C# 获得;无法创建SSL/TLS安全通道“;
我有一些网站有时无法连接到第三方SOAP WS。当向第三方WS发出大量请求时,这种情况最为常见。因此,它并不是每次都失败,只是有几次失败——而且大多数情况下是在向第三方ws发出大量请求时 它已通过IIS加密在我们的本地服务器上修复。之前已选中所有已禁用复选框 但是在Azure WebApp上,我们无法控制这些设置-知道该怎么做吗 以下是绑定代码,以及第三方soap ws的更多内容:C# 获得;无法创建SSL/TLS安全通道“;,c#,web-services,azure,soap,tls1.2,C#,Web Services,Azure,Soap,Tls1.2,我有一些网站有时无法连接到第三方SOAP WS。当向第三方WS发出大量请求时,这种情况最为常见。因此,它并不是每次都失败,只是有几次失败——而且大多数情况下是在向第三方ws发出大量请求时 它已通过IIS加密在我们的本地服务器上修复。之前已选中所有已禁用复选框 但是在Azure WebApp上,我们无法控制这些设置-知道该怎么做吗 以下是绑定代码,以及第三方soap ws的更多内容: public static CustomBinding GetDefaultBinding()
public static CustomBinding GetDefaultBinding()
{
ServicePointManager.ServerCertificateValidationCallback = delegate { return true; };
AsymmetricSecurityBindingElement securityElement = new AsymmetricSecurityBindingElement();
securityElement.MessageSecurityVersion = MessageSecurityVersion.WSSecurity11WSTrust13WSSecureConversation13WSSecurityPolicy12;
securityElement.InitiatorTokenParameters = new X509SecurityTokenParameters(X509KeyIdentifierClauseType.IssuerSerial, SecurityTokenInclusionMode.Never);
securityElement.RecipientTokenParameters = new X509SecurityTokenParameters(X509KeyIdentifierClauseType.IssuerSerial, SecurityTokenInclusionMode.Never);
securityElement.ProtectTokens = true;
securityElement.MessageProtectionOrder = MessageProtectionOrder.SignBeforeEncrypt;
securityElement.RequireSignatureConfirmation = true;
securityElement.SecurityHeaderLayout = SecurityHeaderLayout.Lax;
securityElement.EnableUnsecuredResponse = true;
securityElement.IncludeTimestamp = true;
securityElement.SetKeyDerivation(false);
securityElement.DefaultAlgorithmSuite = SecurityAlgorithmSuite.Basic128Rsa15;
securityElement.EndpointSupportingTokenParameters.SignedEncrypted.Add(new UserNameSecurityTokenParameters());
securityElement.AllowSerializedSigningTokenOnReply = true;
CustomBinding myBinding = new CustomBinding();
myBinding.Elements.Add(securityElement);
TextMessageEncodingBindingElement element = new TextMessageEncodingBindingElement(MessageVersion.Soap11WSAddressing10, Encoding.UTF8);
element.ReaderQuotas.MaxStringContentLength = int.MaxValue;
element.ReaderQuotas.MaxDepth = int.MaxValue;
element.ReaderQuotas.MaxArrayLength = int.MaxValue;
element.ReaderQuotas.MaxBytesPerRead = int.MaxValue;
element.ReaderQuotas.MaxNameTableCharCount = int.MaxValue;
myBinding.Elements.Add(element);
HttpsTransportBindingElement httpsBindingElement = new HttpsTransportBindingElement();
httpsBindingElement.RequireClientCertificate = true;
httpsBindingElement.MaxBufferPoolSize = int.MaxValue;
httpsBindingElement.MaxBufferSize = int.MaxValue;
httpsBindingElement.MaxReceivedMessageSize = int.MaxValue;
httpsBindingElement.KeepAliveEnabled = false;
httpsBindingElement.AllowCookies = false;
myBinding.Elements.Add(httpsBindingElement);
myBinding.CloseTimeout = new TimeSpan(0, 10, 0);
myBinding.ReceiveTimeout = new TimeSpan(0, 10, 0);
myBinding.SendTimeout = new TimeSpan(0, 10, 0);
return myBinding;
}
private void ConfigureClientCredentials(ClientCredentials cc)
{
if (cc == null) return;
cc.UserName.UserName = Options.WebserviceUsername;
cc.UserName.Password = Options.AuthPassword;
cc.ClientCertificate.Certificate = Options.ClientCertificate;
cc.ServiceCertificate.DefaultCertificate = Options.IbaCertificate;
cc.ServiceCertificate.Authentication.CertificateValidationMode = X509CertificateValidationMode.None;
}
private void ConfigureEndPoint(ServiceEndpoint endpoint)
{
endpoint.Contract.ProtectionLevel = ProtectionLevel.EncryptAndSign;
endpoint.EndpointBehaviors.Add(new CustomEndpointBehavior());
}
第三方SOAP WS在一台服务器上配置了错误的SSL/芯片(负载平衡器设置),这导致了问题-因此在我的代码中这不是问题。很快-很好。最后一个提示:我想你可能想读一读关于干净代码的书(罗伯特·马丁的伟大著作)。您的代码可能会从中受益。