1. 首頁
  2. 問答
  3. 無法建立安全通道的SSL/TLS

無法建立安全通道的SSL/TLS

2017-03-28 61 views
0

我有WCF服務,是設置爲使用服務器和客戶端證書是這樣的:無法建立安全通道的SSL/TLS

 ServiceHostFactory.CreateService<MyAppClientService>($"https://localhost:{serverSettings.SmartCardSSLPort}/MyApp5Service/Sll") 
         .UseProtobuf() 
         .AddServiceBehavior(new CustomServiceBehavior_ClientService()) 
         .AddAuthorizationPolicy(new CustomAuthorizationPolicy_ClientService()) 
         .UseSecureConnection(environmentSettings.SecureConnection) 
         .UseThrottling() 
         .Start(EndpointService.CreateNetHttpsBinding(true)); 
        await ServiceHandler.RegisterClientServiceToConsul(MyAppServices.ClientServer_Smartcard, serverSettings.SmartCardSSLPort); 

public ServiceHostBuilder<T> UseSecureConnection(SecureConnectionSettings settings) 
     { 
      if (settings != null && settings.Enabled) 
      { 
       Console.WriteLine("Setting certificates"); 
       X509Store store = new X509Store(settings.CertificateStore, settings.CertificateLocation); 
       store.Open(OpenFlags.ReadOnly); 
       X509Certificate2Collection certs = store.Certificates.Find(X509FindType.FindByThumbprint, settings.Thumbprint, true); 
       store.Close(); 

       if (certs.Count > 0) 
       { 
        _serviceHost.Credentials.ServiceCertificate.SetCertificate(settings.CertificateLocation, 
        settings.CertificateStore, X509FindType.FindByThumbprint, settings.Thumbprint); 
       } 
       else 
        throw new Exception("Could not find certificate with thumbprint " + settings.Thumbprint); 
      } 
      return this; 
     } 

public static NetHttpsBinding CreateNetHttpsBinding(bool requiredClientCertificate = false) 
     { 
      var binding = new NetHttpsBinding(); 
      SetBindingSettings(binding); 
      binding.Security = new BasicHttpsSecurity(); 
      binding.Security.Mode = BasicHttpsSecurityMode.Transport; 
      binding.Security.Transport = new HttpTransportSecurity(); 

      if (requiredClientCertificate) 
       binding.Security.Transport.ClientCredentialType = HttpClientCredentialType.Certificate; 
      else 
       binding.Security.Transport.ClientCredentialType = HttpClientCredentialType.None; 

      return binding; 
     }

客戶端創建這樣的通道:

private async Task<ChannelFactory<T>> CreateChannelFactory(LoginTypeBase loginType, OrbitToken token) 
     { 
      var service = await _ConsulService.GetServiceBlocking(loginType.OrbitServicesToUse, forceRefresh: true, token: new CancellationTokenSource(TimeSpan.FromSeconds(30)).Token); 

      if (service == null) 
       throw new OrbitServiceCommunicationException(); 

      var cert = loginType.ClientCertificate; 
      var uri = loginType.GetOrbitClientServiceURL(service.Address, service.Port); 

      var header = AddressHeader.CreateAddressHeader(nameof(OrbitToken), nameof(OrbitToken), token); 
      var endpointAddress = new EndpointAddress(uri, header); 

      ServiceEndpoint serviceEndpoint = null; 
      if (loginType.LoginType == LoginType.SmartCard || loginType.LoginType == LoginType.UsernamePasswordSLL) 
      { 
       var binding = new NetHttpsBinding("netHttpsBinding"); 
       binding.Security.Mode = BasicHttpsSecurityMode.Transport; 
       if (loginType.LoginType == LoginType.SmartCard) 
        binding.Security.Transport.ClientCredentialType = HttpClientCredentialType.Certificate; 
       else 
        binding.Security.Transport.ClientCredentialType = HttpClientCredentialType.None; 

       serviceEndpoint = new ServiceEndpoint(ContractDescription.GetContract(typeof(T)), binding, endpointAddress); 
      } 
      else 
      { 
       var binding = new NetHttpBinding("netHttpBinding"); 
       serviceEndpoint = new ServiceEndpoint(ContractDescription.GetContract(typeof(T)), binding, endpointAddress); 
      } 

      serviceEndpoint.EndpointBehaviors.Add(new ProtoEndpointBehavior()); 
      serviceEndpoint.EndpointBehaviors.Add(new CustomMessageInspectorBehavior()); 


      var v = new ChannelFactory<T>(serviceEndpoint); 
      if (loginType.LoginType == LoginType.SmartCard) 
      { 
       v.Credentials.ClientCertificate.Certificate = cert; 
       //v.Credentials.ClientCertificate.SetCertificate(StoreLocation.CurrentUser, StoreName.My, X509FindType.FindByThumbprint, cert.Thumbprint); 
      } 
      return v; 
     }

當智能卡插入閱讀器時,第三方程序會將證書從這張卡複製到當地商店。

我的應用程序將捕獲此更改並將其中一個證書用作客戶端證書。

上面的代碼第一次正常工作。當客戶對服務進行第一次呼叫時,第三方程序將詢問用戶的密碼,如果這是有效的,則通信繼續。

問題是,如果我刪除智能卡,然後將其放回,當服務的下一次調用完成時,我將獲得SSL/TLS?此時我沒有創建一個新的頻道,而是使用與我之前移除卡片相同的頻道。

.NET中是否有這樣的事情發生,或者是我的第三方軟件阻止了我?也許我必須在證書刪除後重新創建一個新頻道?

