Warning: file_get_contents(/data/phpspider/zhask/data//catemap/2/csharp/329.json): failed to open stream: No such file or directory in /data/phpspider/zhask/libs/function.php on line 167

Warning: Invalid argument supplied for foreach() in /data/phpspider/zhask/libs/tag.function.php on line 1116

Notice: Undefined index: in /data/phpspider/zhask/libs/function.php on line 180

Warning: array_chunk() expects parameter 1 to be array, null given in /data/phpspider/zhask/libs/function.php on line 181
C# 建立TLS连接时忽略分配的客户端证书_C#_X509certificate_Tls1.2 - Fatal编程技术网
Fatal编程技术网
  • csharp/
  • C# 建立TLS连接时忽略分配的客户端证书

C# 建立TLS连接时忽略分配的客户端证书

c#

C# 建立TLS连接时忽略分配的客户端证书,c#,x509certificate,tls1.2,C#,X509certificate,Tls1.2,在这个问题中,我试图使用服务器管理员提供的客户端证书从c#调用SOAP web服务。就像那个问题一样,我可以在浏览器中使用提供的证书访问web服务(他使用了CURL,我可以使用IE,但不能使用FF)。我已确定浏览器和下面的代码中使用了相同的证书,并且服务器支持TLS 1.2,这与链接问题不同-这是唯一使我的问题不同的地方 证书已导入到My和Root存储中,我可以在进行WS-method调用之前确定它已被找到并分配给WS-object实例 但在跟踪中,我可以看到它被忽略了: 系统.Net信息:0:

在这个问题中,我试图使用服务器管理员提供的客户端证书从c#调用SOAP web服务。就像那个问题一样,我可以在浏览器中使用提供的证书访问web服务(他使用了CURL,我可以使用IE,但不能使用FF)。我已确定浏览器和下面的代码中使用了相同的证书,并且服务器支持TLS 1.2,这与链接问题不同-这是唯一使我的问题不同的地方

证书已导入到
My
Root
存储中,我可以在进行WS-method调用之前确定它已被找到并分配给WS-object实例

但在跟踪中,我可以看到它被忽略了:

系统.Net信息:0:[5928] TlsStream#11958757::.ctor(主机=wsuat.domain.com,#证书=0)

我使用的代码非常简单,我从以前的开发人员那里继承了它,并在大约1年前被告知它“曾经工作过”。在证书分配行被注释掉的情况下,它在本地工作正常,但只要我尝试在打开双向SSL的情况下访问服务器上的WS,它就会失败:

using (ASoapClient client = new ASoapClient())
{
    try
    {
        //ServicePointManager.Expect100Continue = true;
        ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12;

        client.ClientCredentials.ClientCertificate.SetCertificate(
             StoreLocation.LocalMachine
            ,StoreName.Root // also can load from .My
            ,X509FindType.FindBySerialNumber // also can find by SubjectName
            ,"FA33.........................634"
        );
        SubmitResult rr = client.Submit(req);
    }
    catch(Exception ex)
    {
        MessageBox.Show(ex.Message, "Error submitting");
    }
}
当我将
Expect100Continue
设置为
true
时,我得到以下异常:

System.ServiceModel.CommunicationException: An error occurred while making the HTTP request to https://wsuat.domain.com/wsuat/ws.asmx.
This could be due to the fact that the server certificate is not configured properly with HTTP.SYS in the HTTPS case. This could also be caused by a mismatch of the security binding between the client and the server.
---> System.Net.WebException: The underlying connection was closed: An unexpected error occurred on a send. 
---> System.IO.IOException: Unable to read data from the transport connection: An existing connection was forcibly closed by the remote host. 
---> System.Net.Sockets.SocketException: An existing connection was forcibly closed by the remote host
当我对此进行评论时,我得到以下信息:

System.ServiceModel.Security.SecurityNegotiationException: Could not establish secure channel for SSL/TLS with authority 'wsuat.domain.com'.
---> System.Net.WebException: The request was aborted: Could not create SSL/TLS secure channel.
at System.Net.HttpWebRequest.GetResponse()
at System.ServiceModel.Channels.HttpChannelFactory`1.HttpRequestChannel.HttpChannelRequest.WaitForReply(TimeSpan timeout)
正如经常发生的那样,当我绝望地问这个问题时,答案就被找到了。在中查找
basicHttpBinding
security模式,发现提到传输
clientCredentialType
属性

我添加了
transport
元素并将其设置为
Certificate
,如下所示,一切正常:

  <security mode="Transport">
    <transport clientCredentialType="Certificate" />
  </security>
正如经常发生的那样,当我绝望地问这个问题时,答案就被找到了。在中查找
basicHttpBinding
security模式,发现提到传输
clientCredentialType
属性

我添加了
transport
元素并将其设置为
Certificate
,如下所示,一切正常:

  <security mode="Transport">
    <transport clientCredentialType="Certificate" />
  </security>