C# 对SSPI的调用失败，请参阅第二次运行调用时的内部异常？_C#_.net_Wcf_Ssl_Certificate

C# 对SSPI的调用失败，请参阅第二次运行调用时的内部异常？

c# .net wcf ssl certificate

C# 对SSPI的调用失败，请参阅第二次运行调用时的内部异常？,c#,.net,wcf,ssl,certificate,C#,.net,Wcf,Ssl,Certificate,我有以下代码： public GetUserDataResponse GetUserDataFromService(X509Certificate2 certificate) { ChannelFactory<MyApp4SITHSService.IMyApp4SITHSServiceContract> factory = new ChannelFactory<MyApp4SITHSService.IMyApp4SITHSServiceContract>("Net

我有以下代码：

public GetUserDataResponse GetUserDataFromService(X509Certificate2 certificate)
{
    ChannelFactory<MyApp4SITHSService.IMyApp4SITHSServiceContract> factory = new ChannelFactory<MyApp4SITHSService.IMyApp4SITHSServiceContract>("NetTcpBinding_IMyApp4SITHSServiceContract_Certificate");
    MyApp4SITHSService.IMyApp4SITHSServiceContract service;
    GetUserDataResponse response;

    factory.Credentials.ClientCertificate.Certificate = certificate;
    //factory.Credentials.UserName.UserName = "me";
    //factory.Credentials.UserName.Password = "password";

    service = factory.CreateChannel();

    LogHandler.WriteLine("Connecting to service");
    response = service.GetUserData(new GetUserDataRequest());
    LogHandler.WriteLine("Data received");

    factory.Abort();
    return response;
}

public GetUserDataResponse GetUserDataFromService（X509Certificate2证书）
{
ChannelFactory工厂=新的ChannelFactory（“NetTcpBinding_imyapp4sithserviceContract_证书”）；
MyApp4SithService.imyapp4SithService合同服务；
GetUserDataResponse；
factory.Credentials.ClientCertificate.Certificate=证书；
//factory.Credentials.UserName.UserName=“我”；
//factory.Credentials.UserName.Password=“Password”；
service=factory.CreateChannel（）；
LogHandler.WriteLine（“连接到服务”）；
response=service.GetUserData（新的GetUserDataRequest（））；
LogHandler.WriteLine（“收到的数据”）；
factory.Abort（）；
返回响应；
}

第一次运行它时效果非常好，第二次在service.GetUserData上出现以下异常：

发生类型为“System.ServiceModel.Security.SecurityNegotiationException”的首次意外异常在mscorlib.dll中

调用SSPI失败，请参阅内部异常

无法联系当地安全机构

Im使用以下配置：

<system.serviceModel>
  <behaviors>
    <endpointBehaviors>
      <behavior name="CertificateEndpointBehavior">
        <clientCredentials>
          <!--<clientCertificate findValue="MyAppClient" x509FindType="FindBySubjectName" storeLocation="CurrentUser" storeName="TrustedPeople"/>-->
          <!--<clientCertificate findValue="MyAppClient" x509FindType="FindBySubjectName" storeLocation="LocalMachine" storeName="My"/>-->
          <serviceCertificate>
            <authentication certificateValidationMode="ChainTrust" revocationMode="NoCheck"/>
          </serviceCertificate>
        </clientCredentials>
      </behavior>
    </endpointBehaviors>
  </behaviors>
    <bindings>
        <netTcpBinding>
            <binding name="netTcpCertificate" closeTimeout="00:01:00" openTimeout="00:01:00"
                receiveTimeout="Infinite" sendTimeout="01:00:00" transactionFlow="false"
                transferMode="Buffered" transactionProtocol="OleTransactions"
                hostNameComparisonMode="StrongWildcard" listenBacklog="1000"
                maxBufferPoolSize="2147483647" maxBufferSize="2147483647"
                maxConnections="200" maxReceivedMessageSize="2147483647">
                <readerQuotas maxDepth="2147483647" maxStringContentLength="2147483647"
                    maxArrayLength="2147483647" maxBytesPerRead="2147483647" maxNameTableCharCount="2147483647" />
                <reliableSession ordered="true" inactivityTimeout="Infinite"
                    enabled="false" />
                <security mode="Transport">
                    <transport clientCredentialType="Certificate" />
                    <message clientCredentialType="Certificate" />
                </security>
            </binding>
        </netTcpBinding>
    </bindings>
    <client>
        <endpoint address="net.tcp://localhost:8135/MyApp4SITHSService/Client/sll"
            behaviorConfiguration="CertificateEndpointBehavior" binding="netTcpBinding"
            bindingConfiguration="netTcpCertificate" contract="MyApp4SITHSService.IMyApp4SITHSServiceContract"
            name="NetTcpBinding_IMyApp4SITHSServiceContract_Certificate">
            <identity>
                <dns value="MyAppServer" />
            </identity>
        </endpoint>
    </client>
</system.serviceModel>

知道我为什么会遇到这个问题以及如何解决它吗？

原因是证书可能未被验证为受信任的，这里有一些链接，请尝试查看是否有问题。还要发布整个错误堆栈。

代码示例

服务器没有权限与本地计算机证书存储联系以验证传入证书的信任

请检查web.config或App.config文件中的“identity”元素。如果存在“标识”元素，则对其进行注释或删除。你的问题会解决的。

但这怎么可能呢？第一次就可以了？第二次是用与第一次相同的代码完成的？是的，听起来不错，但为什么第一次尝试时它工作，但在接下来的尝试中却从未工作过？它可以被成功验证，为什么第二次不起作用呢？

  <endpointBehaviors>

    <behavior name="ClientCertificateBehavior">

      <clientCredentials>

        <clientCertificate findValue="www.testclient.eu"

              storeLocation="CurrentUser" storeName="My"                              x509FindType="FindBySubjectName" />

        <serviceCertificate>

          <authentication

              trustedStoreLocation="CurrentUser"

              certificateValidationMode="PeerTrust"/>



          <defaultCertificate

             findValue='www.testsvc.eu'

             storeLocation='CurrentUser'

             storeName='My'

             x509FindType='FindBySubjectName' />

        </serviceCertificate>



      </clientCredentials>

    </behavior>

  </endpointBehaviors>

</behaviors>