【问题标题】:Getting "Could not create SSL/TLS secure channel"获取“无法创建 SSL/TLS 安全通道”
【发布时间】:2017-03-09 13:09:36
【问题描述】:

我有一些网站有时无法连接到第 3 方 SOAP WS。当对第 3 方 WS 有大量请求时,这种情况最常发生。所以它不会每次都失败,只有几次 - 主要是在对第 3 方 ws 有很多请求时。

它已在我们使用 IIS Crypto 的本地服务器上修复。之前选中了所有禁用的复选框。

但在 Azure WebApp 上,我们无法控制这些设置 - 知道该怎么做吗?

这是绑定的代码以及更多到 3rd 方肥皂 ws:

        public static CustomBinding GetDefaultBinding()
    {
        ServicePointManager.ServerCertificateValidationCallback = delegate { return true; };

        AsymmetricSecurityBindingElement securityElement = new AsymmetricSecurityBindingElement();

        securityElement.MessageSecurityVersion = MessageSecurityVersion.WSSecurity11WSTrust13WSSecureConversation13WSSecurityPolicy12;

        securityElement.InitiatorTokenParameters = new X509SecurityTokenParameters(X509KeyIdentifierClauseType.IssuerSerial, SecurityTokenInclusionMode.Never);
        securityElement.RecipientTokenParameters = new X509SecurityTokenParameters(X509KeyIdentifierClauseType.IssuerSerial, SecurityTokenInclusionMode.Never);
        securityElement.ProtectTokens = true;

        securityElement.MessageProtectionOrder = MessageProtectionOrder.SignBeforeEncrypt;

        securityElement.RequireSignatureConfirmation = true;

        securityElement.SecurityHeaderLayout = SecurityHeaderLayout.Lax;
        securityElement.EnableUnsecuredResponse = true;
        securityElement.IncludeTimestamp = true;
        securityElement.SetKeyDerivation(false);
        securityElement.DefaultAlgorithmSuite = SecurityAlgorithmSuite.Basic128Rsa15;
        securityElement.EndpointSupportingTokenParameters.SignedEncrypted.Add(new UserNameSecurityTokenParameters());
        securityElement.AllowSerializedSigningTokenOnReply = true;

        CustomBinding myBinding = new CustomBinding();
        myBinding.Elements.Add(securityElement);

        TextMessageEncodingBindingElement element = new TextMessageEncodingBindingElement(MessageVersion.Soap11WSAddressing10, Encoding.UTF8);
        element.ReaderQuotas.MaxStringContentLength = int.MaxValue;
        element.ReaderQuotas.MaxDepth = int.MaxValue;
        element.ReaderQuotas.MaxArrayLength = int.MaxValue;
        element.ReaderQuotas.MaxBytesPerRead = int.MaxValue;
        element.ReaderQuotas.MaxNameTableCharCount = int.MaxValue;
        myBinding.Elements.Add(element);

        HttpsTransportBindingElement httpsBindingElement = new HttpsTransportBindingElement();
        httpsBindingElement.RequireClientCertificate = true;
        httpsBindingElement.MaxBufferPoolSize = int.MaxValue;
        httpsBindingElement.MaxBufferSize = int.MaxValue;
        httpsBindingElement.MaxReceivedMessageSize = int.MaxValue;
        httpsBindingElement.KeepAliveEnabled = false;
        httpsBindingElement.AllowCookies = false;

        myBinding.Elements.Add(httpsBindingElement);

        myBinding.CloseTimeout = new TimeSpan(0, 10, 0);
        myBinding.ReceiveTimeout = new TimeSpan(0, 10, 0);
        myBinding.SendTimeout = new TimeSpan(0, 10, 0);

        return myBinding;
    }

        private void ConfigureClientCredentials(ClientCredentials cc)
    {
        if (cc == null) return;

        cc.UserName.UserName = Options.WebserviceUsername;
        cc.UserName.Password = Options.AuthPassword;

        cc.ClientCertificate.Certificate = Options.ClientCertificate;
        cc.ServiceCertificate.DefaultCertificate = Options.IbaCertificate;

        cc.ServiceCertificate.Authentication.CertificateValidationMode = X509CertificateValidationMode.None;
    }

    private void ConfigureEndPoint(ServiceEndpoint endpoint)
    {
        endpoint.Contract.ProtectionLevel = ProtectionLevel.EncryptAndSign;
        endpoint.EndpointBehaviors.Add(new CustomEndpointBehavior());

    }

【问题讨论】:

    标签: c# web-services azure soap tls1.2


    【解决方案1】:

    第 3 方 SOAP WS 在一台服务器上配置了错误的 SSL/芯片(负载平衡器设置),这导致了问题 - 所以这在我的代码中不是问题。

    【讨论】:

    • 这很快 - 很棒。最后一个提示:我认为您可能想阅读有关 Clean Code 的内容(对于 Robert Martin 的伟大著作)。您的代码可能会从中受益。
    猜你喜欢
    • 2021-12-13
    • 2014-12-26
    • 2017-02-10
    • 2017-08-22
    • 2016-08-03
    • 2018-06-17
    • 1970-01-01
    • 2023-04-08
    • 1970-01-01
    相关资源
    最近更新 更多