asp.net core 2.0 中的 WCF - 无法为具有权限的 SSL/TLS 安全通道建立信任关系
Posted
技术标签:
【中文标题】asp.net core 2.0 中的 WCF - 无法为具有权限的 SSL/TLS 安全通道建立信任关系【英文标题】:WCF in asp.net core 2.0 - Could not establish trust relationship for the SSL/TLS secure channel with authority 【发布时间】:2019-03-25 07:09:33 【问题描述】:以前我有一个应用程序定位框架 4.5.1,并使用 Web Reference 添加 WCF 服务。这完美地工作并且能够成功地通过服务器进行身份验证。
旧代码:
ServicePointManager.Expect100Continue = false;
ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12;
IService orderService = new Service();
// private method to load certificate
var cert = LoadCertificate(@"....\00050._.1.p12", "pwd");
oIPGApiOrderService.ClientCertificates.Add(cert);
oIPGApiOrderService.Url = @"service_url";
NetworkCredential nc = new NetworkCredential("username", "pwd");
oIPGApiOrderService.Credentials = nc;
现在我正在升级到 .net core 2.0,并以 .net standard 2.0 为目标。我已添加该服务正在使用服务引用(连接服务)。生成的代码已更改,使用通道工厂等...
新代码:
ServicePointManager.Expect100Continue = false;
ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12;
System.ServiceModel.BasicHttpBinding result = new System.ServiceModel.BasicHttpBinding();
result.MaxBufferSize = int.MaxValue;
result.ReaderQuotas = System.Xml.XmlDictionaryReaderQuotas.Max;
result.MaxReceivedMessageSize = int.MaxValue;
result.AllowCookies = true;
result.Security.Mode = System.ServiceModel.BasicHttpSecurityMode.Transport;
IService client = new Service(result, new EndpointAddress("service_url"));
client.ClientCredentials.ClientCertificate.Certificate = new X509Certificate2(@"....\00050._.1.p12", "pwd");
client.ClientCredentials.UserName.UserName = "username";
client.ClientCredentials.UserName.Password = "pwd";
但新代码无法正常工作,尽管证书已成功加载。我遇到了一个例外:
System.ServiceModel.Security.SecurityNegotiationException: Could not establish trust relationship for the SSL/TLS secure channel with authority 'xxxxxxx-online.com'. ---> System.Net.Http.HttpRequestException: An error occurred while sending the request. ---> System.Net.Http.WinHttpException: A security error occurred
你们的任何帮助将不胜感激。我错过了什么吗?
【问题讨论】:
【参考方案1】:如果你使用不信任的服务器证书(例如自签名),你应该使用这个:
client.ClientCredentials.ServiceCertificate.SslCertificateAuthentication =
new X509ServiceCertificateAuthentication()
CertificateValidationMode = X509CertificateValidationMode.None,
RevocationMode = System.Security.Cryptography.X509Certificates.X509RevocationMode.NoCheck
;
【讨论】:
谢谢,这解决了我的 Net Core 3.1 应用程序的问题。【参考方案2】:试试下面的
BasicHttpBinding httpBindingbinding = new BasicHttpBindingMaxReceivedMessageSixe=999999;
httpBindingbinding.Security.Mode = BasicHttpSecurityMode.Transport;
httpBindingbinding.Security.Transport = new HttpTransportSecurityClientCredentialType=HttpClientCredentialType.Certificate;
以上Http设置相当于连接WCF时.netframework中webconfig中生成的“System.serviceModel”xml
` <bindings>
<basicHttpBinding>
<binding name="myBindingConfiguration1" maxReceivedMessageSize="999999">
<security mode="Transport">
<transport clientCredentialType ="Certificate"/>
</security>
</basicHttpBinding>
</binding>`
【讨论】:
以上是关于asp.net core 2.0 中的 WCF - 无法为具有权限的 SSL/TLS 安全通道建立信任关系的主要内容,如果未能解决你的问题,请参考以下文章
System.ServiceModel 错误在 ASP.NET Core API 中使用嵌入在 Windows 服务中的 WCF 时不支持操作