我有WCF服務,是設置爲使用服務器和客戶端證書是這樣的:無法建立安全通道的SSL/TLS
ServiceHostFactory.CreateService<MyAppClientService>($"https://localhost:{serverSettings.SmartCardSSLPort}/MyApp5Service/Sll")
.UseProtobuf()
.AddServiceBehavior(new CustomServiceBehavior_ClientService())
.AddAuthorizationPolicy(new CustomAuthorizationPolicy_ClientService())
.UseSecureConnection(environmentSettings.SecureConnection)
.UseThrottling()
.Start(EndpointService.CreateNetHttpsBinding(true));
await ServiceHandler.RegisterClientServiceToConsul(MyAppServices.ClientServer_Smartcard, serverSettings.SmartCardSSLPort);
public ServiceHostBuilder<T> UseSecureConnection(SecureConnectionSettings settings)
{
if (settings != null && settings.Enabled)
{
Console.WriteLine("Setting certificates");
X509Store store = new X509Store(settings.CertificateStore, settings.CertificateLocation);
store.Open(OpenFlags.ReadOnly);
X509Certificate2Collection certs = store.Certificates.Find(X509FindType.FindByThumbprint, settings.Thumbprint, true);
store.Close();
if (certs.Count > 0)
{
_serviceHost.Credentials.ServiceCertificate.SetCertificate(settings.CertificateLocation,
settings.CertificateStore, X509FindType.FindByThumbprint, settings.Thumbprint);
}
else
throw new Exception("Could not find certificate with thumbprint " + settings.Thumbprint);
}
return this;
}
public static NetHttpsBinding CreateNetHttpsBinding(bool requiredClientCertificate = false)
{
var binding = new NetHttpsBinding();
SetBindingSettings(binding);
binding.Security = new BasicHttpsSecurity();
binding.Security.Mode = BasicHttpsSecurityMode.Transport;
binding.Security.Transport = new HttpTransportSecurity();
if (requiredClientCertificate)
binding.Security.Transport.ClientCredentialType = HttpClientCredentialType.Certificate;
else
binding.Security.Transport.ClientCredentialType = HttpClientCredentialType.None;
return binding;
}
客戶端創建這樣的通道:
private async Task<ChannelFactory<T>> CreateChannelFactory(LoginTypeBase loginType, OrbitToken token)
{
var service = await _ConsulService.GetServiceBlocking(loginType.OrbitServicesToUse, forceRefresh: true, token: new CancellationTokenSource(TimeSpan.FromSeconds(30)).Token);
if (service == null)
throw new OrbitServiceCommunicationException();
var cert = loginType.ClientCertificate;
var uri = loginType.GetOrbitClientServiceURL(service.Address, service.Port);
var header = AddressHeader.CreateAddressHeader(nameof(OrbitToken), nameof(OrbitToken), token);
var endpointAddress = new EndpointAddress(uri, header);
ServiceEndpoint serviceEndpoint = null;
if (loginType.LoginType == LoginType.SmartCard || loginType.LoginType == LoginType.UsernamePasswordSLL)
{
var binding = new NetHttpsBinding("netHttpsBinding");
binding.Security.Mode = BasicHttpsSecurityMode.Transport;
if (loginType.LoginType == LoginType.SmartCard)
binding.Security.Transport.ClientCredentialType = HttpClientCredentialType.Certificate;
else
binding.Security.Transport.ClientCredentialType = HttpClientCredentialType.None;
serviceEndpoint = new ServiceEndpoint(ContractDescription.GetContract(typeof(T)), binding, endpointAddress);
}
else
{
var binding = new NetHttpBinding("netHttpBinding");
serviceEndpoint = new ServiceEndpoint(ContractDescription.GetContract(typeof(T)), binding, endpointAddress);
}
serviceEndpoint.EndpointBehaviors.Add(new ProtoEndpointBehavior());
serviceEndpoint.EndpointBehaviors.Add(new CustomMessageInspectorBehavior());
var v = new ChannelFactory<T>(serviceEndpoint);
if (loginType.LoginType == LoginType.SmartCard)
{
v.Credentials.ClientCertificate.Certificate = cert;
//v.Credentials.ClientCertificate.SetCertificate(StoreLocation.CurrentUser, StoreName.My, X509FindType.FindByThumbprint, cert.Thumbprint);
}
return v;
}
當智能卡插入閱讀器時,第三方程序會將證書從這張卡複製到當地商店。
我的應用程序將捕獲此更改並將其中一個證書用作客戶端證書。
上面的代碼第一次正常工作。當客戶對服務進行第一次呼叫時,第三方程序將詢問用戶的密碼,如果這是有效的,則通信繼續。
問題是,如果我刪除智能卡,然後將其放回,當服務的下一次調用完成時,我將獲得SSL/TLS?此時我沒有創建一個新的頻道,而是使用與我之前移除卡片相同的頻道。
.NET中是否有這樣的事情發生,或者是我的第三方軟件阻止了我?也許我必須在證書刪除後重新創建一個新頻道?
