c# - HTTPs 客户端在 Azure Web App 上连接到没有可信链(非可信 CA)的服务器

标签 c# ssl client ssl-certificate azure-web-app-service

在尝试连接到具有未经受信任 CA 签名的证书的服务器时,我被困了大约 3 天 - 您可以通过 Azure 门户添加 CA 的证书 - 但没有任何影响。

显然所有 HTTP 都使用内核模块 (!)HTTP.SYS。

我见过的所有建议都可以覆盖此功能:

ServicePointManager.ServerCertificateValidationCallback = Communicator.CustomServiceCertificateValidation;

(或者请求本身的不太全局的对应项)

或者类似的东西:

 client.ClientCredentials.ServiceCertificate.SslCertificateAuthentication =
                 new X509ServiceCertificateAuthentication()
                 {
                     CertificateValidationMode = X509CertificateValidationMode.Custom,
                     RevocationMode = X509RevocationMode.NoCheck,

                     //TrustedStoreLocation = StoreLocation.CurrentUser,
                     CustomCertificateValidator = new PermissiveCertificateValidator()

                 };

然而,两者都没有被调用!!

一些更重要的细节:

这有效:

  try
        {
            ServicePointManager.ServerCertificateValidationCallback += (sender, cert, chain, sslPolicyErrors) => true;
            using (var wc = new WebClient())
            {
                var res = wc.DownloadString("https://untrusted-root.badssl.com/");
                return Content(res);
            }
        }
        catch (Exception ex)
        {
            return Content(ex.ToString());
        }

但是,我需要使用客户端证书对自己进行身份验证 - 因此,请按照此处的说明进行操作: How can you add a Certificate to WebClient (C#)?

我最终得到以下代码:

class ATWebClient : WebClient
{
    protected override WebRequest GetWebRequest(Uri address)
    {
        HttpWebRequest request = (HttpWebRequest)base.GetWebRequest(address);
        request.Headers.Add("SOAPAction", "https://servicos.portaldasfinancas.gov.pt/sgdtws/documentosTransporte/");
        X509Certificate2 cert = new X509Certificate2();
        //From user installed Certificates
        //cert.Import(_pathCertificate, _passwordCertificate, X509KeyStorageFlags.DefaultKeySet);
        //From FileSystem "Resources\Certificates"
        cert.Import(Common.Properties.Resources.testewebservices_novo, "TESTEwebservice", X509KeyStorageFlags.Exportable);

        // Output Certificate 
        //Utils.Log(string.Format("Cert Subject: [{0}], NotBefore: [{1}], NotAfter: [{2}]", cert.Subject, cert.NotBefore, cert.NotAfter));

        request.ClientCertificates.Add(cert);
        request.Method = "POST";
        request.ContentType = "text/xml; charset=utf-8";
        request.Accept = "text/xml";


        return request;
    }

现在我调用该服务:

   try
    {

        ServicePointManager.ServerCertificateValidationCallback += (sender, cert, chain, sslPolicyErrors) => true;
        ServicePointManager.CheckCertificateRevocationList = false;
        ServicePointManager.UseNagleAlgorithm = false;
        using (var wc = new ATWebClient())
        {
            //var res = wc.DownloadString("https://servicos.portaldasfinancas.gov.pt:701/sgdtws/documentosTransporte");
            var res = wc.UploadString("https://servicos.portaldasfinancas.gov.pt:701/sgdtws/documentosTransporte", "Test of content");
            return Content(res);
        }


    }
    catch (Exception ex)
    {
        return Json(ex);
    }

注意,是的,这是一个 SOAP 端点 - 我尝试发送有效的 SOAP 内容,但两种情况下的结果相同,我收到以下异常:

底层连接已关闭:发送时发生意外错误。

堆栈跟踪:

   at System.Net.WebClient.UploadDataInternal(Uri address, String method, Byte[] data, WebRequest& request)
   at System.Net.WebClient.UploadString(Uri address, String method, String data)
   at System.Net.WebClient.UploadString(String address, String data)
   at MagniWebApp.Controllers.HomeController.NonTrustedCATestEndpoint() in C:\Users\joao.antunes.Office2\source\repos\07. Platform\WebApp\MagniWebApp\Controllers\HomeController.cs:line 1154

内部异常的消息:

身份验证失败,因为远程方已关闭传输流。

有什么想法吗? 停下!

最佳答案

像这样在自定义回调中硬编码返回 true 怎么样?

 public string Ssl()
    {
        try
        {
            ServicePointManager.ServerCertificateValidationCallback += (sender, cert, chain, sslPolicyErrors) => true;
            using (var wc = new WebClient())
            {
                var res = wc.DownloadString("https://untrusted-root.badssl.com/");
                Console.WriteLine(res);
                return res;
            }
        }
        catch (Exception ex)
        {
            return ex.ToString();
        }
    }

关于c# - HTTPs 客户端在 Azure Web App 上连接到没有可信链(非可信 CA)的服务器,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/49909510/

上一篇:c# - EF Core 加载实体未映射到查询

下一篇:c# - 减少继承的构造函数的参数列表的类型开销

相关文章:

c# - 使用 "inline"new 语句创建的对象是否自动处理?

ssl - SEC_ERROR_REVOKED_CERTIFICATE 错误仅在 PC Firefox 上

c - 读写系统调用返回乱码 (C)

iphone - 通过 AppStore 分发 iPhone 应用程序的客户端

javascript - 使用 sc-server 代理 HTTPS 请求

c++ - 如何使用 C++ 使用 recv() 函数接收大数据?

c# - 可靠的任务计划

c# - SpeechSynthesizer 的 SpeakProgressEventArgs 是否不准确?

c# - 类似于 Extension Methods Functionality - 我们可以扩展属性吗

c# - 请求被中止 : Could not create SSL/TLS secure channel. |系统.Net.WebException

©2024 IT工具网  联系我们