5
我使用客戶端證書身份驗證提供了.p12文件以通過SSL連接到Web服務。我使用cURL成功地在PHP中工作。這是我使用的選項執行的請求時:使用客戶端證書身份驗證連接到Web服務
$headers = array(
'Method: POST',
'Connection: Keep-Alive',
'User-Agent: PHP-SOAP-CURL',
'Content-Type: text/xml; charset=utf-8',
'SOAPAction: "'.$action.'"',
);
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $location);
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, $request);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, FALSE);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, FALSE);
curl_setopt($ch, CURLOPT_FAILONERROR, 1);
curl_setopt($ch, CURLOPT_SSLCERT, $this->clientcert);
curl_setopt($ch, CURLOPT_SSLKEYTYPE, $this->clientcerttype);
curl_setopt($ch, CURLOPT_SSLKEY, $this->keyfile);
curl_setopt($ch, CURLOPT_SSLKEYPASSWD, $this->keypassword);
curl_setopt($ch, CURLOPT_SSLVERSION, 3);
$response = curl_exec($ch);
現在我想用C#和.NET做同樣的任務,但我不斷收到錯誤「無法爲SSL建立安全通道/ TLS with authority':'。「。
我似乎沒有找到密鑰的問題,並且似乎沒有任何信任問題。儘管如此,還是有一些事情是不對的,沿線的某個地方。
我已經做了一個測試程序,只是爲了讓我可以測試一個基本的調用將起作用。
public void StartviaWSHttp()
{
var binding = new WSHttpBinding();
binding.Security.Mode = SecurityMode.Transport;
binding.Security.Transport.ClientCredentialType = HttpClientCredentialType.None;
binding.Security.Message.NegotiateServiceCredential = false;
binding.Security.Message.ClientCredentialType = MessageCredentialType.None;
var baseAddress = new Uri("https://<host>:<port>/LineEndpoint1");
var endpointAddress = new EndpointAddress(baseAddress);
var client = new LinePortTypeClient(binding, endpointAddress);
client.ClientCredentials.ClientCertificate.SetCertificate(StoreLocation.CurrentUser, StoreName.My, X509FindType.FindBySerialNumber, "00d48a233bf4b77523");
Debug.Assert(client.ClientCredentials.ClientCertificate.Certificate.SerialNumber.ToLower() == "00d48a233bf4b77523");
var header = new ctSoapHeaderMsg();
var response = new object();
client.Open();
var responseCode = client.PerformFunction(ref header, "0893411111", out response);
client.Close();
Console.WriteLine("Response Code :" + responseCode);
Console.WriteLine("Response :" + response);
}
當我在當前用戶的個人/證書中查看證書時,它不報告有關信任的任何問題。在證書信息中,它表示該證書旨在用於以下目的:所有頒發策略和所有應用程序策略。認證路徑只有一個條目,並且證書狀態報告「此證書正常」。
我對這個問題感到不知所措。也許是信任問題,因爲我的PEER和HOST驗證關閉了PHP調用。我不確定這是否是C#的選項。
更新:(2013 8月9日) 我設立了System.Net和System.Net.Socket一些詳細的跟蹤。這是輸出的開始。
System.Net Verbose: 0 : [16124] WebRequest::Create(https://dsl-wholesale-testing.iinet.net.au:50500/LineEndpoint1)
System.Net Verbose: 0 : [16124] HttpWebRequest#58508234::HttpWebRequest(https://dsl-wholesale-testing.iinet.net.au:50500/LineEndpoint1#128335743)
System.Net Information: 0 : [16124] Current OS installation type is 'Client'.
System.Net Information: 0 : [16124] RAS supported: True
System.Net Verbose: 0 : [16124] Exiting HttpWebRequest#58508234::HttpWebRequest()
System.Net Verbose: 0 : [16124] Exiting WebRequest::Create() -> HttpWebRequest#58508234
System.Net Verbose: 0 : [16124] ServicePoint#36898364::ServicePoint(dsl-wholesale-testing.iinet.net.au:50500)
System.Net Information: 0 : [16124] Associating HttpWebRequest#58508234 with ServicePoint#36898364
System.Net Verbose: 0 : [16124] HttpWebRequest#58508234::GetRequestStream()
System.Net Information: 0 : [16124] Associating Connection#47995487 with HttpWebRequest#58508234
System.Net.Sockets Verbose: 0 : [16124] Socket#31002555::Socket(AddressFamily#2)
System.Net.Sockets Verbose: 0 : [16124] Exiting Socket#31002555::Socket()
System.Net.Sockets Verbose: 0 : [16124] Socket#6243847::Socket(AddressFamily#23)
System.Net.Sockets Verbose: 0 : [16124] Exiting Socket#6243847::Socket()
System.Net.Sockets Verbose: 0 : [16124] DNS::TryInternalResolve(dsl-wholesale-testing.iinet.net.au)
System.Net.Sockets Verbose: 0 : [16124] Socket#31002555::Connect(203.173.51.130:50500#-2110560113)
System.Net.Sockets Information: 0 : [16124] Socket#31002555 - Created connection from 192.168.190.202:55397 to 203.173.51.130:50500.
System.Net.Sockets Verbose: 0 : [16124] Exiting Socket#31002555::Connect()
System.Net.Sockets Verbose: 0 : [16124] Socket#6243847::Close()
System.Net.Sockets Verbose: 0 : [16124] Socket#6243847::Dispose()
System.Net.Sockets Verbose: 0 : [16124] Exiting Socket#6243847::Close()
System.Net Information: 0 : [16124] Connection#47995487 - Created connection from 192.168.190.202:55397 to 203.173.51.130:50500.
System.Net Information: 0 : [16124] TlsStream#29695768::.ctor(host=dsl-wholesale-testing.iinet.net.au, #certs=0)
System.Net Information: 0 : [16124] Associating HttpWebRequest#58508234 with ConnectStream#25001628
System.Net Verbose: 0 : [16124] Exiting HttpWebRequest#58508234::GetRequestStream() -> ConnectStream#25001628
System.Net Verbose: 0 : [16124] ConnectStream#25001628::Write()
System.Net Verbose: 0 : [16124] Data from ConnectStream#25001628::Write
System.Net Verbose: 0 : [16124] (printing 1024 out of 1206)
System.Net Verbose: 0 : [16124] 00000000 : 3C 73 3A 45 6E 76 65 6C-6F 70 65 20 78 6D 6C 6E : <s:Envelope xmln
線System.Net Information: 0 : [16124] TlsStream#29695768::.ctor(host=dsl-wholesale-testing.iinet.net.au, #certs=0)表明,沒有證書都被接走了使用,即使我已經附加證書到client.ClientCredentials.ClientCertificate,但我不知道爲什麼發生這種情況或如何讓它堅持下去。該證書的任何屬性必須與我連接的主機名相匹配嗎?
有趣。我使用完全相同的代碼和跟蹤中的相同TLS證書#0獲得完全相同的錯誤,但我確信服務器確實支持TLS 1.2。我不知道該怎麼做。 – ajeh
System.Net.ServicePointManager.SecurityProtocol是一個標誌,因此您可以通過按位或指定其他SecurityProtocolType。如果你只有Ss13,那麼任何Tls都會被忽略(假設你指的是C#代碼,而不是PHP Curl)。 – Reuben
Web服務綁定的安全元素需要一個附加元素''這是缺少的。添加它,一切工作。 –
ajeh