0
正如在這個問題中Connecting to a Web Service using Client Certificate authentication我想從c#中使用由服務器管理員提供的客戶端證書調用SOAP Web服務。就像在那個問題中一樣,我可以在瀏覽器中使用提供的證書來訪問Web服務(他使用CURL,我可以使用IE 而不是FF)。我已經確定在瀏覽器和下面的代碼中使用了相同的證書,並且服務器支持TLS 1.2,這與鏈接問題不同 - 這是唯一讓我的問題不同的問題。建立TLS連接時忽略分配的客戶端證書
的證書已導入My和Root商店,我能確定它被發現並使得WS方法調用之前分配給WS對象實例。
但在跟蹤我可以看到,它被忽略:
System.Net信息:0:[5928] TlsStream#11958757 ::構造函數(主機= wsuat.domain.com, #certs = 0)
我使用的代碼非常簡單,我從之前的開發人員那裏繼承了它,並被告知它在大約1年前「曾經工作過」。隨着證書分配行註釋掉它工作正常,在當地,但只要我嘗試用雙向SSL開啓訪問服務器上的WS,它失敗:
using (ASoapClient client = new ASoapClient())
{
try
{
//ServicePointManager.Expect100Continue = true;
ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12;
client.ClientCredentials.ClientCertificate.SetCertificate(
StoreLocation.LocalMachine
,StoreName.Root // also can load from .My
,X509FindType.FindBySerialNumber // also can find by SubjectName
,"FA33.........................634"
);
SubmitResult rr = client.Submit(req);
}
catch(Exception ex)
{
MessageBox.Show(ex.Message, "Error submitting");
}
}
當我設置Expect100Continue到true我出現以下情況例外:
System.ServiceModel.CommunicationException: An error occurred while making the HTTP request to https://wsuat.domain.com/wsuat/ws.asmx.
This could be due to the fact that the server certificate is not configured properly with HTTP.SYS in the HTTPS case. This could also be caused by a mismatch of the security binding between the client and the server.
---> System.Net.WebException: The underlying connection was closed: An unexpected error occurred on a send.
---> System.IO.IOException: Unable to read data from the transport connection: An existing connection was forcibly closed by the remote host.
---> System.Net.Sockets.SocketException: An existing connection was forcibly closed by the remote host
當我評論說出來,我得到如下:
System.ServiceModel.Security.SecurityNegotiationException: Could not establish secure channel for SSL/TLS with authority 'wsuat.domain.com'.
---> System.Net.WebException: The request was aborted: Could not create SSL/TLS secure channel.
at System.Net.HttpWebRequest.GetResponse()
at System.ServiceModel.Channels.HttpChannelFactory`1.HttpRequestChannel.HttpChannelRequest.WaitForReply(TimeSpan timeout)