HTTPS 客户端在 Azure Web App 上连接到没有受信任链(非受信任 CA)的服务器-C#/.NET问题

HTTPs Client to connect to server without trusted chain (non trusted CA) on Azure Web App(HTTPS 客户端在 Azure Web App 上连接到没有受信任链(非受信任 CA)的服务器)

本文介绍了HTTPS 客户端在 Azure Web App 上连接到没有受信任链(非受信任 CA)的服务器的处理方法，对大家解决问题具有一定的参考价值，需要的朋友们下面随着小编来一起学习吧！

问题描述

我在尝试连接到具有尚未由受信任的 CA 签名的证书的服务器时被卡住了大约 3 天 - 您可以通过 Azure 门户添加 CA 的证书 - 但没有任何影响.

I have been stuck for around 3 days trying to connect to a server that has a certificate which hasn't been signed by a trusted CA - you can add the CA's certificate through Azure Portal - but to no affect.

显然所有 HTTP 都使用内核模块 (!) HTTP.SYS.

apparently everything HTTP uses a kernel module (!) HTTP.SYS.

我看到的所有建议都可以使用:

All of the suggestions I have seen to override this either use:

ServicePointManager.ServerCertificateValidationCallback = Communicator.CustomServiceCertificateValidation;


(或请求本身的较少全球性的对应物)
(or its less global counterpart on the request itself)
或类似的东西:
 client.ClientCredentials.ServiceCertificate.SslCertificateAuthentication =
                 new X509ServiceCertificateAuthentication()
                 {
                     CertificateValidationMode = X509CertificateValidationMode.Custom,
                     RevocationMode = X509RevocationMode.NoCheck,

                     //TrustedStoreLocation = StoreLocation.CurrentUser,
                     CustomCertificateValidator = new PermissiveCertificateValidator()

                 };

然而，两者都没有被调用！！
yet, neither gets invoked!!
一些更重要的细节:
这行得通:
  try
        {
            ServicePointManager.ServerCertificateValidationCallback += (sender, cert, chain, sslPolicyErrors) => true;
            using (var wc = new WebClient())
            {
                var res = wc.DownloadString("https://untrusted-root.badssl.com/");
                return Content(res);
            }
        }
        catch (Exception ex)
        {
            return Content(ex.ToString());
        }

但是，我需要使用客户端证书对自己进行身份验证 - 因此，请按照此处的说明进行操作:怎么可能向 WebClient (C#) 添加证书?
Yet, I need to authenticate myself with a client certificate - so, following the instructions found here:
How can you add a Certificate to WebClient (C#)?
我最终得到以下代码:
class ATWebClient : WebClient
{
    protected override WebRequest GetWebRequest(Uri address)
    {
        HttpWebRequest request = (HttpWebRequest)base.GetWebRequest(address);
        request.Headers.Add("SOAPAction", "https://servicos.portaldasfinancas.gov.pt/sgdtws/documentosTransporte/");
        X509Certificate2 cert = new X509Certificate2();
        //From user installed Certificates
        //cert.Import(_pathCertificate, _passwordCertificate, X509KeyStorageFlags.DefaultKeySet);
        //From FileSystem "ResourcesCertificates"
        cert.Import(Common.Properties.Resources.testewebservices_novo, "TESTEwebservice", X509KeyStorageFlags.Exportable);

        // Output Certificate 
        //Utils.Log(string.Format("Cert Subject: [{0}], NotBefore: [{1}], NotAfter: [{2}]", cert.Subject, cert.NotBefore, cert.NotAfter));

        request.ClientCertificates.Add(cert);
        request.Method = "POST";
        request.ContentType = "text/xml; charset=utf-8";
        request.Accept = "text/xml";


        return request;
    }

现在我调用服务:
   try
    {

        ServicePointManager.ServerCertificateValidationCallback += (sender, cert, chain, sslPolicyErrors) => true;
        ServicePointManager.CheckCertificateRevocationList = false;
        ServicePointManager.UseNagleAlgorithm = false;
        using (var wc = new ATWebClient())
        {
            //var res = wc.DownloadString("https://servicos.portaldasfinancas.gov.pt:701/sgdtws/documentosTransporte");
            var res = wc.UploadString("https://servicos.portaldasfinancas.gov.pt:701/sgdtws/documentosTransporte", "Test of content");
            return Content(res);
        }


    }
    catch (Exception ex)
    {
        return Json(ex);
    }

注意，是的，这是一个 SOAP 端点 - 我尝试发送有效的 SOAP 内容，但两种情况下的结果相同，我得到以下异常:
Note, yes, this is a SOAP endpoint - I tried sending valid SOAP content, yet the result is in both cases the same, I get the following exception:
底层连接已关闭:发送时发生意外错误.
堆栈跟踪:
   at System.Net.WebClient.UploadDataInternal(Uri address, String method, Byte[] data, WebRequest& request)
   at System.Net.WebClient.UploadString(Uri address, String method, String data)
   at System.Net.WebClient.UploadString(String address, String data)
   at MagniWebApp.Controllers.HomeController.NonTrustedCATestEndpoint() in C:Usersjoao.antunes.Office2source
epos7. PlatformWebAppMagniWebAppControllersHomeController.cs:line 1154

内部异常的消息: