我有一个为8.1构建的Windows Phone应用程序,其中一个任务是客户端 - 服务器证书方案。我的应用程序工作正常,我可以发送客户端证书并登录到服务器。但升级到Windows 8.10.14xxxx之后无法实现。我接受了wireshark的痕迹,似乎证书永远不会发送。 消息的内容长度为0.
我使用HttpBaseProtocolFilter(等待)和async private void btnInstall_Click(object sender, RoutedEventArgs e)
{
//Install the self signed client cert to the user certificate store
string CACertificate = null;
try
{
Uri uri = new Uri("ms-appx:///certificates/test.pfx");
var file = await Windows.Storage.StorageFile.GetFileFromApplicationUriAsync(uri);
IBuffer buffer = await FileIO.ReadBufferAsync(file);
using (DataReader dataReader = DataReader.FromBuffer(buffer))
{
byte[] bytes = new byte[buffer.Length];
dataReader.ReadBytes(bytes);
// convert to Base64 for using with ImportPfx
CACertificate = System.Convert.ToBase64String(bytes);
}
await CertificateEnrollmentManager.UserCertificateEnrollmentManager.ImportPfxDataAsync(
CACertificate,
"xxxxx",
ExportOption.Exportable,
KeyProtectionLevel.NoConsent,
InstallOptions.None,
"ClientCert1");
}
catch (Exception ex)
{
//;
}
}
输入证书。它在升级之前完美无缺。
有什么想法吗?什么东西坏了?
首先我正在安装pfx
string serviceURL = "https://my.web.services";
Certificate cert = null;
CertificateQuery query = new CertificateQuery();
query.FriendlyName = "ClientCert1";
IReadOnlyCollection<Certificate> certs = await CertificateStores.FindAllAsync(query);
HttpBaseProtocolFilter bpf = new HttpBaseProtocolFilter();
//if you install the CA you don't need to ignore the ServerCertificate Errors
//bpf.IgnorableServerCertificateErrors.Add(ChainValidationResult.Untrusted);
if (certs.Count > 0)
{
cert = certs.ElementAt(0);
bpf.ClientCertificate = cert;
}
HttpClient httpClient = new HttpClient(bpf);
try
{
var response = await httpClient.GetInputStreamAsync(new Uri(serviceURL));
//take data
}
catch (Exception ex)
{
//0x80072F0D
}
然后我正在调用服务
0x80072F0D在8.10.14xxxx Windows手机中运行时,我总是采用异常(0x800072F0D)。我的代码在更新之前工作,现在我总是使用此返回代码。证书在httpClient中加载。当我使用调试器停止应用程序时,似乎证书在那里,但是{{1}}可能意味着证书没有被发送?
方案中有一个中间证书颁发机构。该证书包含在pfx中。我需要以某种方式安装吗?
答案 0 :(得分:1)
我假设您已将客户端证书放入应用程序证书存储区。
如果没有,请执行以下操作:
1)下载PFX文件
2)按照
await CertificateEnrollmentManager.ImportPfxDataAsync(certString, "Your_PFX_Password", ExportOption.Exportable, KeyProtectionLevel.NoConsent, InstallOptions.None, friendlyName);
3)检查证书库中的证书。
CertificateQuery certQuery = new CertificateQuery();
certQuery.FriendlyName = friendlyName;
IReadOnlyList<Certificate> certs = await CertificateStores.FindAllAsync(certQuery);
certs[0]应该拥有您需要的证书。
4)现在,将证书附加到HTTP请求
HttpBaseProtocolFilter protolFilter = new HttpBaseProtocolFilter();
protolFilter.ClientCertificate = certs[0] //from previous step
HttpClient client = new HttpClient(protolFilter)
PS:你不应该使用System.Net.htpp.HttpClient。而不是你应该使用Windows.Web.Http.HttpClient。