這是例外,我得到的一個例子:
System.ServiceModel.Security.SecurityNegotiationException:無法 建立安全通道的SSL/TLS權威 '139.107.245.141:44310'。 ---> System.Net.WebException:請求是 中止:無法創建SSL/TLS安全通道。在 Ç System.Net.HttpWebRequest.EndGetResponse(IAsyncResult的asyncResult)
在 System.ServiceModel.Channels.HttpChannelFactory orgEnhetList,列表1 tooltipKeys, List
1 userItems):\ MYAPP \ Produkter \ MYAPP Utveckling \解\ MYAPP .Client.Main \類\服務 管理\服務代理\ AkutlistanAgent.cs:線88在 Myapp.Client.Main.GUI.Akutlista.ucAkutLista.buildGrid()在 C:\ MYAPP \ Produkter \ MYAPP Utveckling \ Solution \ Myapp.Client.Main \ GUI \ Akutlista \ ucAkutLista.cs:line 550 at Myapp.Client.Main.GUI.Akutlista.ucAkutLista.SetArbetsstalle(List organisationsEnhetList,List`1 prioriteringsGruppList)在 C:\ MYAPP \ Produkter \ MYAPP Utveckling \解\ Myapp.Client.Main \ GUI \ Akutlista \ ucAkutLista.cs:線 1731在Myapp.Client.Main.GUI .Akutlista.ucAkutLista.LoadControl() 在C:\ MYAPP \ Produkter \ MYAPP Utveckling \解\ Myapp.Client.Main \ GUI \ Akutlista \ ucAkutLista.cs:線 395在 Myapp.Client.Main.GUI。 Planering.ucOversiktsTabControl.loadPage()在 C:\ MYAPP \ Produkter \ MYAPP Utveckling \解\ Myapp.Client.Main \ GUI \ Planering \ ucOversiktsTabControl.cs:線 703在 Myapp.Client.Main.GUI.Planering .ucOversiktsTabControl..ctor() C:\ Myapp \ Produkter \ Myapp Utveckling \ Solution \ Myapp.Client.Main \ GUI \ Planering \ ucOversiktsTabControl.cs:line 68 at Myapp.Client.Main.GUI.Planering.frmPlaneringsOversikt。的InitializeComponent() C:\對myApp \產品\對myApp 發展\解\ Myapp.Client.Main \ GUI \規劃器\ frmPlaneringsOversikt.Designer.cs:線180在 Myapp.Client.Main.GUI.Planering.frmPlaneringsOversikt ..ctor() 到C:\對myApp \產品\對myApp 發展\解\ Myapp.Client.Main \ GUI \規劃器\ frmPlaneringsOversikt.cs:線147在 Myapp.Client.Main.GUI.Planering.frmPlaneringsOversikt .OpenForm() 到C:\對myApp \產品\對myApp 發展\解\ Myapp.Client.Main \ GUI \規劃器\ frmPlaneringsOversikt.cs:在Myapp.Client.Main.GUI.frmMainMyapp.OpenPlaningOverview 線112() 到C:\對myApp \產品\對myApp發展\解決方案\ Myapp.Client.Main \ GUI \ frmMainMyapp.cs:行2265
在Myapp.Client.Main.GUI.frmMainMyapp.navBarItemPlanering_LinkClicked(對象 發件人,NavBarLinkEventArgs E)C:\對myApp \產品\對myApp 發展\解\ Myapp.Client.Main \ GUI \ frmMainMyapp.cs:線619
在DevExpress.XtraNavBar.NavBarItem.RaiseLinkEvent(對象鏈接事件, NavBarItemLink鏈路)在 DevExpress.XtraNavBar.NavBarItem.RaiseLinkClicked(NavBarItemLink鏈路)在 DevExpress.XtraNavBar.NavBarItem.RaiseLinkClickedCore(NavBarItemLink 鏈路)在 DevExpress.XtraNavBar.NavBarControl.RaiseLinkClicked(NavBarItemL墨 鏈接)在 DevExpress.XtraNavBar.ViewInfo.NavBarViewInfo.DoLinkClick(NavBarHitInfo hitInfo)在 DevExpress.XtraNavBar.ViewInfo.NavBarViewInfo.DoClick(NavBarHitInfo hitInfo)在 DevExpress.XtraNavBar.ViewInfo.NavigationPaneViewInfo.DoClick(NavBarHitInfo hitInfo)在 DevExpress.XtraNavBar.ViewInfo.NavBarViewInfo.OnMouseUp(在在System.Windows.Forms.Control.WmMouseUp DevExpress.XtraNavBar.NavBarControl.OnMouseUp(MouseEventArgs EV)MouseEventArgs E)(消息&米, 鼠標按鈕按鈕, INT32點擊)在 System.Windows.Forms.Control.WndProc(消息&米)在 DevExpress.XtraNavBar.NavBarControl.WndProc(消息& m)上 System.Windows.Forms.Control.ControlNativeWindow.OnMessage(消息&米) 在System.Windows.Forms.Control.ControlNativeWindow.WndProc(消息& 米)在System.Windows.Forms.NativeWindow.Callback(IntPtr的的HWND,的Int32 味精,IntPtr的的wParam,lParam中的IntPtr)
編輯:我有一個關於MS的WinInet尖可能會問的問題,克服它,我需要重新啓動應用程序或以某種方式復位MS WinInet的?
也許這是becouse MS的WinInet? – Banshee