【发布时间】:2017-08-21 17:44:38
【问题描述】:
我有设置为使用服务器和客户端证书的 WCF 服务,如下所示:
ServiceHostFactory.CreateService<MyAppClientService>($"https://localhost:{serverSettings.SmartCardSSLPort}/MyApp5Service/Sll")
.UseProtobuf()
.AddServiceBehavior(new CustomServiceBehavior_ClientService())
.AddAuthorizationPolicy(new CustomAuthorizationPolicy_ClientService())
.UseSecureConnection(environmentSettings.SecureConnection)
.UseThrottling()
.Start(EndpointService.CreateNetHttpsBinding(true));
await ServiceHandler.RegisterClientServiceToConsul(MyAppServices.ClientServer_Smartcard, serverSettings.SmartCardSSLPort);
public ServiceHostBuilder<T> UseSecureConnection(SecureConnectionSettings settings)
{
if (settings != null && settings.Enabled)
{
Console.WriteLine("Setting certificates");
X509Store store = new X509Store(settings.CertificateStore, settings.CertificateLocation);
store.Open(OpenFlags.ReadOnly);
X509Certificate2Collection certs = store.Certificates.Find(X509FindType.FindByThumbprint, settings.Thumbprint, true);
store.Close();
if (certs.Count > 0)
{
_serviceHost.Credentials.ServiceCertificate.SetCertificate(settings.CertificateLocation,
settings.CertificateStore, X509FindType.FindByThumbprint, settings.Thumbprint);
}
else
throw new Exception("Could not find certificate with thumbprint " + settings.Thumbprint);
}
return this;
}
public static NetHttpsBinding CreateNetHttpsBinding(bool requiredClientCertificate = false)
{
var binding = new NetHttpsBinding();
SetBindingSettings(binding);
binding.Security = new BasicHttpsSecurity();
binding.Security.Mode = BasicHttpsSecurityMode.Transport;
binding.Security.Transport = new HttpTransportSecurity();
if (requiredClientCertificate)
binding.Security.Transport.ClientCredentialType = HttpClientCredentialType.Certificate;
else
binding.Security.Transport.ClientCredentialType = HttpClientCredentialType.None;
return binding;
}
客户端这样创建频道:
private async Task<ChannelFactory<T>> CreateChannelFactory(LoginTypeBase loginType, OrbitToken token)
{
var service = await _ConsulService.GetServiceBlocking(loginType.OrbitServicesToUse, forceRefresh: true, token: new CancellationTokenSource(TimeSpan.FromSeconds(30)).Token);
if (service == null)
throw new OrbitServiceCommunicationException();
var cert = loginType.ClientCertificate;
var uri = loginType.GetOrbitClientServiceURL(service.Address, service.Port);
var header = AddressHeader.CreateAddressHeader(nameof(OrbitToken), nameof(OrbitToken), token);
var endpointAddress = new EndpointAddress(uri, header);
ServiceEndpoint serviceEndpoint = null;
if (loginType.LoginType == LoginType.SmartCard || loginType.LoginType == LoginType.UsernamePasswordSLL)
{
var binding = new NetHttpsBinding("netHttpsBinding");
binding.Security.Mode = BasicHttpsSecurityMode.Transport;
if (loginType.LoginType == LoginType.SmartCard)
binding.Security.Transport.ClientCredentialType = HttpClientCredentialType.Certificate;
else
binding.Security.Transport.ClientCredentialType = HttpClientCredentialType.None;
serviceEndpoint = new ServiceEndpoint(ContractDescription.GetContract(typeof(T)), binding, endpointAddress);
}
else
{
var binding = new NetHttpBinding("netHttpBinding");
serviceEndpoint = new ServiceEndpoint(ContractDescription.GetContract(typeof(T)), binding, endpointAddress);
}
serviceEndpoint.EndpointBehaviors.Add(new ProtoEndpointBehavior());
serviceEndpoint.EndpointBehaviors.Add(new CustomMessageInspectorBehavior());
var v = new ChannelFactory<T>(serviceEndpoint);
if (loginType.LoginType == LoginType.SmartCard)
{
v.Credentials.ClientCertificate.Certificate = cert;
//v.Credentials.ClientCertificate.SetCertificate(StoreLocation.CurrentUser, StoreName.My, X509FindType.FindByThumbprint, cert.Thumbprint);
}
return v;
}
当智能卡插入读卡器时,第三方程序会将该卡中的证书复制到本地存储中。
我的应用程序将捕获此更改并使用其中一个证书作为客户端证书。
上面的代码第一次运行良好。当客户端第一次调用服务时,第三方程序将询问用户的 pin,如果这是有效的,则通信继续。
问题是,如果我移除智能卡,然后将其放回原处,我会在下一次调用服务完成时获得 SSL/TLS?我此时没有创建新频道,而是使用与我移除卡之前相同的频道。
.NET 中发生了什么,还是我的第三方软件阻止了我?也许我必须在证书被删除然后重新放入后创建一个新频道?
