这里有很多人在问同样的问题。但很少有答案或成功的报告。服务器是第三方,所以我不知道他们的配置,但他们确实报告了他们在日志中发现的内容如下:
他们在日志中看到的唯一内容就是这个错误。 “基于 IP,它来自他们的 DEV 环境,但没有有效负载,要将其放入调试,URL 格式不正确。”
节点: 时间:20150105 10:21:45.798 严重性:警告 请求编号:00000149c32c8869-3801 消息:消息处理成功
事件类型:消息摘要 客户端IP:56.6.66.6 服务:包罗万象的调试服务[/*] 操作:空 请求长度:0 响应长度:0 回复状态:0 响应时间:0ms 用户身份 : 用户名:空
这是完整的故事,
我在调用 https 服务器上的 WebService 时从未遇到过问题。但是他们有ip安全以及证书安全(没有用户名和密码安全)
奇怪的是,当我通常使用 visual studio 时,它们会发送物理 .wsdl 文件,指向它们,一切就绪。不是这种情况。我必须在本地添加文件,并在本地指向它们 c:\project\Server References\file.wsdl 并且一切正常。
我在谷歌上搜索了大约 10 个示例(都有些变体)来了解如何完成此操作。当然,这可以通过配置更少(所有代码)或配置中定义的所有内容来完成。也可以在控制台应用程序或 Web 应用程序中完成。出于理智的目的,我更喜欢控制台,但我把两者都装进去了。
附言我们持有SSL证书和客户端的权限,并向他们发送没有私钥的SSL证书。
P.S.S 我用过 Wireshark 和 Fiddler。 Wireshark 显示 8443 端口上的 TCP 连接和纯文本的 url,但数据部分似乎太小而无法保存证书(但这只是 open 调用正常吗?)
http://tinypic.com/r/34ihld4/8 (wireshark 屏幕截图)
http://tinypic.com/r/14jrbx3/8 ( watch 中的 wsclient)
Fiddler显示“握手成功”
这是我正在使用的“无配置代码”
ws.AccountInfo ai = new ws.AccountInfo();
ws.BasicAccountInfo[] info = new ws.BasicAccountInfo[10];
ws.ProductAndService PaS = new ws.ProductAndService();
System.Net.ServicePointManager.SecurityProtocol = System.Net.SecurityProtocolType.Ssl3 //have tried them all | System.Net.SecurityProtocolType.Tls | System.Net.SecurityProtocolType.Tls11 | System.Net.SecurityProtocolType.Tls12;
WSHttpBinding myBinding = new WSHttpBinding();
myBinding.Security.Mode = SecurityMode.Transport;
myBinding.Security.Transport.ClientCredentialType = HttpClientCredentialType.Certificate;
myBinding.ReaderQuotas.MaxArrayLength = int.MaxValue;
myBinding.MaxReceivedMessageSize = int.MaxValue;
myBinding.UseDefaultWebProxy = false;
EndpointAddress ea = new EndpointAddress("https://www.some-company.com:8443/DSMProgramsV4/PgnDSMProgramsService"); //odly no .svc ending
ws.PgnDSMProgramsServiceClient wsclient = new ws.PgnDSMProgramsServiceClient(myBinding,ea);
// Specify a certificate to use for authenticating the client.
wsclient.ClientCredentials.ClientCertificate.SetCertificate(StoreLocation.LocalMachine,StoreName.My, X509FindType.FindByIssuerName, "Network Solutions DV Server CA");//the cert i want is found under this name for example www.somesite.com is found and shows up in watch in wsclient below
string s = "";
try
{
wsclient.Open();//success always
info = wsclient.GetAccountList("9999", "TEST", "99999999");
wsclient.Close();
}
catch(Exception ex)
{
s = ex.Message;// hang and error happens on GetAccount List
}
Console.Write(s);
Console.Write(info[0].ToString());//if we were ever successful, never are though
我得到的错误是向 https://www.some-company.com:8443/DSMProgramsV4/PgnDSMProgramsService 发出 HTTP 请求时发生错误.这可能是由于在 HTTPS 情况下服务器证书未正确配置为 HTTP.SYS。这也可能是由于客户端和服务器之间的安全绑定(bind)不匹配引起的。底层连接已关闭:发送时发生意外错误。身份验证失败,因为远程方已关闭传输流
我永远无法理解这条消息
我也尝试过使用 ChannelFactory
ws.AccountInfo ai = new ws.AccountInfo();
ws.BasicAccountInfo[] info = new ws.BasicAccountInfo[10];
ws.ProductAndService PaS = new ws.ProductAndService();
System.Net.ServicePointManager.SecurityProtocol = System.Net.SecurityProtocolType.Ssl3;
string address = "https://www.some-company.com:8443/DSMProgramsV4/PgnDSMProgramsService";
WSHttpBinding binding = new WSHttpBinding();
binding.Security.Mode = SecurityMode.Transport;
binding.Security.Transport.ClientCredentialType = HttpClientCredentialType.Certificate;
ChannelFactory<ws.PgnDSMProgramsService> factory = new ChannelFactory<ws.PgnDSMProgramsService>(binding, address);
factory.Credentials.ClientCertificate.SetCertificate(System.Security.Cryptography.X509Certificates.StoreLocation.LocalMachine, System.Security.Cryptography.X509Certificates.StoreName.My, System.Security.Cryptography.X509Certificates.X509FindType.FindByIssuerName, "Network Solutions DV Server CA");
ws.PgnDSMProgramsService client = factory.CreateChannel();
var infoz = client.GetAccountList("9999", "TEST", "999999");
