C# 对SSPI的调用失败,请参阅第二次运行调用时的内部异常?
我有以下代码:C# 对SSPI的调用失败,请参阅第二次运行调用时的内部异常?,c#,.net,wcf,ssl,certificate,C#,.net,Wcf,Ssl,Certificate,我有以下代码: public GetUserDataResponse GetUserDataFromService(X509Certificate2 certificate) { ChannelFactory<MyApp4SITHSService.IMyApp4SITHSServiceContract> factory = new ChannelFactory<MyApp4SITHSService.IMyApp4SITHSServiceContract>("Net
public GetUserDataResponse GetUserDataFromService(X509Certificate2 certificate)
{
ChannelFactory<MyApp4SITHSService.IMyApp4SITHSServiceContract> factory = new ChannelFactory<MyApp4SITHSService.IMyApp4SITHSServiceContract>("NetTcpBinding_IMyApp4SITHSServiceContract_Certificate");
MyApp4SITHSService.IMyApp4SITHSServiceContract service;
GetUserDataResponse response;
factory.Credentials.ClientCertificate.Certificate = certificate;
//factory.Credentials.UserName.UserName = "me";
//factory.Credentials.UserName.Password = "password";
service = factory.CreateChannel();
LogHandler.WriteLine("Connecting to service");
response = service.GetUserData(new GetUserDataRequest());
LogHandler.WriteLine("Data received");
factory.Abort();
return response;
}
public GetUserDataResponse GetUserDataFromService(X509Certificate2证书)
{
ChannelFactory工厂=新的ChannelFactory(“NetTcpBinding_imyapp4sithserviceContract_证书”);
MyApp4SithService.imyapp4SithService合同服务;
GetUserDataResponse;
factory.Credentials.ClientCertificate.Certificate=证书;
//factory.Credentials.UserName.UserName=“我”;
//factory.Credentials.UserName.Password=“Password”;
service=factory.CreateChannel();
LogHandler.WriteLine(“连接到服务”);
response=service.GetUserData(新的GetUserDataRequest());
LogHandler.WriteLine(“收到的数据”);
factory.Abort();
返回响应;
}
第一次运行它时效果非常好,第二次在service.GetUserData上出现以下异常:
发生类型为“System.ServiceModel.Security.SecurityNegotiationException”的首次意外异常
在mscorlib.dll中
调用SSPI失败,请参阅内部异常
无法联系当地安全机构
Im使用以下配置:
<system.serviceModel>
<behaviors>
<endpointBehaviors>
<behavior name="CertificateEndpointBehavior">
<clientCredentials>
<!--<clientCertificate findValue="MyAppClient" x509FindType="FindBySubjectName" storeLocation="CurrentUser" storeName="TrustedPeople"/>-->
<!--<clientCertificate findValue="MyAppClient" x509FindType="FindBySubjectName" storeLocation="LocalMachine" storeName="My"/>-->
<serviceCertificate>
<authentication certificateValidationMode="ChainTrust" revocationMode="NoCheck"/>
</serviceCertificate>
</clientCredentials>
</behavior>
</endpointBehaviors>
</behaviors>
<bindings>
<netTcpBinding>
<binding name="netTcpCertificate" closeTimeout="00:01:00" openTimeout="00:01:00"
receiveTimeout="Infinite" sendTimeout="01:00:00" transactionFlow="false"
transferMode="Buffered" transactionProtocol="OleTransactions"
hostNameComparisonMode="StrongWildcard" listenBacklog="1000"
maxBufferPoolSize="2147483647" maxBufferSize="2147483647"
maxConnections="200" maxReceivedMessageSize="2147483647">
<readerQuotas maxDepth="2147483647" maxStringContentLength="2147483647"
maxArrayLength="2147483647" maxBytesPerRead="2147483647" maxNameTableCharCount="2147483647" />
<reliableSession ordered="true" inactivityTimeout="Infinite"
enabled="false" />
<security mode="Transport">
<transport clientCredentialType="Certificate" />
<message clientCredentialType="Certificate" />
</security>
</binding>
</netTcpBinding>
</bindings>
<client>
<endpoint address="net.tcp://localhost:8135/MyApp4SITHSService/Client/sll"
behaviorConfiguration="CertificateEndpointBehavior" binding="netTcpBinding"
bindingConfiguration="netTcpCertificate" contract="MyApp4SITHSService.IMyApp4SITHSServiceContract"
name="NetTcpBinding_IMyApp4SITHSServiceContract_Certificate">
<identity>
<dns value="MyAppServer" />
</identity>
</endpoint>
</client>
</system.serviceModel>
知道我为什么会遇到这个问题以及如何解决它吗?原因是证书可能未被验证为受信任的,这里有一些链接,请尝试查看是否有问题。还要发布整个错误堆栈。 代码示例
服务器没有权限与本地计算机证书存储联系以验证传入证书的信任请检查web.config或App.config文件中的“identity”元素。如果存在“标识”元素,则对其进行注释或删除。你的问题会解决的。但这怎么可能呢?第一次就可以了?第二次是用与第一次相同的代码完成的?是的,听起来不错,但为什么第一次尝试时它工作,但在接下来的尝试中却从未工作过?它可以被成功验证,为什么第二次不起作用呢?
<endpointBehaviors>
<behavior name="ClientCertificateBehavior">
<clientCredentials>
<clientCertificate findValue="www.testclient.eu"
storeLocation="CurrentUser" storeName="My" x509FindType="FindBySubjectName" />
<serviceCertificate>
<authentication
trustedStoreLocation="CurrentUser"
certificateValidationMode="PeerTrust"/>
<defaultCertificate
findValue='www.testsvc.eu'
storeLocation='CurrentUser'
storeName='My'
x509FindType='FindBySubjectName' />
</serviceCertificate>
</clientCredentials>
</behavior>
</endpointBehaviors>
</behaviors>