这是我得到的异常示例:
System.ServiceModel.Security.SecurityNegotiationException:不能 为具有权限的 SSL/TLS 建立安全通道 '139.107.245.141:44310'。 ---> System.Net.WebException:请求是 中止:无法创建 SSL/TLS 安全通道。在 System.Net.HttpWebRequest.EndGetResponse(IAsyncResult asyncResult)
在 System.ServiceModel.Channels.HttpChannelFactory1.HttpRequestChannel.HttpChannelAsyncRequest.CompleteGetResponse(IAsyncResult result) --- End of inner exception stack trace --- at MyApp.Client.Main.Classes.Controllers.ErrorHandler.UnwrapAgentException(Exception exception) in C:\MyApp\Produkter\MyApp Utveckling\Solution\MyApp.Client.Main\Classes\Controllers\ErrorHandler.cs:line 35 at MyApp.Client.Main.ServiceManagement.ServiceAgents.AkutlistanAgent.GetAkutListan(List1 orgEnhetList, List1 tooltipKeys, List1 userItems) 在 C:\Myapp\Produkter\Myapp Utveckling\Solution\Myapp.Client.Main\Classes\Service Management\Service Agents\AkutlistanAgent.cs:第 88 行,位于 Myapp.Client.Main.GUI.Akutlista.ucAkutLista.buildGrid() 在 C:\Myapp\Produkter\Myapp Utveckling\Solution\Myapp.Client.Main\GUI\Akutlista\ucAkutLista.cs:line 550 在 Myapp.Client.Main.GUI.Akutlista.ucAkutLista.SetArbetsstalle(List1 orgEnhetList) in C:\Myapp\Produkter\Myapp Utveckling\Solution\Myapp.Client.Main\GUI\Akutlista\ucAkutLista.cs:line 1742 at Myapp.Client.Main.GUI.Akutlista.ucAkutLista.OrgEnhetList_EditValueChanged(Object sender, EventArgs e) in C:\Myapp\Produkter\Myapp Utveckling\Solution\Myapp.Client.Main\GUI\Akutlista\ucAkutLista.cs:line 1828 at System.EventHandler.Invoke(Object sender, EventArgs e)1 组织EnhetList, List`1 priorityeringsGruppList) 在 C:\Myapp\Produkter\Myapp Utveckling\Solution\Myapp.Client.Main\GUI\Akutlista\ucAkutLista.cs:line 1731 在 Myapp.Client.Main.GUI.Akutlista.ucAkutLista.LoadControl() 在 C:\Myapp\Produkter\Myapp Utveckling\Solution\Myapp.Client.Main\GUI\Akutlista\ucAkutLista.cs:line 395 在 Myapp.Client.Main.GUI.Planering.ucOversiktsTabControl.loadPage() 在 C:\Myapp\Produkter\Myapp Utveckling\Solution\Myapp.Client.Main\GUI\Planering\ucOversiktsTabControl.cs:line 703 在 Myapp.Client.Main.GUI.Planering.ucOversiktsTabControl..ctor() 在 C:\Myapp\Produkter\Myapp Utveckling\Solution\Myapp.Client.Main\GUI\Planering\ucOversiktsTabControl.cs:line 68 在 Myapp.Client.Main.GUI.Planering.frmPlaneringsOversikt.InitializeComponent() 在 C:\Myapp\Produkter\Myapp Utveckling\Solution\Myapp.Client.Main\GUI\Planering\frmPlaneringsOversikt.Designer.cs:line 180 在 Myapp.Client.Main.GUI.Planering.frmPlaneringsOversikt..ctor() 在 C:\Myapp\Produkter\Myapp