我正在構建一個使用vb.net的web服務客戶端。 Web服務使用ssl,基本身份驗證進行安全保護,並且還需要客戶端證書。因此,我創建在Visual Studio的Web引用和提供的憑據:如何使用客戶端證書/相互認證來調用Web服務?
Dim cred As New System.Net.NetworkCredential("usr", "passwd")
Dim proxy As New SimpleFromLocal.simple
proxy.Credentials = cred
Console.WriteLine(proxy.helloWorld())
可正常工作,只要我關掉相互認證在服務器端。 我說像這樣的客戶端證書:
Dim cert As X509Certificate = X509Certificate.CreateFromCertFile(certFile)
proxy.ClientCertificates.Add(cert)
證書加載,但Web服務調用失敗。我可以發佈例外情況,但它是用德語發佈的,這本身就是一個問題。它基本上說:驗證失敗,因爲遠程站點關閉了連接。 我試着調試服務器端的ssl握手,看起來客戶端證書沒有被傳輸。
那麼我在這裏錯過了什麼?是否需要在本地機器上安裝客戶端證書?
編輯:引發的錯誤:
System.Net.WebException: The underlying connection was closed: An unexpected error occurred on a send. --->
System.IO.IOException: Authentication failed because the remote party has closed the transport stream.
at System.Net.Security.SslState.StartReadFrame(Byte[] buffer, Int32 readBytes, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.StartReceiveBlob(Byte[] buffer, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.CheckCompletionBeforeNextReceive(ProtocolToken message, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.ProcessReceivedBlob(Byte[] buffer, Int32 count, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.StartReadFrame(Byte[] buffer, Int32 readBytes, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.StartReceiveBlob(Byte[] buffer, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.CheckCompletionBeforeNextReceive(ProtocolToken message, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.ForceAuthentication(Boolean receiveFirst, Byte[] buffer, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.ProcessAuthentication(LazyAsyncResult lazyResult)
at System.Net.TlsStream.CallProcessAuthentication(Object state)
at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state)
at System.Net.TlsStream.ProcessAuthentication(LazyAsyncResult result)
at System.Net.TlsStream.Write(Byte[] buffer, Int32 offset, Int32 size)
at System.Net.PooledStream.Write(Byte[] buffer, Int32 offset, Int32 size)
at System.Net.ConnectStream.WriteHeaders(Boolean async)
--- End of inner exception stack trace ---
at System.Web.Services.Protocols.WebClientProtocol.GetWebResponse(WebRequest request)
at System.Web.Services.Protocols.HttpWebClientProtocol.GetWebResponse(WebRequest request)
at System.Web.Services.Protocols.SoapHttpClientProtocol.Invoke(String methodName, Object[] parameters)
at CCClient.SimpleFromLocal.simple.helloWorld() in C:\TP\CCClient\CCClient\Web References\SimpleFromLocal\Reference.vb:Zeile 90.
at CCClient.Module1.clientWithProxy(NetworkCredential cred, String certFile)
in C:\TP\CCClient\CCClient\Module1.vb:Zeile 53.
在.NET中,有時需要指定握手 System.Net.ServicePointManager.SecurityProtocol = System.Net.SecurityProtocolType.Ssl3; //使用SSL3避免握手問題 – 2016-09-26 01:45:16