Warning: file_get_contents(/data/phpspider/zhask/data//catemap/2/csharp/278.json): failed to open stream: No such file or directory in /data/phpspider/zhask/libs/function.php on line 167

Warning: Invalid argument supplied for foreach() in /data/phpspider/zhask/libs/tag.function.php on line 1116

Notice: Undefined index: in /data/phpspider/zhask/libs/function.php on line 180

Warning: array_chunk() expects parameter 1 to be array, null given in /data/phpspider/zhask/libs/function.php on line 181
C# HTTPs客户端连接到Azure Web App上不带可信链(非可信CA)的服务器_C#_Ssl_Client_Ssl Certificate_Azure Web App Service - Fatal编程技术网
Fatal编程技术网
  • csharp/
  • C# HTTPs客户端连接到Azure Web App上不带可信链(非可信CA)的服务器

C# HTTPs客户端连接到Azure Web App上不带可信链(非可信CA)的服务器

c# ssl

C# HTTPs客户端连接到Azure Web App上不带可信链(非可信CA)的服务器,c#,ssl,client,ssl-certificate,azure-web-app-service,C#,Ssl,Client,Ssl Certificate,Azure Web App Service,我已经被困了大约3天,试图连接到一个服务器,该服务器有一个未经可信CA签名的证书-您可以通过Azure Portal添加CA的证书-但没有任何影响 显然,HTTP使用的都是内核模块(!)HTTP.SYS 我看到的所有建议都可以忽略这一点,或者使用: ServicePointManager.ServerCertificateValidationCallback=Communicator.CustomServiceCertificateValidation; (或其请求本身的非全球对应方) 或者像

我已经被困了大约3天,试图连接到一个服务器,该服务器有一个未经可信CA签名的证书-您可以通过Azure Portal添加CA的证书-但没有任何影响

显然,HTTP使用的都是内核模块(!)HTTP.SYS

我看到的所有建议都可以忽略这一点,或者使用:

ServicePointManager.ServerCertificateValidationCallback=Communicator.CustomServiceCertificateValidation;

(或其请求本身的非全球对应方)

或者像这样:

 client.ClientCredentials.ServiceCertificate.SslCertificateAuthentication =
                 new X509ServiceCertificateAuthentication()
                 {
                     CertificateValidationMode = X509CertificateValidationMode.Custom,
                     RevocationMode = X509RevocationMode.NoCheck,

                     //TrustedStoreLocation = StoreLocation.CurrentUser,
                     CustomCertificateValidator = new PermissiveCertificateValidator()

                 };
然而,两者都不会被调用

一些更重要的细节:

这项工作:

  try
        {
            ServicePointManager.ServerCertificateValidationCallback += (sender, cert, chain, sslPolicyErrors) => true;
            using (var wc = new WebClient())
            {
                var res = wc.DownloadString("https://untrusted-root.badssl.com/");
                return Content(res);
            }
        }
        catch (Exception ex)
        {
            return Content(ex.ToString());
        }
但是,我需要使用客户端证书对自己进行身份验证—因此,请按照此处的说明进行操作:

我最终得到以下代码:

class ATWebClient : WebClient
{
    protected override WebRequest GetWebRequest(Uri address)
    {
        HttpWebRequest request = (HttpWebRequest)base.GetWebRequest(address);
        request.Headers.Add("SOAPAction", "https://servicos.portaldasfinancas.gov.pt/sgdtws/documentosTransporte/");
        X509Certificate2 cert = new X509Certificate2();
        //From user installed Certificates
        //cert.Import(_pathCertificate, _passwordCertificate, X509KeyStorageFlags.DefaultKeySet);
        //From FileSystem "Resources\Certificates"
        cert.Import(Common.Properties.Resources.testewebservices_novo, "TESTEwebservice", X509KeyStorageFlags.Exportable);

        // Output Certificate 
        //Utils.Log(string.Format("Cert Subject: [{0}], NotBefore: [{1}], NotAfter: [{2}]", cert.Subject, cert.NotBefore, cert.NotAfter));

        request.ClientCertificates.Add(cert);
        request.Method = "POST";
        request.ContentType = "text/xml; charset=utf-8";
        request.Accept = "text/xml";


        return request;
    }
现在我使用以下命令调用服务:

   try
    {

        ServicePointManager.ServerCertificateValidationCallback += (sender, cert, chain, sslPolicyErrors) => true;
        ServicePointManager.CheckCertificateRevocationList = false;
        ServicePointManager.UseNagleAlgorithm = false;
        using (var wc = new ATWebClient())
        {
            //var res = wc.DownloadString("https://servicos.portaldasfinancas.gov.pt:701/sgdtws/documentosTransporte");
            var res = wc.UploadString("https://servicos.portaldasfinancas.gov.pt:701/sgdtws/documentosTransporte", "Test of content");
            return Content(res);
        }


    }
    catch (Exception ex)
    {
        return Json(ex);
    }
注意,是的,这是一个SOAP端点-我尝试发送有效的SOAP内容,但结果在这两种情况下是相同的,我得到以下异常:

基础连接已关闭:发送时发生意外错误。

堆栈跟踪:

   at System.Net.WebClient.UploadDataInternal(Uri address, String method, Byte[] data, WebRequest& request)
   at System.Net.WebClient.UploadString(Uri address, String method, String data)
   at System.Net.WebClient.UploadString(String address, String data)
   at MagniWebApp.Controllers.HomeController.NonTrustedCATestEndpoint() in C:\Users\joao.antunes.Office2\source\repos\07. Platform\WebApp\MagniWebApp\Controllers\HomeController.cs:line 1154
内部异常的消息:


身份验证失败,因为远程方已关闭传输流。

有什么想法吗?!

像这样在自定义回调中硬代码返回true怎么样

 public string Ssl()
    {
        try
        {
            ServicePointManager.ServerCertificateValidationCallback += (sender, cert, chain, sslPolicyErrors) => true;
            using (var wc = new WebClient())
            {
                var res = wc.DownloadString("https://untrusted-root.badssl.com/");
                Console.WriteLine(res);
                return res;
            }
        }
        catch (Exception ex)
        {
            return ex.ToString();
        }
    }
它甚至没有被调用!但是,当我将不受信任的CA添加到应用商店时,它会在本地执行-然而,这在Azure Web应用程序上不起作用!!我是否正确理解,您从azure web app调用不受信任的https服务器?那么试着像这样在主机上安装它怎么样
X509Certificate2Collection certificates=new X509Certificate2Collection();导入(certName、密码、x509keystrageflags.PersistKeySet)是!我这样做了,@Artem Kurianov,它给出了一个未找到的文件-这与存储AFAIK有关-因为我实际上在资源上有作为字节数组的证书(pfx)。这很奇怪。在我的azurewebapp中,它可以工作`public string Ssl(){try{ServicePointManager.ServerCertificateValidationCallback+=(发件人、证书、链、sslPolicyErrors)=>true;使用(var-wc=new-WebClient()){var-res=wc.DownloadString(“);返回res;}}}catch(Exception ex){return ex.ToString();}}}`终于有进展了!!谢谢!所以,您的代码可以工作了-这与我的代码不同,我的代码使用了HTTPWebRequest://Prepare Request HTTPWebRequest=(HTTPWebRequest)WebRequest.Create(_urlWebService);request.ServerCertificateValidationCallback+=Communicator.CustomServiceCertificateValidation;现在我只想知道如何在WebClient中添加客户端证书和其他内容!!有什么想法吗?