連接到AWS上的Windows Server Service Bus

Question

我正在使用新的Windows Server Service Bus 1.0 Beta開始使用新項目。我正嘗試在AWS EC2虛擬機上設置測試環境。

我在AWS EC2上運行的Windows Server 2008 R2實例上安裝了服務總線，並根據MSDN文檔中的示例設置了新的服務器場，容器和主機。我已經在服務器上打開了所有正確的端口（4443和9354）。我也按照[本頁] [1]中的說明將自己生成的證書導出到我的客戶機器上。

我有一個非常簡單的C＃程序，它創建隊列，排隊消息並接收它。當我將可執行文件複製到VM並在那裏運行時，該程序正常工作，所以我相信我正確使用了API。但是，當我從本地開發框指向AWS服務器運行程序時，我遇到了安全異常。

我的代碼如下所示：

var servername = "X.X.X.X"; // <-- An IP Address, not FQDN 
var sbNamespace = "MyNamespace"; 
var httpPort = 4446; 
var tcpPort = 9354; 

//create SB uris 
var rootAddressManagement = ServiceBusEnvironment.CreatePathBasedServiceUri("sb", sbNamespace, string.Format("{0}:{1}", servername, httpPort)); 
var rootAddressRuntime = ServiceBusEnvironment.CreatePathBasedServiceUri("sb", sbNamespace, string.Format("{0}:{1}", servername, tcpPort)); 

var tokenProvider = TokenProvider.CreateWindowsTokenProvider(new List<Uri>() { rootAddressManagement }); 
var namespaceManager = new NamespaceManager(rootAddressManagement, 
    new NamespaceManagerSettings() 
    { 
     TokenProvider = tokenProvider 
    }); 
var factory = MessagingFactory.Create(rootAddressRuntime, 
    new MessagingFactorySettings() 
    { 
     TokenProvider = tokenProvider, 
     //OperationTimeout = TimeSpan.FromMinutes(30) 
    }); 

if (!namespaceManager.QueueExists("OrderQueue")) <-- EXCEPTION OCCURRS HERE 
{ 
    // Code to create a queue that is never reached. 
} 

