【问题标题】:Is this why a WCF SSL Secure Channel is faulting?这就是 WCF SSL 安全通道出错的原因吗?
【发布时间】:2017-11-09 20:45:38
【问题描述】:

我正在支持一个项目,我们最近需要对较新版本的 .Net Framework 进行一系列升级。这在很大程度上取得了成功,但最后一个组件已经存在了非常很长时间。

我们的客户使用 InfoPath 模板来填充信息以供其他用户使用。模板所需的一切都来自我们托管的 WCF Web 服务。我们使用以下代码设置 Web 服务调用。

    private WSHttpBinding CreateBinding()
    {
        var wsHttpBinding = new WSHttpBinding();
        wsHttpBinding.CloseTimeout = TimeSpan.FromMinutes(10);
        wsHttpBinding.OpenTimeout = TimeSpan.FromMinutes(10);
        wsHttpBinding.ReceiveTimeout = TimeSpan.FromMinutes(10);
        wsHttpBinding.SendTimeout = TimeSpan.FromMinutes(10);
        wsHttpBinding.BypassProxyOnLocal = false;
        wsHttpBinding.TransactionFlow = false;
        wsHttpBinding.HostNameComparisonMode = HostNameComparisonMode.StrongWildcard;
        wsHttpBinding.MaxBufferPoolSize = 524288;
        wsHttpBinding.MaxReceivedMessageSize = 2147483647;
        wsHttpBinding.MessageEncoding = WSMessageEncoding.Text;
        wsHttpBinding.TextEncoding = Encoding.UTF8;
        wsHttpBinding.UseDefaultWebProxy = true;
        wsHttpBinding.AllowCookies = false;
        wsHttpBinding.ReaderQuotas.MaxDepth = 32;
        wsHttpBinding.ReaderQuotas.MaxStringContentLength = 2147483647;
        wsHttpBinding.ReaderQuotas.MaxArrayLength = 16384;
        wsHttpBinding.ReaderQuotas.MaxBytesPerRead = 4096;
        wsHttpBinding.ReaderQuotas.MaxNameTableCharCount = 16384;
        wsHttpBinding.ReliableSession.Ordered = true;
        wsHttpBinding.ReliableSession.InactivityTimeout = TimeSpan.FromMinutes(10);
        wsHttpBinding.ReliableSession.Enabled = false;

        wsHttpBinding.Security.Mode = SecurityMode.TransportWithMessageCredential;
        wsHttpBinding.Security.Transport.ClientCredentialType = HttpClientCredentialType.None;
        wsHttpBinding.Security.Transport.ProxyCredentialType = HttpProxyCredentialType.None;
        wsHttpBinding.Security.Transport.Realm = string.Empty;
        wsHttpBinding.Security.Message.ClientCredentialType = MessageCredentialType.UserName;
        wsHttpBinding.Security.Message.NegotiateServiceCredential = false;
        wsHttpBinding.Security.Message.AlgorithmSuite = SecurityAlgorithmSuite.Basic256;

        return wsHttpBinding;

    }

    private EndpointAddress CreateEndPoint()
    {
        X509Store store = new X509Store(StoreName.My, StoreLocation.CurrentUser);
        store.Open(OpenFlags.ReadOnly);
        X509Certificate2 certificate = store.Certificates.Find(X509FindType.FindBySubjectName, "*.wildcard.address.foo", false)[0];
        store.Close();

        EndpointIdentity identity = EndpointIdentity.CreateX509CertificateIdentity(certificate);

        string address = getWcfServiceUrl();

        AddressHeader header = AddressHeader.CreateAddressHeader(address);
        List<AddressHeader> headerList = new List<AddressHeader> { header };
        Uri uri = new Uri(address); 
        var endpointAddress = new EndpointAddress(uri, identity, headerList.ToArray());
        return endpointAddress;
    }
}

这很好用,如果我们正在对其进行测试,则可以为所有其他意图和目的成功调用。 除了一个

在一种情况下,我们需要从第 3 方资源中获取信息。在这种情况下,我们的 Web 服务会在一个 HTTPS 地址上单独调用此第 3 方(在此处传递给 url 参数:

    private string requestURL(string url)
    {
        string toReturn = null;
        Stream stream = null;
        try
        {
            HttpWebRequest request = (HttpWebRequest)WebRequest.Create(url);
            request.Method = httpMethod;
            stream = ((HttpWebResponse)request.GetResponse()).GetResponseStream();
            StreamReader reader = new StreamReader(stream);
            toReturn = reader.ReadToEnd();
        }
        catch(Exception e)
        {
            throw new Exception("Error with that service please try again: " + e.Message, e);
        }
        finally
        {
            if(stream != null)
            {
                stream.Close();
            }
        }
        return toReturn;
    }

在这种情况下,返回以下错误:

请求被中止:无法创建 SSL/TLS 安全通道。

我怀疑我们正在围绕本地客户端(即 InfoPath)和 Web 服务之间的 SSL 连接设置一组非常具体的约束,但是从该 Web 服务到第 3 方的调用没有设置为除了简单地通过 HTTPS 调用之外的任何限制。

在尝试解决此问题时我应该注意什么?

【问题讨论】:

  • 其他有用信息:我们可以使用 Fiddler 直接通过 SSL 成功调用第 3 方。响应标头中没有明确指示第三方使用的协议。

标签: c# wcf ssl


【解决方案1】:

WCF 恕我直言,WCF 恕我直言,特别关注两端的配置,并专门在来回中要求诸如传输凭据之类的东西。我怀疑您无法控制第三方如何管理安全性并且无法更改它,但是您调用所有 Web 服务的通用方法将无法正常工作,因为配置不匹配。

【讨论】:

    猜你喜欢
    • 1970-01-01
    • 1970-01-01
    • 1970-01-01
    • 2023-03-22
    • 1970-01-01
    • 1970-01-01
    • 1970-01-01
    • 2018-12-19
    • 2020-06-18
    相关资源
    最近更新 更多