asp.net core 2.0 中的 WCF - 无法为具有权限的 SSL/TLS 安全通道建立信任关系

Posted

技术标签:

【中文标题】asp.net core 2.0 中的 WCF - 无法为具有权限的 SSL/TLS 安全通道建立信任关系【英文标题】:WCF in asp.net core 2.0 - Could not establish trust relationship for the SSL/TLS secure channel with authority 【发布时间】:2019-03-25 07:09:33 【问题描述】:

以前我有一个应用程序定位框架 4.5.1,并使用 Web Reference 添加 WCF 服务。这完美地工作并且能够成功地通过服务器进行身份验证。

旧代码:

ServicePointManager.Expect100Continue = false;
ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12;

IService orderService = new Service();

// private method to load certificate
var cert = LoadCertificate(@"....\00050._.1.p12", "pwd");

oIPGApiOrderService.ClientCertificates.Add(cert);

oIPGApiOrderService.Url = @"service_url";

NetworkCredential nc = new NetworkCredential("username", "pwd");
oIPGApiOrderService.Credentials = nc;

现在我正在升级到 .net core 2.0,并以 .net standard 2.0 为目标。我已添加该服务正在使用服务引用(连接服务)。生成的代码已更改,使用通道工厂等...

新代码:

ServicePointManager.Expect100Continue = false;
ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12;

System.ServiceModel.BasicHttpBinding result = new System.ServiceModel.BasicHttpBinding();
result.MaxBufferSize = int.MaxValue;
result.ReaderQuotas = System.Xml.XmlDictionaryReaderQuotas.Max;
result.MaxReceivedMessageSize = int.MaxValue;
result.AllowCookies = true;
result.Security.Mode = System.ServiceModel.BasicHttpSecurityMode.Transport;

IService client = new Service(result, new EndpointAddress("service_url"));

client.ClientCredentials.ClientCertificate.Certificate = new X509Certificate2(@"....\00050._.1.p12", "pwd");

client.ClientCredentials.UserName.UserName = "username";
client.ClientCredentials.UserName.Password = "pwd";

但新代码无法正常工作,尽管证书已成功加载。我遇到了一个例外:

System.ServiceModel.Security.SecurityNegotiationException: Could not establish trust relationship for the SSL/TLS secure channel with authority 'xxxxxxx-online.com'. ---> System.Net.Http.HttpRequestException: An error occurred while sending the request. ---> System.Net.Http.WinHttpException: A security error occurred

你们的任何帮助将不胜感激。我错过了什么吗?

【问题讨论】:

【参考方案1】:

如果你使用不信任的服务器证书(例如自签名),你应该使用这个:

client.ClientCredentials.ServiceCertificate.SslCertificateAuthentication =
        new X509ServiceCertificateAuthentication()
        
            CertificateValidationMode = X509CertificateValidationMode.None,
            RevocationMode = System.Security.Cryptography.X509Certificates.X509RevocationMode.NoCheck
        ;

【讨论】:

谢谢,这解决了我的 Net Core 3.1 应用程序的问题。【参考方案2】:

试试下面的

BasicHttpBinding httpBindingbinding = new  BasicHttpBindingMaxReceivedMessageSixe=999999;
httpBindingbinding.Security.Mode = BasicHttpSecurityMode.Transport;
httpBindingbinding.Security.Transport = new HttpTransportSecurityClientCredentialType=HttpClientCredentialType.Certificate;

以上Http设置相当于连接WCF时.netframework中webconfig中生成的“System.serviceModel”xml

`  <bindings>  
<basicHttpBinding>  
 <binding name="myBindingConfiguration1" maxReceivedMessageSize="999999">
 <security mode="Transport">
<transport clientCredentialType ="Certificate"/>
 </security>
</basicHttpBinding> 
 </binding>`

【讨论】:

以上是关于asp.net core 2.0 中的 WCF - 无法为具有权限的 SSL/TLS 安全通道建立信任关系的主要内容,如果未能解决你的问题,请参考以下文章

ASP.NET Core 2.0中的HttpContext

ASP.NET Core 2.0 中的多个身份

ASP.NET CORE 2.0 中的 FromUri

System.ServiceModel 错误在 ASP.NET Core API 中使用嵌入在 Windows 服务中的 WCF 时不支持操作

ApplicationUser在Asp.Net Core 2.0中的ActionFilter中?

ASP.NET Core 2.0 中的应用程序变量