我的異常跟蹤看起來是這樣的：

[Microsoft.ServiceBus.Messaging.ServiceBusResourceOperations+GetAsyncResult`1[[Microsoft.ServiceBus.Messaging.QueueDescription, Microsoft.ServiceBus, Version=1.6.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35]]] IteratorAsyncResult failed to move to the next step due to an exception; System.UnauthorizedAccessException: The token provider was unable to provide a security token while accessing 'https://107.23.15.5:4446/APIHealthcare/$STS/Windows/'. Token provider returned message: 'The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel.'. ---> System.IdentityModel.Tokens.SecurityTokenException: The token provider was unable to provide a security token while accessing 'https://107.23.15.5:4446/APIHealthcare/$STS/Windows/'. Token provider returned message: 'The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel.'. ---> System.Net.WebException: The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel. ---> System.Security.Authentication.AuthenticationException: The remote certificate is invalid according to the validation procedure. 
    at System.Net.Security.SslState.StartSendAuthResetSignal(ProtocolToken message, AsyncProtocolRequest asyncRequest, Exception exception) 
    at System.Net.Security.SslState.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest) 
    at System.Net.Security.SslState.ProcessReceivedBlob(Byte[] buffer, Int32 count, AsyncProtocolRequest asyncRequest) 
    at System.Net.Security.SslState.StartReceiveBlob(Byte[] buffer, AsyncProtocolRequest asyncRequest) 
    at System.Net.Security.SslState.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest) 
    at System.Net.Security.SslState.ProcessReceivedBlob(Byte[] buffer, Int32 count, AsyncProtocolRequest asyncRequest) 
    at System.Net.Security.SslState.StartReceiveBlob(Byte[] buffer, AsyncProtocolRequest asyncRequest) 
    at System.Net.Security.SslState.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest) 
    at System.Net.Security.SslState.ProcessReceivedBlob(Byte[] buffer, Int32 count, AsyncProtocolRequest asyncRequest) 
    at System.Net.Security.SslState.StartReceiveBlob(Byte[] buffer, AsyncProtocolRequest asyncRequest) 
    at System.Net.Security.SslState.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest) 
    at System.Net.Security.SslState.ForceAuthentication(Boolean receiveFirst, Byte[] buffer, AsyncProtocolRequest asyncRequest) 
    at System.Net.Security.SslState.ProcessAuthentication(LazyAsyncResult lazyResult) 
    at System.Threading.ExecutionContext.RunInternal(ExecutionContext executionContext, ContextCallback callback, Object state, Boolean preserveSyncCtx) 
    at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state, Boolean preserveSyncCtx) 
    at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state) 
    at System.Net.TlsStream.ProcessAuthentication(LazyAsyncResult result) 
    at System.Net.TlsStream.Write(Byte[] buffer, Int32 offset, Int32 size) 
    at System.Net.PooledStream.Write(Byte[] buffer, Int32 offset, Int32 size) 
    at System.Net.ConnectStream.WriteHeaders(Boolean async) 
    --- End of inner exception stack trace --- 
    at System.Net.HttpWebRequest.GetRequestStream(TransportContext& context) 
    at System.Net.HttpWebRequest.GetRequestStream() 
    at Microsoft.ServiceBus.TokenProviderHelper.GetWindowsAccessTokenCore(IEnumerator`1 stsUris, Func`2 uriBuilder, String requestToken, TimeSpan timeout, DateTime& expiresIn) 
    --- End of inner exception stack trace --- 
    at Microsoft.ServiceBus.TokenProviderHelper.ThrowException(Uri requestUri, WebException exception) 
    at Microsoft.ServiceBus.TokenProviderHelper.GetWindowsAccessTokenCore(IEnumerator`1 stsUris, Func`2 uriBuilder, String requestToken, TimeSpan timeout, DateTime& expiresIn) 
    at Microsoft.ServiceBus.WindowsTokenProvider.OnBeginGetWebToken(String appliesTo, String action, TimeSpan timeout, AsyncCallback callback, Object state) 
    at Microsoft.ServiceBus.TokenProvider.GetWebTokenAsyncResult..ctor(TokenProvider tokenProvider, String appliesTo, String action, Boolean bypassCache, TimeSpan timeout, AsyncCallback callback, Object state) 
    at Microsoft.ServiceBus.TokenProvider.BeginGetWebToken(String appliesTo, String action, Boolean bypassCache, TimeSpan timeout, AsyncCallback callback, Object state) 
    at Microsoft.ServiceBus.TokenProviderUtility.GetMessagingWebToken(ITokenProvider tokenProvider, String appliesTo, String action, Boolean bypassCache, TimeSpan timeout) 
    --- End of inner exception stack trace --- 
    at Microsoft.ServiceBus.TokenProviderUtility.GetMessagingWebToken(ITokenProvider tokenProvider, String appliesTo, String action, Boolean bypassCache, TimeSpan timeout) 
