HTTPs Client to connect to server without trusted chain (non trusted CA) on Azure Web App(HTTPS 客户端在 Azure Web App 上连接到没有受信任链(非受信任 CA)的服务器)
问题描述
我在尝试连接到具有尚未由受信任的 CA 签名的证书的服务器时被卡住了大约 3 天 - 您可以通过 Azure 门户添加 CA 的证书 - 但没有任何影响.
I have been stuck for around 3 days trying to connect to a server that has a certificate which hasn't been signed by a trusted CA - you can add the CA's certificate through Azure Portal - but to no affect.
显然所有 HTTP 都使用内核模块 (!) HTTP.SYS.
apparently everything HTTP uses a kernel module (!) HTTP.SYS.
我看到的所有建议都可以使用:
All of the suggestions I have seen to override this either use:
ServicePointManager.ServerCertificateValidationCallback = Communicator.CustomServiceCertificateValidation;
(或请求本身的较少全球性的对应物)
(or its less global counterpart on the request itself)
或类似的东西:
client.ClientCredentials.ServiceCertificate.SslCertificateAuthentication =
new X509ServiceCertificateAuthentication()
{
CertificateValidationMode = X509CertificateValidationMode.Custom,
RevocationMode = X509RevocationMode.NoCheck,
//TrustedStoreLocation = StoreLocation.CurrentUser,
CustomCertificateValidator = new PermissiveCertificateValidator()
};
然而,两者都没有被调用!!
yet, neither gets invoked!!
一些更重要的细节:
这行得通:
try
{
ServicePointManager.ServerCertificateValidationCallback += (sender, cert, chain, sslPolicyErrors) => true;
using (var wc = new WebClient())
{
var res = wc.DownloadString("https://untrusted-root.badssl.com/");
return Content(res);
}
}
catch (Exception ex)
{
return Content(ex.ToString());
}
但是,我需要使用客户端证书对自己进行身份验证 - 因此,请按照此处的说明进行操作:怎么可能向 WebClient (C#) 添加证书?
Yet, I need to authenticate myself with a client certificate - so, following the instructions found here: How can you add a Certificate to WebClient (C#)?
我最终得到以下代码:
class ATWebClient : WebClient
{
protected override WebRequest GetWebRequest(Uri address)
{
HttpWebRequest request = (HttpWebRequest)base.GetWebRequest(address);
request.Headers.Add("SOAPAction", "https://servicos.portaldasfinancas.gov.pt/sgdtws/documentosTransporte/");
X509Certificate2 cert = new X509Certificate2();
//From user installed Certificates
//cert.Import(_pathCertificate, _passwordCertificate, X509KeyStorageFlags.DefaultKeySet);
//From FileSystem "ResourcesCertificates"
cert.Import(Common.Properties.Resources.testewebservices_novo, "TESTEwebservice", X509KeyStorageFlags.Exportable);
// Output Certificate
//Utils.Log(string.Format("Cert Subject: [{0}], NotBefore: [{1}], NotAfter: [{2}]", cert.Subject, cert.NotBefore, cert.NotAfter));
request.ClientCertificates.Add(cert);
request.Method = "POST";
request.ContentType = "text/xml; charset=utf-8";
request.Accept = "text/xml";
return request;
}
现在我调用服务:
try
{
ServicePointManager.ServerCertificateValidationCallback += (sender, cert, chain, sslPolicyErrors) => true;
ServicePointManager.CheckCertificateRevocationList = false;
ServicePointManager.UseNagleAlgorithm = false;
using (var wc = new ATWebClient())
{
//var res = wc.DownloadString("https://servicos.portaldasfinancas.gov.pt:701/sgdtws/documentosTransporte");
var res = wc.UploadString("https://servicos.portaldasfinancas.gov.pt:701/sgdtws/documentosTransporte", "Test of content");
return Content(res);
}
}
catch (Exception ex)
{
return Json(ex);
}
注意,是的,这是一个 SOAP 端点 - 我尝试发送有效的 SOAP 内容,但两种情况下的结果相同,我得到以下异常:
Note, yes, this is a SOAP endpoint - I tried sending valid SOAP content, yet the result is in both cases the same, I get the following exception:
底层连接已关闭:发送时发生意外错误.
堆栈跟踪:
at System.Net.WebClient.UploadDataInternal(Uri address, String method, Byte[] data, WebRequest& request)
at System.Net.WebClient.UploadString(Uri address, String method, String data)
at System.Net.WebClient.UploadString(String address, String data)
at MagniWebApp.Controllers.HomeController.NonTrustedCATestEndpoint() in C:Usersjoao.antunes.Office2source
epos 7. PlatformWebAppMagniWebAppControllersHomeController.cs:line 1154
内部异常的消息:
<代码>身份验证失败,因为远程方已关闭传输流.
有什么想法吗?!哈!
推荐答案
像这样在自定义回调中返回 true 的硬代码怎么样?
What about hardcode returning true in your custom callback like this?
public string Ssl()
{
try
{
ServicePointManager.ServerCertificateValidationCallback += (sender, cert, chain, sslPolicyErrors) => true;
using (var wc = new WebClient())
{
var res = wc.DownloadString("https://untrusted-root.badssl.com/");
Console.WriteLine(res);
return res;
}
}
catch (Exception ex)
{
return ex.ToString();
}
}
这篇关于HTTPS 客户端在 Azure Web App 上连接到没有受信任链(非受信任 CA)的服务器的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持编程学习网!
本文标题为:HTTPS 客户端在 Azure Web App 上连接到没有受信任链(非受信任 CA)的服务器
基础教程推荐
- 将 Office 安装到 Windows 容器 (servercore:ltsc2019) 失败,错误代码为 17002 2022-01-01
- SSE 浮点算术是否可重现? 2022-01-01
- MS Visual Studio .NET 的替代品 2022-01-01
- 将 XML 转换为通用列表 2022-01-01
- rabbitmq 的 REST API 2022-01-01
- 为什么Flurl.Http DownloadFileAsync/Http客户端GetAsync需要 2022-09-30
- 如何在 IDE 中获取 Xamarin Studio C# 输出? 2022-01-01
- 有没有办法忽略 2GB 文件上传的 maxRequestLength 限制? 2022-01-01
- c# Math.Sqrt 实现 2022-01-01
- 如何激活MC67中的红灯 2022-01-01