那些遇到过的问题

如何在.net core 2.1中忽略SSL验证

mav*_*avi 2 .net c# ssl

我正在尝试调用部署在 Linux 服务器上的 Web 服务,该服务器具有来自在 .net core 中开发并部署在 IIS 服务器(Windows server 2012)上的应用程序的自签名证书。

\n\n

但是当我尝试调用端点时,会引发下一个错误:

\n\n
\n

"Message": "无法建立 SSL 连接,请参阅内部\n 异常。",\n "Description": "InnerError : System.Security.Authentication.AuthenticationException: 身份验证\n 失败,请参阅内部异常。 --- >\n System.ComponentModel.Win32Exception: Mensaje recibido inesperado, o\n bien su 格式不正确\r\n --- 内部异常堆栈\n 跟踪结束 ---\r\n at\n System.Net.Security.SslState.StartSendAuthResetSignal(ProtocolToken\n 消息,AsyncProtocolRequest asyncRequest,ExceptionDispatchInfo\n 异常)\\r\\n at\n System.Net.Security.SslState.CheckCompletionBeforeNextReceive(ProtocolToken\n 消息,AsyncProtocolRequest asyncRequest) \\r\\n 位于\n System.Net.Security.SslState.StartSendBlob(Byte[] 传入,Int32\n 计数,AsyncProtocolRequest asyncRequest)\\r\\n 位于\n System.Net.Security.SslState.ProcessReceivedBlob (Byte[] 缓冲区,Int32\n 计数,AsyncProtocolRequest asyncRequest)\\r\\n at\n System.Net.Security.SslState.StartReadFrame(Byte[] 缓冲区,Int32\n readBytes,AsyncProtocolRequest asyncRequest)\\r\ \n at\n System.Net.Security.SslState.PartialFrameCallback(AsyncProtocolRequest\n asyncRequest)\\r\\n--- 抛出异常的上一个位置的堆栈跟踪结尾 ---\\r\\ n at\n System.Net.Security.SslState.ThrowIfExceptional()\\r\\n at\n System.Net.Security.SslState.InternalEndProcessAuthentication(LazyAsyncResult\n lazyResult)\\r\\n at\n System. Net.Security.SslState.EndProcessAuthentication(IAsyncResult\n result)\\r\\n at\n System.Net.Security.SslStream.EndAuthenticateAsClient(IAsyncResult\n asyncResult)\\r\\n at\n System.Net。 Security.SslStream.<>c.b__47_1(IAsyncResult\n iar)\\r\\n at\n System.Threading.Tasks.TaskFactory 1.FromAsyncCoreLogic(IAsyncResult\n iar, Func2 endFunction,操作1 endAction, Task1 承诺,布尔值\n 需要同步)\\r\\n- -- 抛出异常的上一个位置的堆栈跟踪结束 ---\\r\\n at\n System.Net.Http.ConnectHelper.EstablishSslConnectionAsyncCore(Stream\n stream, SslClientAuthenticationOptions sslOptions, CancellationToken\n CancellationToken) | stackTrace : at\n System.Net.Http.ConnectHelper.EstablishSslConnectionAsyncCore(Stream\n 流、SslClientAuthenticationOptions sslOptions、CancellationToken\n CancellationToken)\\r\\n at\n System.Threading.Tasks.ValueTask 1.get_Result()\\r\\n at\n System.Net.Http.HttpConnectionPool.CreateConnectionAsync(HttpRequestMessage\n request, CancellationToken cancellationToken)\\r\\n at\n System.Threading.Tasks.ValueTask1.get_Result()\ \r\\n at\n System.Net.Http.HttpConnectionPool.WaitForCreatedConnectionAsync(ValueTask1\n creationTask)\\r\\n at\n System.Threading.Tasks.ValueTask1.get_Result()\\r\\n at\n System.Net.Http.HttpConnectionPool.SendWithRetryAsync(HttpRequestMessage\n request, Boolean doRequestAuth, CancellationToken\n CancellationToken)\\r\\n at\n System.Net。 Http.RedirectHandler.SendAsync(HttpRequestMessage request,\n CancellationToken CancellationToken)\\r\\n at\n System.Net.Http.HttpClient.FinishSendAsyncBuffered(Task`1 sendTask,\n HttpRequestMessage 请求, CancellationTokenSource cts, Boolean\n disposeCts )\\r\\n at\n ReservasProxy.Data.APIConnection.CallXMLFormDataApiPostAsyc(String\n body) in\n C:\\gitProjects\\ResevasProxy\\ReservasProxy\\ReservasProxy\\Data\\APIConnection.cs:line \n 181\r\n

\n
\n\n

我已经尝试了下一个解决方案,但它们没有 \xc2\xb4t 工作。

\n\n

解决方案1:

\n\n
          using (var httpClientHandler = new HttpClientHandler())\n        {\n            httpClientHandler.ServerCertificateCustomValidationCallback = (message, cert, chain, errors) => { return true; };\n            // Make your request...\n            //send request\n            using (var httpClient = new HttpClient(httpClientHandler))\n            {\n\n                var content = new StringContent(body, Encoding.UTF8, "application/soap+xml");\n                HttpResponseMessage response = await httpClient.PostAsync(_url, content);\n                //var res = await response.Content.ReadAsAsync<T>();\n\n\n            }\n\n\n        }\n
Run Code Online (Sandbox Code Playgroud)\n\n