Utveckling\Solution\Myapp.Client.Main\GUI\Planering\frmPlaneringsOversikt.cs:line 147 在 Myapp.Client.Main.GUI.Planering.frmPlaneringsOversikt.OpenForm() 在 C:\Myapp\Produkter\Myapp Utveckling\Solution\Myapp.Client.Main\GUI\Planering\frmPlaneringsOversikt.cs:line 112 在 Myapp.Client.Main.GUI.frmMainMyapp.OpenPlaningOverview() 中 C:\Myapp\Produkter\Myapp Utveckling\Solution\Myapp.Client.Main\GUI\frmMainMyapp.cs:2265 行
at DevExpress.XtraEditors.Repository.RepositoryItem.RaiseEditValueChangedCore(EventArgs e) at DevExpress.XtraEditors.Repository.RepositoryItem.RaiseEditValueChanged(EventArgs e) at DevExpress.XtraEditors.BaseEdit.RaiseEditValueChanged() at DevExpress.XtraEditors.BaseEdit.OnEditValueChanged() at DevExpress.XtraEditors.TextEdit.OnEditValueChanged() at DevExpress.XtraEditors.BaseEdit.OnEditValueChanging(ChangingEventArgs e) at DevExpress.XtraEditors.TextEdit.OnEditValueChanging(ChangingEventArgs e) at DevExpress.XtraEditors.BaseEdit.set_EditValue(Object value)
at Myapp.Client.Main.GUI.Akutlista.ucAkutLista.SetActiveOrganisationEnhet(List
在 Myapp.Client.Main.GUI.frmMainMyapp.navBarItemPlanering_LinkClicked(对象 发件人,NavBarLinkEventArgs e) 在 C:\Myapp\Produkter\Myapp Utveckling\Solution\Myapp.Client.Main\GUI\frmMainMyapp.cs:619 行
在 DevExpress.XtraNavBar.NavBarItem.RaiseLinkEvent(对象链接事件, NavBarItemLink 链接)在 DevExpress.XtraNavBar.NavBarItem.RaiseLinkClicked(NavBarItemLink 链接) 在 DevExpress.XtraNavBar.NavBarItem.RaiseLinkClickedCore(NavBarItemLink 链接)在 DevExpress.XtraNavBar.NavBarControl.RaiseLinkClicked(NavBarItemLink 链接)在 DevExpress.XtraNavBar.ViewInfo.NavBarViewInfo.DoLinkClick(NavBarHitInfo hitInfo) 在 DevExpress.XtraNavBar.ViewInfo.NavBarViewInfo.DoClick(NavBarHitInfo hitInfo) 在 DevExpress.XtraNavBar.ViewInfo.NavigationPaneViewInfo.DoClick(NavBarHitInfo hitInfo) 在 DevExpress.XtraNavBar.ViewInfo.NavBarViewInfo.OnMouseUp(MouseEventArgs e) 在 DevExpress.XtraNavBar.NavBarControl.OnMouseUp(MouseEventArgs ev) 在 System.Windows.Forms.Control.WmMouseUp(Message& m, MouseButtons 按钮,Int32 点击)在 System.Windows.Forms.Control.WndProc(Message& m) 在 DevExpress.XtraNavBar.NavBarControl.WndProc(Message& m) 在 System.Windows.Forms.Control.ControlNativeWindow.OnMessage(消息& m) 在 System.Windows.Forms.Control.ControlNativeWindow.WndProc(消息& m) 在 System.Windows.Forms.NativeWindow.Callback(IntPtr hWnd, Int32 msg, IntPtr wparam, IntPtr lparam)
编辑:我有一个关于 MS WinInet 的提示可能是问题,要解决它我需要重新启动应用程序或以某种方式重置 MS WinInet?
【问题讨论】:
-
这可能是因为 MS WinInet 的原因吗?
标签: c# wcf ssl certificate