我有一个非常具体的情况:
使用TSL握手使用WCF Web服务的终结点的网站。许多用户可以在此网站上注册,上传其A1证书并通过该系统使用Web服务的端点。
在本地由IIS托管的Windows上,它工作得很好,当用户上传证书时,证书以blob的形式保存在数据库中,当我需要与Web服务对话时,请执行以下操作:
certificate = new X509Certificate2(company.Certificate.File, password, X509KeyStorageFlags.MachineKeySet);
// the SendFileServiceClient object is an auto-generated object, created when the WCF web service was registered
var sendFile = new SendFileServiceClient();
sendFile.ClientCredentials.ClientCertificate.Certificate = certificate;
await sendFile.OpenAsync();
answer = await sendFile.SendFileAsync(XElement.Parse(xmlFile));
await sendFile.CloseAsync();
但是当我对应用程序进行容器化时就会出现问题。使用docker它不起作用,我可以上传我的证书,在数据库上创建blob,甚至可以检索它并创建X509Certificate2对象(在调试时检查它时,证书的所有信息都在那里),但是,在answer =行,我得到以下信息:
无法使用权限'webservices.foo.bar'为SSL / TLS安全通道建立信任关系
这是堆栈跟踪:
at System.Net.Security.SslState.StartSendAuthResetSignal(ProtocolToken message, AsyncProtocolRequest asyncRequest, ExceptionDispatchInfo exception)
at System.Net.Security.SslState.CheckCompletionBeforeNextReceive(ProtocolToken message, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.ProcessReceivedBlob(Byte[] buffer, Int32 count, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.StartReadFrame(Byte[] buffer, Int32 readBytes, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.StartReceiveBlob(Byte[] buffer, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.CheckCompletionBeforeNextReceive(ProtocolToken message, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.ProcessReceivedBlob(Byte[] buffer, Int32 count, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.StartReadFrame(Byte[] buffer, Int32 readBytes, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.PartialFrameCallback(AsyncProtocolRequest asyncRequest)
--- End of stack trace from previous location where exception was thrown ---
at System.Net.Security.SslState.ThrowIfExceptional()
at System.Net.Security.SslState.InternalEndProcessAuthentication(LazyAsyncResult lazyResult)
at System.Net.Security.SslState.EndProcessAuthentication(IAsyncResult result)
at System.Net.Security.SslStream.EndAuthenticateAsClient(IAsyncResult asyncResult)
at System.Net.Security.SslStream.<>c.<AuthenticateAsClientAsync>b__47_1(IAsyncResult iar)
at System.Threading.Tasks.TaskFactory`1.FromAsyncCoreLogic(IAsyncResult iar, Func`2 endFunction, Action`1 endAction, Task`1 promise, Boolean requiresSynchronization)
--- End of stack trace from previous location where exception was thrown ---
at System.Net.Http.ConnectHelper.EstablishSslConnectionAsyncCore(Stream stream, SslClientAuthenticationOptions sslOptions, CancellationToken cancellationToken)
我的Docker映像的基础是:
FROM microsoft/dotnet:2.2-aspnetcore-runtime
谁能告诉我这里的问题是什么?甚至可以用Docker映像执行我需要的操作吗?