    at Microsoft.ServiceBus.Messaging.HttpWebRequestExtensions.AddAuthorizationHeader(HttpWebRequest request, ITokenProvider tokenProvider, Uri baseAddress, String action) 
    at Microsoft.ServiceBus.Messaging.ServiceBusResourceOperations.GetAsyncResult`1.<GetAsyncSteps>d__c.MoveNext() 
    at Microsoft.ServiceBus.Messaging.IteratorAsyncResult`1.MoveNextStep() 
A first chance exception of type 'System.UnauthorizedAccessException' occurred in Microsoft.ServiceBus.dll 
System.UnauthorizedAccessException: The token provider was unable to provide a security token while accessing 'https://107.23.15.5:4446/APIHealthcare/$STS/Windows/'. Token provider returned message: 'The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel.'. ---> System.IdentityModel.Tokens.SecurityTokenException: The token provider was unable to provide a security token while accessing 'https://107.23.15.5:4446/APIHealthcare/$STS/Windows/'. Token provider returned message: 'The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel.'. ---> System.Net.WebException: The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel. ---> System.Security.Authentication.AuthenticationException: The remote certificate is invalid according to the validation procedure. 
    at System.Net.Security.SslState.StartSendAuthResetSignal(ProtocolToken message, AsyncProtocolRequest asyncRequest, Exception exception) 
    at System.Net.Security.SslState.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest) 
    at System.Net.Security.SslState.ProcessReceivedBlob(Byte[] buffer, Int32 count, AsyncProtocolRequest asyncRequest) 
    at System.Net.Security.SslState.StartReceiveBlob(Byte[] buffer, AsyncProtocolRequest asyncRequest) 
    at System.Net.Security.SslState.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest) 
    at System.Net.Security.SslState.ProcessReceivedBlob(Byte[] buffer, Int32 count, AsyncProtocolRequest asyncRequest) 
    at System.Net.Security.SslState.StartReceiveBlob(Byte[] buffer, AsyncProtocolRequest asyncRequest) 
    at System.Net.Security.SslState.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest) 
    at System.Net.Security.SslState.ProcessReceivedBlob(Byte[] buffer, Int32 count, AsyncProtocolRequest asyncRequest) 
    at System.Net.Security.SslState.StartReceiveBlob(Byte[] buffer, AsyncProtocolRequest asyncRequest) 
    at System.Net.Security.SslState.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest) 
    at System.Net.Security.SslState.ForceAuthentication(Boolean receiveFirst, Byte[] buffer, AsyncProtocolRequest asyncRequest) 
    at System.Net.Security.SslState.ProcessAuthentication(LazyAsyncResult lazyResult) 
    at System.Threading.ExecutionContext.RunInternal(ExecutionContext executionContext, ContextCallback callback, Object state, Boolean preserveSyncCtx) 
    at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state, Boolean preserveSyncCtx) 
    at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state) 
    at System.Net.TlsStream.ProcessAuthentication(LazyAsyncResult result) 
    at System.Net.TlsStream.Write(Byte[] buffer, Int32 offset, Int32 size) 
    at System.Net.PooledStream.Write(Byte[] buffer, Int32 offset, Int32 size) 
    at System.Net.ConnectStream.WriteHeaders(Boolean async) 
    --- End of inner exception stack trace --- 
    at System.Net.HttpWebRequest.GetRequestStream(TransportContext& context) 
    at System.Net.HttpWebRequest.GetRequestStream() 
    at Microsoft.ServiceBus.TokenProviderHelper.GetWindowsAccessTokenCore(IEnumerator`1 stsUris, Func`2 uriBuilder, String requestToken, TimeSpan timeout, DateTime& expiresIn) 
    --- End of inner exception stack trace --- 
    at Microsoft.ServiceBus.TokenProviderHelper.ThrowException(Uri requestUri, WebException exception) 
    at Microsoft.ServiceBus.TokenProviderHelper.GetWindowsAccessTokenCore(IEnumerator`1 stsUris, Func`2 uriBuilder, String requestToken, TimeSpan timeout, DateTime& expiresIn) 
    at Microsoft.ServiceBus.WindowsTokenProvider.OnBeginGetWebToken(String appliesTo, String action, TimeSpan timeout, AsyncCallback callback, Object state) 
    at Microsoft.ServiceBus.TokenProvider.GetWebTokenAsyncResult..ctor(TokenProvider tokenProvider, String appliesTo, String action, Boolean bypassCache, TimeSpan timeout, AsyncCallback callback, Object state) 
    at Microsoft.ServiceBus.TokenProvider.BeginGetWebToken(String appliesTo, String action, Boolean bypassCache, TimeSpan timeout, AsyncCallback callback, Object state) 
    at Microsoft.ServiceBus.TokenProviderUtility.GetMessagingWebToken(ITokenProvider tokenProvider, String appliesTo, String action, Boolean bypassCache, TimeSpan timeout) 
    --- End of inner exception stack trace --- 

