使用證書認證訪問Web服務和HTTP接口

Question

這是我第一次使用證書認證。 商業合作伙伴公開兩種服務，即XML Web服務和HTTP服務。我必須使用.NET客戶端訪問它們。

我已經試過

0設置

我已經安裝了SSLCACertificates（根和兩個中間）的環境和我的本地機器的客戶證書（勝7專業）使用certmgr.exe。

1.對於Web服務

• 我有客戶證書（DER）。
• 該服務將通過.NET代理服務器消耗。

下面的代碼：

OrderWSService proxy = new OrderWSService(); 
string CertFile = "ClientCert_DER.cer"; 

proxy.ClientCertificates.Add(new System.Security.Cryptography.X509Certificates.X509Certificate(CertFile)); 
orderTrackingTO ot = new orderTrackingTO() { order_id = "80", tracking_id = "82", status = stateOrderType.IN_PREPARATION }; 
resultResponseTO res = proxy.insertOrderTracking(ot); 

異常在最後的陳述報告：The request failed with an empty response。

2.對於HTTP接口

• 它是HTTPS接口I具有通過POST方法來調用。
• 將使用HTTPWebRequest從.NET客戶端發送HTTPS請求。

下面的代碼：

string PostData = "MyPostData"; 

//setting the request 
HttpWebRequest req; 
req = (HttpWebRequest)HttpWebRequest.Create(url); 
req.UserAgent = "MyUserAgent"; 
req.Method = "POST"; 
req.ContentType = "application/x-www-form-urlencoded"; 
req.ClientCertificates.Add(new System.Security.Cryptography.X509Certificates.X509Certificate(CertFile, "MyPassword")); 

//setting the request content 
byte[] byteArray = Encoding.UTF8.GetBytes(PostData); 
Stream dataStream = req.GetRequestStream(); 
dataStream.Write(byteArray, 0, byteArray.Length); 
dataStream.Close(); 

//obtaining the response 
WebResponse res = req.GetResponse(); 
r = new StreamReader(res.GetResponseStream()); 

異常在最後的陳述報告：The request was aborted: Could not create SSL/TLS secure channel。

3.最後一次嘗試：使用瀏覽器

在Chrome中安裝證書後，如果我嘗試訪問這兩個URL我得到一個107錯誤：

Error 107 (net::ERR_SSL_PROTOCOL_ERROR) 

我卡住了。

Answer 1

下面應該可以幫助您確定問題，以下是測試SSL連接的兩種方法，一種是測試站點，另一種是回調方法以確定SSL失敗的原因。如果沒有別的，它應該給你一個更好的想法，爲什麼它失敗。

當調用該方法時，它將彈出選擇證書對話框，顯然，當你這樣做的時候，你會想自動從證書存儲區讀取數據。我之所以這樣做是因爲如果找不到有效的證書，那麼您將知道您的問題與證書的安裝方式有關。

做的最好的事情是把這個代碼在一個簡單的控制檯應用程序：

using System.Security.Cryptography.X509Certificates; 
using System.Net.Security; 
using System.Net; 

private static void CheckSite(string url, string method) 
{ 
    X509Certificate2 cert = null; 
    ServicePointManager.ServerCertificateValidationCallback += ValidateRemoteCertificate; 

    X509Store store = new X509Store(StoreLocation.LocalMachine); 
    store.Open(OpenFlags.ReadOnly | OpenFlags.OpenExistingOnly); 
    X509Certificate2Collection certcollection = (X509Certificate2Collection)store.Certificates; 
    // pick a certificate from the store 
    cert = X509Certificate2UI.SelectFromCollection(certcollection, 
      "Caption", 
      "Message", X509SelectionFlag.SingleSelection)[0]; 

    store.Close(); 

    HttpWebRequest ws = (HttpWebRequest)WebRequest.Create(url); 
    ws.Credentials = CredentialCache.DefaultCredentials; 
    ws.Method = method; 
    if (cert != null) 
     ws.ClientCertificates.Add(cert); 

    using (HttpWebResponse webResponse = (HttpWebResponse)ws.GetResponse()) 
    { 
     using (Stream responseStream = webResponse.GetResponseStream()) 
     { 
      using (StreamReader responseStreamReader = new StreamReader(responseStream, true)) 
      { 
       string response = responseStreamReader.ReadToEnd(); 
       Console.WriteLine(response); 
       responseStreamReader.Close(); 
      } 

      responseStream.Close(); 
     } 
     webResponse.Close(); 
    } 
} 

/// <summary> 
/// Certificate validation callback. 
/// </summary> 
private static bool ValidateRemoteCertificate(object sender, X509Certificate cert, X509Chain chain, SslPolicyErrors error) 
{ 
    // If the certificate is a valid, signed certificate, return true. 
    if (error == System.Net.Security.SslPolicyErrors.None) 
    { 
     return true; 
    } 

    Console.WriteLine("X509Certificate [{0}] Policy Error: '{1}'", 
     cert.Subject, 
     error.ToString()); 

    return false; 
}