无法为SSL / TLS建立安全通道

时间:2017-03-28 15:04:22

标签: c# wcf ssl certificate

我的WCF服务设置为使用服务器和客户端证书,如下所示:

     ServiceHostFactory.CreateService<MyAppClientService>($"https://localhost:{serverSettings.SmartCardSSLPort}/MyApp5Service/Sll")
                        .UseProtobuf()
                        .AddServiceBehavior(new CustomServiceBehavior_ClientService())
                        .AddAuthorizationPolicy(new CustomAuthorizationPolicy_ClientService())
                        .UseSecureConnection(environmentSettings.SecureConnection)
                        .UseThrottling()
                        .Start(EndpointService.CreateNetHttpsBinding(true));
                    await ServiceHandler.RegisterClientServiceToConsul(MyAppServices.ClientServer_Smartcard, serverSettings.SmartCardSSLPort);

public ServiceHostBuilder<T> UseSecureConnection(SecureConnectionSettings settings)
        {
            if (settings != null && settings.Enabled)
            {
                Console.WriteLine("Setting certificates");
                X509Store store = new X509Store(settings.CertificateStore, settings.CertificateLocation);
                store.Open(OpenFlags.ReadOnly);
                X509Certificate2Collection certs = store.Certificates.Find(X509FindType.FindByThumbprint, settings.Thumbprint, true);
                store.Close();

                if (certs.Count > 0)
                {
                    _serviceHost.Credentials.ServiceCertificate.SetCertificate(settings.CertificateLocation,
                    settings.CertificateStore, X509FindType.FindByThumbprint, settings.Thumbprint);
                }
                else
                    throw new Exception("Could not find certificate with thumbprint " + settings.Thumbprint);
            }
            return this;
        }

public static NetHttpsBinding CreateNetHttpsBinding(bool requiredClientCertificate = false)
        {
            var binding = new NetHttpsBinding();
            SetBindingSettings(binding);
            binding.Security = new BasicHttpsSecurity();
            binding.Security.Mode = BasicHttpsSecurityMode.Transport;
            binding.Security.Transport = new HttpTransportSecurity();

            if (requiredClientCertificate)
                binding.Security.Transport.ClientCredentialType = HttpClientCredentialType.Certificate;
            else
                binding.Security.Transport.ClientCredentialType = HttpClientCredentialType.None;

            return binding;
        }

客户端创建如下通道:

private async Task<ChannelFactory<T>> CreateChannelFactory(LoginTypeBase loginType, OrbitToken token)
        {
            var service = await _ConsulService.GetServiceBlocking(loginType.OrbitServicesToUse, forceRefresh: true, token: new CancellationTokenSource(TimeSpan.FromSeconds(30)).Token);

            if (service == null)
                throw new OrbitServiceCommunicationException();

            var cert = loginType.ClientCertificate;
            var uri = loginType.GetOrbitClientServiceURL(service.Address, service.Port);

            var header = AddressHeader.CreateAddressHeader(nameof(OrbitToken), nameof(OrbitToken), token);
            var endpointAddress = new EndpointAddress(uri, header);

            ServiceEndpoint serviceEndpoint = null;
            if (loginType.LoginType == LoginType.SmartCard || loginType.LoginType == LoginType.UsernamePasswordSLL)
            {
                var binding = new NetHttpsBinding("netHttpsBinding");
                binding.Security.Mode = BasicHttpsSecurityMode.Transport;
                if (loginType.LoginType == LoginType.SmartCard)
                    binding.Security.Transport.ClientCredentialType = HttpClientCredentialType.Certificate;
                else
                    binding.Security.Transport.ClientCredentialType = HttpClientCredentialType.None;

                serviceEndpoint = new ServiceEndpoint(ContractDescription.GetContract(typeof(T)), binding, endpointAddress);
            }
            else
            {
                var binding = new NetHttpBinding("netHttpBinding");
                serviceEndpoint = new ServiceEndpoint(ContractDescription.GetContract(typeof(T)), binding, endpointAddress);
            }

            serviceEndpoint.EndpointBehaviors.Add(new ProtoEndpointBehavior());
            serviceEndpoint.EndpointBehaviors.Add(new CustomMessageInspectorBehavior());


            var v = new ChannelFactory<T>(serviceEndpoint);
            if (loginType.LoginType == LoginType.SmartCard)
            {
                v.Credentials.ClientCertificate.Certificate = cert;
                //v.Credentials.ClientCertificate.SetCertificate(StoreLocation.CurrentUser, StoreName.My, X509FindType.FindByThumbprint, cert.Thumbprint);
            }
            return v;
        }