Server stack trace: 
    at Microsoft.ServiceBus.TokenProviderUtility.GetMessagingWebToken(ITokenProvider tokenProvider, String appliesTo, String action, Boolean bypassCache, TimeSpan timeout) 
    at Microsoft.ServiceBus.Messaging.HttpWebRequestExtensions.AddAuthorizationHeader(HttpWebRequest request, ITokenProvider tokenProvider, Uri baseAddress, String action) 
    at Microsoft.ServiceBus.Messaging.ServiceBusResourceOperations.GetAsyncResult`1.<GetAsyncSteps>d__c.MoveNext() 
    at Microsoft.ServiceBus.Messaging.IteratorAsyncResult`1.MoveNextStep() 
    at Microsoft.ServiceBus.Messaging.IteratorAsyncResult`1.EnumerateSteps(CurrentThreadType state) 
    at Microsoft.ServiceBus.Messaging.IteratorAsyncResult`1.Start() 

Exception rethrown at [0]: 
    at Microsoft.ServiceBus.Common.AsyncResult.End[TAsyncResult](IAsyncResult result) 
    at Microsoft.ServiceBus.Messaging.IteratorAsyncResult`1.End(IAsyncResult asyncResult) 
    at Microsoft.ServiceBus.Messaging.ServiceBusResourceOperations.EndGet[TEntityDescription](IAsyncResult asyncResult) 
    at Microsoft.ServiceBus.NamespaceManager.OnEndQueueExists(IAsyncResult result) 
    at Microsoft.ServiceBus.NamespaceManager.EndQueueExists(IAsyncResult result) 
    at Microsoft.ServiceBus.NamespaceManager.QueueExists(String path) 
    at ServiceBusSandbox.ServiceBusSampleApp.CreateAQueue(NamespaceManager namespaceManager) in c:\Users\cent049\Documents\Visual Studio 2012\Projects\ServiceBusSandbox\ServiceBusSandbox\ServiceBusSampleApp.cs:line 15 
    at ServiceBusSandbox.ServiceBusSampleApp.Main(String[] args) in c:\Users\cent049\DocumentThe thread 'vshost.RunParkingWindow' (0x2608) has exited with code 0 (0x0). 

我有一種預感，這個問題是，我使用的IP地址連接虛擬機，而不是FQDN，但是我不知道如何確認，也不知道如何爲我的AWS服務器獲取域名。服務器有一個機器名稱，但只是在工作組「WORKGROUP」上，而不是在域上。

任何和所有的幫助將不勝感激。

Answer 1

使用CreateOAuthTokenProvider而不是CreateWindowsTokenProvider。

1. 首先，您需要在機器上創建一個帳戶：rootAddressManagement。
2. 將新創建的帳戶添加爲名稱空間的管理用戶。 Set-SBNamespace -Name「YourNamespace」 - 管理您的用戶
3. 由於您使用的是IP地址，請在對SB進行任何調用之前添加證書驗證碼。 ServicePointManager.ServerCertificateValidationCallback = new RemoteCertificateValidationCallback（（s，cert，chain，ssl）=> {return true;}）;第三，使用TokenProvider.CreateOAuthTokenProvider（new List（）{rootAddressManagement}，new NetworkCredential（「YouUser」，「YouPassword」））;第二步，使用TokenProvider.CreateOAuthTokenProvider

注：不指定機器名作爲YourUser

Answer 2

是的，你的預感是正確的一部分。您遇到此問題是因爲服務器使用的證書頒發給機器的FQDN，並且使用IP會導致證書名稱不匹配。

短期，您可以解決此通過使用CertificateValidation回調忽略錯誤： http://msdn.microsoft.com/en-us/library/system.net.servicepointmanager.servercertificatevalidationcallback.aspx

從長遠來看，你可能要檢查如何讓虛擬機的面向外部的名稱，並使用與此相符的證書。

Answer 3

我陷入了同樣的錯誤。我遵循了第二篇文章中描述的步驟。但最終以 結束「這讓我更進了一步。我的應用程序確實連接並創建了隊列，但嘗試將消息放入隊列時失敗。我現在得到的消息是：System.IdentityModel.Tokens.SecurityTokenValidationException：X.509證書CN = MACHINE_NAME不在受信任的人員存儲區中。 X.509證書CN = MACHINE_NAME連鎖建築失敗。使用的證書具有無法驗證的信任鏈。替換證書或更改certificateValidationMode。吊銷功能無法檢查吊銷證書「。

Answer 4

我得到了一個壞消息和一個好消息。 壞消息頭被埋使用microsoft.servicebus.dll方法發送消息。 對於我來說，我不能使用Microsoft windows.servicebus.dll連接窗口服務總線。當我tryed送我被困在SendMessage函數操作並且不可能繼續超越該點的消息。 我懷疑的問題是 Publish to Azure Service Bus over http behind proxy 是在當前版本中的一個錯誤。

好消息是我設法使用rest API來完成所有的服務總線操作。

首先是使用microsft提供的以下代碼示例獲取身份驗證令牌。

http://msdn.microsoft.com/en-us/library/windowsazure/jj193003%28v=azure.10%29.aspx

一旦u得到操作的令牌休息（創建闕，發送郵件，recive消息）是相同的Windows Azure服務總線。請參閱有關服務總線操作的Microsoft文檔的詳細信息。

http://msdn.microsoft.com/en-us/library/windowsazure/hh690927.aspx 希望這對您有所幫助。 謝謝。