也没有运气,同样的错误信息。
我已经尝试了各种 web.config 和 app.config,就像下面一样简单:
<system.serviceModel>
<behaviors>
<endpointBehaviors>
<behavior name="CustomerEndpointBehavior" >
<clientCredentials supportInteractive="True">
<clientCertificate storeLocation="LocalMachine" storeName="My" x509FindType="FindBySubjectName" findValue="www.our-cert.org" />
<!-- <serviceCertificate>
<authentication certificateValidationMode="None" revocationMode="NoCheck" />
<sslCertificateAuthentication certificateValidationMode="PeerOrChainTrust" trustedStoreLocation="LocalMachine"/>
</serviceCertificate>-->
</clientCredentials>
</behavior>
</endpointBehaviors>
</behaviors>
<bindings>
<basicHttpBinding>
<binding name="CustomerBindingConfig">
<!-- closeTimeout="00:01:00" openTimeout="00:01:00" receiveTimeout="00:10:00" sendTimeout="00:01:00" maxBufferPoolSize="524288" maxReceivedMessageSize="65536" messageEncoding="Mtom" textEncoding="utf-8" useDefaultWebProxy="false" allowCookies="false" > -->
<!-- <readerQuotas maxDepth="32" maxStringContentLength="8192" maxArrayLength="16384" maxBytesPerRead="4096" maxNameTableCharCount="16384" /> -->
<security mode="Transport" >
<transport clientCredentialType="Certificate"/>
</security>
</binding>
</basicHttpBinding>
</bindings>
<client>
<endpoint address="https://www.some-company.com:8443/DSMProgramsV4/PgnDSMProgramsService"
binding="basicHttpBinding" bindingConfiguration="CustomerBindingConfig" behaviorConfiguration="CustomerEndpointBehavior"
contract="ws.PgnDSMProgramsService" name="serviceEndpoint" />
</client>
变得更复杂
<system.serviceModel>
<behaviors>
<endpointBehaviors>
<behavior name="CustomerEndpointBehavior">
<clientCredentials>
<clientCertificate storeLocation="LocalMachine" storeName="My" x509FindType="FindBySubjectName" findValue="www.our-cert.org" />
<serviceCertificate>
<authentication certificateValidationMode="PeerTrust" />
</serviceCertificate>
</clientCredentials>
</behavior>
</endpointBehaviors>
</behaviors>
<bindings>
<wsHttpBinding>
<binding name="CustomerBindingConfig" closeTimeout="00:01:00" openTimeout="00:01:00"
receiveTimeout="00:10:00" sendTimeout="00:01:00" bypassProxyOnLocal="false"
transactionFlow="false" hostNameComparisonMode="StrongWildcard"
maxBufferPoolSize="524288" maxReceivedMessageSize="65536"
messageEncoding="Text" textEncoding="utf-8" useDefaultWebProxy="true"
allowCookies="false">
<readerQuotas maxDepth="32" maxStringContentLength="8192" maxArrayLength="16384"
maxBytesPerRead="4096" maxNameTableCharCount="16384" />
<reliableSession ordered="true" inactivityTimeout="00:10:00"
enabled="false" />
<security mode="Transport">
<transport clientCredentialType="None" proxyCredentialType="None"
realm="" />
<message clientCredentialType="Certificate" negotiateServiceCredential="true"
algorithmSuite="Default" />
</security>
</binding>
</wsHttpBinding>
</bindings>
<client>
<endpoint address="https://www.some-company.com:8443/DSMProgramsV4/PgnDSMProgramsService" binding="wsHttpBinding" bindingConfiguration="CustomerBindingConfig" behaviorConfiguration="CustomerEndpointBehavior" contract="ws.PgnDSMProgramsService" name="serviceEndpoint" />
</client>
不像我一直在做尽职调查,见下文
http://www.codeproject.com/Articles/36705/7-simple-steps-to-enable-HTTPS-on-WCF-WsHttp-bindi
http://msdn.microsoft.com/en-us/library/ms789011.aspx
http://www.codeproject.com/Articles/18601/An-easy-way-to-use-certificates-for-WCF-security
http://blogs.ugidotnet.org/cfolini/archive/2008/01/04/90561.aspx
http://www.codeproject.com/Articles/348595/Use-Mutual-SSL-Authentication-in-WCF
最佳答案
如果您还没有,您应该启用 WCF 跟踪,这可能有助于确定 WCF 安全问题的根本原因。我们发现 WCF Trace 日志会揭示以前“隐藏”的问题。
http://msdn.microsoft.com/en-us/library/ms733025(v=vs.110).aspx
关于c# - WCF 客户端 4.5 C# 使用 CA 证书颁发机构 ssl 证书。需要帮助,已放弃,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/27907186/