager.GetSetting("SkipServerCertificateValidation") == "true")
            {
                ServicePointManager.ServerCertificateValidationCallback = (snder, cert, chain, error) => true;
            }

  <system.identityModel>
    <identityConfiguration>
      <certificateValidation certificateValidationMode="None"/>
    </identityConfiguration>
  </system.identityModel>

在Globasl.asax中

我有：

            FunctionalApplicationBlock.InitializeWithShielding("BusinessServices Application");

            if (Microsoft.WindowsAzure.CloudConfigurationManager.GetSetting("SkipServerCertificateValidation") == "true")
            {
                ServicePointManager.ServerCertificateValidationCallback = (snder, cert, chain, error) => true;
            }

  <system.identityModel>
    <identityConfiguration>
      <certificateValidation certificateValidationMode="None"/>
    </identityConfiguration>
  </system.identityModel>

在Web.config中

我的装订是：

<behaviors>
  <serviceBehaviors>
    <behavior name="CustomeBehavior">
      <serviceAuthorization principalPermissionMode="Custom">
        <authorizationPolicies>
          <add policyType="Security.BusinessAuthorizationPolicy, Security" />
        </authorizationPolicies>
      </serviceAuthorization>
      <serviceMetadata httpGetEnabled="true" httpsGetEnabled="true" />
      <serviceDebug includeExceptionDetailInFaults="true" />
    </behavior>
    <behavior name="SecurityOff">
      <serviceMetadata httpGetEnabled="true" httpsGetEnabled="true" />
      <serviceDebug includeExceptionDetailInFaults="true" />
    </behavior>
  </serviceBehaviors>
</behaviors>
<protocolMapping>
  <add binding="basicHttpsBinding" scheme="https" />
</protocolMapping>
<serviceHostingEnvironment aspNetCompatibilityEnabled="true" multipleSiteBindingsEnabled="true" minFreeMemoryPercentageToActivateService="0" />

<bindings>
  <basicHttpsBinding>
    <binding name="BasicHttpsBinding" sendTimeout="00:05:00" maxBufferPoolSize="2147483647" maxBufferSize="2147483647" maxReceivedMessageSize="2147483647" messageEncoding="Text">
      <readerQuotas maxDepth="2000000" maxStringContentLength="2147483647" maxArrayLength="2147483647" maxBytesPerRead="2147483647" maxNameTableCharCount="2147483647" />
      <security mode="Transport">
        <transport clientCredentialType="None" />
      </security>
    </binding>
  </basicHttpsBinding>
</bindings>

我看不出哪里会有问题。此外，我仍然能够从HomeController调用.svc方法，而不会出现任何问题

所以，我的问题是——这可能是什么，为什么在从http更改为https后会发生这种情况，或者还有其他原因

编辑：客户端设置：

public static ChannelFactory<IBusiness> CreateFactory()
        {
            var authorization = new Authorization()
            {
                Key = GlobalConfig.BusinessAuthorizationKey
            };
            AddressHeader header = AddressHeader.CreateAddressHeader(authorization);
            var address = new EndpointAddress(new Uri(ClientConfig.BusinessServiceEndpoint), header);
            var channel = new ChannelFactory<IBusiness>(address.ResolveBinding(), address);

            var bind = Helper.ResolveBinding(address);

            if (bind is BasicHttpBinding)
            {
                var bindings = bind as BasicHttpBinding;

                bindings.MaxBufferPoolSize = 2147483647;
                bindings.MaxBufferSize = 2147483647;
                bindings.MaxReceivedMessageSize = 2147483647;
                bindings.MessageEncoding = WSMessageEncoding.Text;
                bindings.ReaderQuotas.MaxArrayLength = 2147483647;
                bindings.ReaderQuotas.MaxBytesPerRead = 2147483647;
                bindings.ReaderQuotas.MaxDepth = 2147483647;
                bindings.ReaderQuotas.MaxNameTableCharCount = 2147483647;
                bindings.ReaderQuotas.MaxStringContentLength = 2147483647;
                bindings.Security.Transport.ClientCredentialType = HttpClientCredentialType.None;

                channel.Endpoint.Binding = bindings;
            }
            else
            {
                var bindings = bind as BasicHttpsBinding;

                bindings.MaxBufferPoolSize = 2147483647;
                bindings.MaxBufferSize = 2147483647;
                bindings.MaxReceivedMessageSize = 2147483647;
                bindings.MessageEncoding = WSMessageEncoding.Text;
                bindings.ReaderQuotas.MaxArrayLength = 2147483647;
                bindings.ReaderQuotas.MaxBytesPerRead = 2147483647;
                bindings.ReaderQuotas.MaxDepth = 2147483647;
                bindings.ReaderQuotas.MaxNameTableCharCount = 2147483647;
                bindings.ReaderQuotas.MaxStringContentLength = 2147483647;
                bindings.Security.Transport.ClientCredentialType = HttpClientCredentialType.None;

                channel.Endpoint.Binding = bindings;
            }

            return channel;
        }

我想你无论如何都需要得到有效的证书。同时，您可以尝试使用powershell中的信息创建自签名证书

get-help about_signing

此外，您还需要将证书添加到IIS中，以便处理它

我只是加了一句

ServicePointManager.ServerCertificateValidationCallback = (snder, cert, chain, error) => true;

在工厂创建中。这个东西以前在一次调用后从未刷新过，这就是我在一切正常时出现此错误的原因。

Em..我是否理解正确，我需要将IIS中的自签名证书添加到我的业务服务中？嗯，多亏了尝试，但我已经绑定了自签名证书。刚刚发现。更新了我的问题。据我所知，我应该在我的通道中禁用证书验证，这是最糟糕的解决方案。请看这个答案的人不要这样做。这完全绕过了证书验证，这意味着您绕过了SSL/TLS应该提供的中间人保护。正确的做法是找出您的证书无法验证的原因，然后修复该问题，而不是绕过它。