這是例外,我得到的一個例子:

System.ServiceModel.Security.SecurityNegotiationException:無法 建立安全通道的SSL/TLS權威 '139.107.245.141:44310'。 ---> System.Net.WebException:請求是 中止:無法創建SSL/TLS安全通道。在 Ç System.Net.HttpWebRequest.EndGetResponse(IAsyncResult的asyncResult)
在 System.ServiceModel.Channels.HttpChannelFactory orgEnhetList,列表1 tooltipKeys, List 1 userItems):\ MYAPP \ Produkter \ MYAPP Utveckling \解\ MYAPP .Client.Main \類\服務 管理\服務代理\ AkutlistanAgent.cs:線88在 Myapp.Client.Main.GUI.Akutlista.ucAkutLista.buildGrid()在 C:\ MYAPP \ Produkter \ MYAPP Utveckling \ Solution \ Myapp.Client.Main \ GUI \ Akutlista \ ucAkutLista.cs:line 550 at Myapp.Client.Main.GUI.Akutlista.ucAkutLista.SetArbetsstalle(List organisationsEnhetList,List`1 prioriteringsGruppList)在 C:\ MYAPP \ Produkter \ MYAPP Utveckling \解\ Myapp.Client.Main \ GUI \ Akutlista \ ucAkutLista.cs:線 1731在Myapp.Client.Main.GUI .Akutlista.ucAkutLista.LoadControl() 在C:\ MYAPP \ Produkter \ MYAPP Utveckling \解\ Myapp.Client.Main \ GUI \ Akutlista \ ucAkutLista.cs:線 395在 Myapp.Client.Main.GUI。 Planering.ucOversiktsTabControl.loadPage()在 C:\ MYAPP \ Produkter \ MYAPP Utveckling \解\ Myapp.Client.Main \ GUI \ Planering \ ucOversiktsTabControl.cs:線 703在 Myapp.Client.Main.GUI.Planering .ucOversiktsTabControl..ctor() C:\ Myapp \ Produkter \ Myapp Utveckling \ Solution \ Myapp.Client.Main \ GUI \ Planering \ ucOversiktsTabControl.cs:line 68 at Myapp.Client.Main.GUI.Planering.frmPlaneringsOversikt。的InitializeComponent() C:\對myApp \產品\對myApp 發展\解\ Myapp.Client.Main \ GUI \規劃器\ frmPlaneringsOversikt.Designer.cs:線180在 Myapp.Client.Main.GUI.Planering.frmPlaneringsOversikt ..ctor() 到C:\對myApp \產品\對myApp 發展\解\ Myapp.Client.Main \ GUI \規劃器\ frmPlaneringsOversikt.cs:線147在 Myapp.Client.Main.GUI.Planering.frmPlaneringsOversikt .OpenForm() 到C:\對myApp \產品\對myApp 發展\解\ Myapp.Client.Main \ GUI \規劃器\ frmPlaneringsOversikt.cs:在Myapp.Client.Main.GUI.frmMainMyapp.OpenPlaningOverview 線112() 到C:\對myApp \產品\對myApp發展\解決方案\ Myapp.Client.Main \ GUI \ frmMainMyapp.cs:行2265
在Myapp.Client.Main.GUI.frmMainMyapp.navBarItemPlanering_LinkClicked(對象 發件人,NavBarLinkEventArgs E)C:\對myApp \產品\對myApp 發展\解\ Myapp.Client.Main \ GUI \ frmMainMyapp.cs:線619
在DevExpress.XtraNavBar.NavBarItem.RaiseLinkEvent(對象鏈接事件, NavBarItemLink鏈路)在 DevExpress.XtraNavBar.NavBarItem.RaiseLinkClicked(NavBarItemLink鏈路)在 DevExpress.XtraNavBar.NavBarItem.RaiseLinkClickedCore(NavBarItemLink 鏈路)在 DevExpress.XtraNavBar.NavBarControl.RaiseLinkClicked(NavBarItemL墨 鏈接)在 DevExpress.XtraNavBar.ViewInfo.NavBarViewInfo.DoLinkClick(NavBarHitInfo hitInfo)在 DevExpress.XtraNavBar.ViewInfo.NavBarViewInfo.DoClick(NavBarHitInfo hitInfo)在 DevExpress.XtraNavBar.ViewInfo.NavigationPaneViewInfo.DoClick(NavBarHitInfo hitInfo)在 DevExpress.XtraNavBar.ViewInfo.NavBarViewInfo.OnMouseUp(在在System.Windows.Forms.Control.WmMouseUp DevExpress.XtraNavBar.NavBarControl.OnMouseUp(MouseEventArgs EV)MouseEventArgs E)(消息&米, 鼠標按鈕按鈕, INT32點擊)在 System.Windows.Forms.Control.WndProc(消息&米)在 DevExpress.XtraNavBar.NavBarControl.WndProc(消息& m)上 System.Windows.Forms.Control.ControlNativeWindow.OnMessage(消息&米) 在System.Windows.Forms.Control.ControlNativeWindow.WndProc(消息& 米)在System.Windows.Forms.NativeWindow.Callback(IntPtr的的HWND,的Int32 味精,IntPtr的的wParam,lParam中的IntPtr)

編輯:我有一個關於MS的WinInet尖可能會問的問題,克服它,我需要重新啓動應用程序或以某種方式復位MS WinInet的?

來源

2017-03-28 Banshee

+0

也許這是becouse MS的WinInet? – Banshee

回答

0

你檢查你的防火牆設置?如果是的話那麼它值得檢查右側車門被打開進行通信。

來源

2017-03-28 15:20:58

+1

這比不是一個答案評論更多。請考慮將其刪除,並將其添加爲註釋。或更有價值的內容添加到它。 – Rabban

+0

因爲它workes第一時間應是在卡後,過高的工作被去除,然後更換。它被用於所有的時間相同的端口。 – Banshee

相關問題

 相關問題