Amqp.net - 在Windows服务下运行时出现SSL身份验证问题

Question

我正在使用AMQP.net（amqpnetlite客户端）与IBM MQ进行通信。以下代码在作为独立控制台应用程序工作时工作正常。 但是当在Windows服务下运行相同的代码集时，我在创建连接线（DataGridView）时收到身份验证失败错误。

错误：

  

InternalEndProcessAuthentication（System.Net.LazyAsyncResult））：   身份验证失败，因为远程方已关闭   运输流。

对于SSL，我在服务器端创建了自签名证书，并在IBM MQ中对其进行了配置。我已将证书导入本地计算机个人证书存储。

代码：

var connection = factory.CreateAsync(address1).Result

我试过没有以下行，也有sslprotocols的多种组合。在搜索了SO之后，我到达了以下行，但仍然会出现同样的错误。

using System;
using System.Configuration;
using System.Net.Security;
using System.Security.Authentication;
using System.Security.Cryptography.X509Certificates;
using Amqp;
using Amqp.Framing;
using Amqp.Listener;
using Amqp.Sasl;



namespace ConsoleApplication1
{
    class Program
    {

        static void Main(string[] args)
        {
            ConnectionFactory factory = new ConnectionFactory();
            factory.SSL.ClientCertificates.Add(GetCertificate("SERVERMACHINENAME"));
            factory.SSL.Protocols = SslProtocols.TLS12 | SslProtocols.Ssl2;
            factory.SSL.RemoteCertificateValidationCallback = ValidateServerCertificate;
            factory.SSL.CheckCertificateRevocation = false;

            var address1 = new Address(ConfigurationManager.AppSettings["ip"], Int32.Parse(ConfigurationManager.AppSettings["port"]), null, null, "/", "AMQPS");
            var connection = factory.CreateAsync(address1).Result;

            Session session = new Session(connection);

            Console.WriteLine("Creating ReceiverLink...");
            var _receiverLink = new ReceiverLink(session, "Test_Recv", "Test/Test");
            _receiverLink.Start(5, onMessage);

            Console.WriteLine("Creating SenderLink...");
            SenderLink sender = new SenderLink(session, "Test_Sender", "Test/Test");
            var message = new Message("Hello world");


            sender.Send(message);
            sender.Close();

            session.Close();
            _receiverLink.Close();
            connection.Close();

        }

        private static void  onMessage(ReceiverLink receiver, Message message)
        {
            Console.WriteLine("Message Received");
            /// Parsing and sending to required system
        }


        static bool ValidateServerCertificate(object sender, X509Certificate certificate, X509Chain chain, SslPolicyErrors sslPolicyErrors)
        {
            return true;
        }

        static X509Certificate2 GetCertificate(string certFindValue)
        {
            StoreLocation[] locations = new StoreLocation[] { StoreLocation.LocalMachine, StoreLocation.CurrentUser };
            foreach (StoreLocation location in locations)
            {
                X509Store store = new X509Store(StoreName.My, location);
                store.Open(OpenFlags.OpenExistingOnly);

                X509Certificate2Collection collection = store.Certificates.Find(
                    X509FindType.FindBySubjectName,
                    certFindValue,
                    false);

                if (collection.Count == 0)
                {
                    collection = store.Certificates.Find(
                        X509FindType.FindByThumbprint,
                        certFindValue,
                        false);
                }

                store.Close();

                if (collection.Count > 0)
                {
                    return collection[0];
                }
            }

            throw new ArgumentException("No certificate can be found using the find value " + certFindValue);
        }


    }
}

在作为Windows服务运行SSL通信时是否需要进行任何更改？

Answer 1

• 您是否尝试在 mmc.exe 中授予服务用户对私钥的权限/添加/删除管理单元.../证书 [计算机帐户]