我已经创建了 web api 并尝试使用 c# 发出 GET 请求,如下所示
namespace APIMCheck
{
class Program
{
static void Main(string[] args)
{
string thumbprint = "***";
string url @"https://******-us-stats-webapi.azurewebsites.net/statistics/v1/masterData/carTypes";
X509Store store = new X509Store(StoreName.My, StoreLocation.LocalMachine);
store.Open(OpenFlags.ReadOnly);
X509Certificate2Collection certificates = store.Certificates.Find(X509FindType.FindByThumbprint, thumbprint, true);
X509Certificate2 certificate = certificates[0];
ServicePointManager.Expect100Continue = true;
ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls | SecurityProtocolType.Tls11 | SecurityProtocolType.Tls12 | SecurityProtocolType.Ssl3;
ServicePointManager.ServerCertificateValidationCallback = new System.Net.Security.RemoteCertificateValidationCallback(AcceptAllCertifications);
HttpWebRequest req = (HttpWebRequest)WebRequest.Create(url);
req.ClientCertificates.Add(certificate);
req.Method = WebRequestMethods.Http.Get;
Console.WriteLine(Program.CallAPI(req).ToString());
Console.Read();
}
public static string CallAPI(HttpWebRequest req)
{
var httpResponse = (HttpWebResponse)req.GetResponse();
using (var streamReader = new StreamReader(httpResponse.GetResponseStream()))
{
return streamReader.ReadToEnd();
}
}
public static bool AcceptAllCertifications(object sender, System.Security.Cryptography.X509Certificates.X509Certificate certification, System.Security.Cryptography.X509Certificates.X509Chain chain, System.Net.Security.SslPolicyErrors sslPolicyErrors)
{
return true;
}
}
}
我收到数据响应。一切顺利。
现在,我已经创建了 Azure APIM,它将充当上述 web API
这是在 Azure API 管理门户中配置的策略
<policies>
<inbound>
<base />
<choose>
<when condition="@(context.Request.Certificate.Verify() != true || context.Request.Certificate == null || context.Request.Certificate.Issuer != "CN=MySubCA, DC=MYEXT, DC=NET" || context.Request.Certificate.NotAfter < DateTime.Now)">
<return-response>
<set-status code="403" reason="Invalid client certificate" />
<set-body template="none">@(context.Request.Certificate.Issuer.ToString())</set-body>
</return-response>
</when>
</choose>
</inbound>
<backend>
<base />
</backend>
<outbound>
<base />
</outbound>
<on-error>
<base />
</on-error>
</policies>
现在,将 url 更改为指向 apim
string url = @"https://******-us-stats-apim.azure-api.net/statistics/v1/masterData/carTypes";
我得到以下错误
The request was aborted: Could not create SSL/TLS secure channel for HttpWebRequest
SSL/TLS 如何影响 Web API 和 APIM?
和防火墙有什么关系吗?
最佳答案
默认情况下,为 Azure API 管理网关启用 TLS 1.2。
您可以转到您的 azure api 管理(在门户上)> Protocol settings > 打开 tls 1.2和 ssl 3.0 .
关于c# - Azure APIM URL 抛出 System.Net.WebException - SSL/TLS 如何在 azure web api 和 azure APIM 中产生差异?,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/57706117/