解决方案2:

\n\n
            //send request\n        using (var httpClient = new HttpClient())\n        {\n             ServicePointManager.ServerCertificateValidationCallback = delegate { return true; };\n            ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls;\n            ServicePointManager.ServerCertificateValidationCallback += (sender, cert, chain, sslPolicyErrors) => true;\n            var content = new StringContent(body, Encoding.UTF8, "application/soap+xml");\n            HttpResponseMessage response = await httpClient.PostAsync(_url, content);\n\n        }\n
Run Code Online (Sandbox Code Playgroud)\n\n

解决方案 3:\n尝试导入证书,然后进行调用,但仍然无法正常工作。

\n\n
const string certPath = @"C:\\soaProdcer.cer";    \nvar handler = new HttpClientHandler\n            {\n                ClientCertificateOptions = ClientCertificateOption.Manual,\n                SslProtocols = System.Security.Authentication.SslProtocols.Tls\n            };\n            handler.ClientCertificates.Add(new System.Security.Cryptography.X509Certificates.X509Certificate(certPath));\n\n            //send request\n            using (var httpClient = new HttpClient(handler))\n            {\n                var content = new StringContent(body, Encoding.UTF8, "application/soap+xml");\n                HttpResponseMessage response = await httpClient.PostAsync(_url, content);\n\n            }\n
Run Code Online (Sandbox Code Playgroud)\n\n

我使用 OpenSSL 获得了证书

\n\n
>openssl s_client -showcerts -connect serversoa:443\n\nNo client certificate CA names sent\n---\nSSL handshake has read 774 bytes and written 493 bytes\n---\nNew, TLSv1/SSLv3, Cipher is RC4-SHA\nServer public key is 1024 bit\nSecure Renegotiation IS supported\nCompression: NONE\nExpansion: NONE\nNo ALPN negotiated\nSSL-Session:\n    Protocol  : TLSv1\n    Cipher    : RC4-SHA\n    Session-ID: 4E0F69C75B8F041101562F7E9B3EA349\n    Session-ID-ctx:\n    Master-Key: 61A916A9B8AF26281B5F7A0138DF5E4C2A4B83995E0B3FDD2274BAD0D8E3C2B5E98AA7CCB48A6543F6814C2540B18848\n    Key-Arg   : None\n    PSK identity: None\n    PSK identity hint: None\n    SRP username: None\n    Start Time: 1558979896\n    Timeout   : 300 (sec)\n    Verify return code: 18 (self signed certificate)\n
Run Code Online (Sandbox Code Playgroud)\n\n

我将证书导入 IIS 服务器到受信任的根证书颁发机构。

\n

toa*_*nnm 5

我不记得微软告诉你这个的具体链接了。您的上述解决方案适用于较旧的 asp.net core 版本。这是我为项目实现的最新 ASP.NET Core 解决方案。我希望它对你有帮助。

services.AddHttpClient<IYourService, YourService>()
    .ConfigurePrimaryHttpMessageHandler(sp => new HttpClientHandler
    {
        AllowAutoRedirect = false,
        ServerCertificateCustomValidationCallback = (message, certificate2, arg3, arg4) => true,
        SslProtocols = SslProtocols.Tls | SslProtocols.Tls11 | SslProtocols.Tls12
    });
Run Code Online (Sandbox Code Playgroud)

另请阅读有关 HttpClientFactory 的信息:https://learn.microsoft.com/en-us/dotnet/standard/microservices-architecture/implement-resilient-applications/use-httpclientfactory-to-implement-resilient-http-requests

归档时间:

查看次数:

17788 次

最近记录:

6 年,6 月 前
绕过.net核心中的无效SSL证书 67
更多相关链接
相关归档
在.net中使用ObservableCollection有什么用? 220
适用于Amazon S3静态网站的HTTPS 83
如何正确重置CancellationToken? 41
'ItemsSource ="{Binding}"是什么意思? 34
JDK/JRE源代码与匹配的JSSE(SSL)源代码和匹配的可运行JDK/JRE? 11
使用Java编写SSL检查器 6
仅为mysql jdbc设置自定义SSL信任库 5
Python SSL Socket:从服务器和客户端接收和发送 4
自定义SSL证书授权? 2
在Rails中与Force_SSL相反? 2
难疑归档
迭代HashMap 3244
如何检查列表是否为空? 3235
jQuery是否存在"存在"功能? 2669
在jQuery中添加表行 2331
如何在Git中检索当前提交的哈希值? 1788
为什么Dictionary优先于Hashtable? 1348
如何将包含文件的文件夹复制到Unix/Linux中的另一个文件夹? 1145
如果我已经开始使用rebase,如何将两个提交合并为一个? 1111
如何将参数传递给批处理文件? 1100
在Ruby on Rails中对nil v.空v.空白的简要解释 1098