当智能卡插入阅读器时,第三方程序会将此卡中的证书复制到本地商店。

我的应用程序将捕获此更改并使用其中一个证书作为客户端证书。

上面的代码第一次运行正常。当客户端第一次调用该服务时,第三个程序将询问用户的引脚,如果这是有效的,则通信继续。

问题是如果我移除智能卡然后将其重新插入,我将在下次调用服务时获得SSL / TLS?在这一点上,我没有创建一个新的频道,但是我在移除该卡之前使用了相同的频道。

这里有什么东西在.NET上发生,还是我的第三方软件阻止了我?也许我必须在证书被删除然后再次放入后创建一个新频道?

这是我得到的例外情况的一个例子:

  

System.ServiceModel.Security.SecurityNegotiationException:无法   为权威人士建立SSL / TLS安全通道   &#39; 139.107.245.141:44310&#39 ;. ---&GT; System.Net.WebException:请求是   已中止:无法创建SSL / TLS安全通道。在   System.Net.HttpWebRequest.EndGetResponse(IAsyncResult asyncResult)
  在   System.ServiceModel.Channels.HttpChannelFactory 1.HttpRequestChannel.HttpChannelAsyncRequest.CompleteGetResponse(IAsyncResult result) --- End of inner exception stack trace --- at MyApp.Client.Main.Classes.Controllers.ErrorHandler.UnwrapAgentException(Exception exception) in C:\MyApp\Produkter\MyApp Utveckling\Solution\MyApp.Client.Main\Classes\Controllers\ErrorHandler.cs:line 35 at MyApp.Client.Main.ServiceManagement.ServiceAgents.AkutlistanAgent.GetAkutListan(List 1   orgEnhetList,列出1 tooltipKeys, List 1个userItems)   C:\ MYAPP \ Produkter \ MYAPP   Utveckling \解决方案\ Myapp.Client.Main \类\服务   管理\服务代理\ AkutlistanAgent.cs:第88行   Myapp.Client.Main.GUI.Akutlista.ucAkutLista.buildGrid()in   C:\ MYAPP \ Produkter \ MYAPP   Utveckling \解决方案\ Myapp.Client.Main \ GUI \ Akutlista \ ucAkutLista.cs:行   550点   Myapp.Client.Main.GUI.Akutlista.ucAkutLista.SetArbetsstalle(列表1 orgEnhetList) in C:\Myapp\Produkter\Myapp Utveckling\Solution\Myapp.Client.Main\GUI\Akutlista\ucAkutLista.cs:line 1742 at Myapp.Client.Main.GUI.Akutlista.ucAkutLista.OrgEnhetList_EditValueChanged(Object sender, EventArgs e) in C:\Myapp\Produkter\Myapp Utveckling\Solution\Myapp.Client.Main\GUI\Akutlista\ucAkutLista.cs:line 1828 at System.EventHandler.Invoke(Object sender, EventArgs e)
at DevExpress.XtraEditors.Repository.RepositoryItem.RaiseEditValueChangedCore(EventArgs e) at DevExpress.XtraEditors.Repository.RepositoryItem.RaiseEditValueChanged(EventArgs e) at DevExpress.XtraEditors.BaseEdit.RaiseEditValueChanged() at DevExpress.XtraEditors.BaseEdit.OnEditValueChanged() at DevExpress.XtraEditors.TextEdit.OnEditValueChanged() at DevExpress.XtraEditors.BaseEdit.OnEditValueChanging(ChangingEventArgs e) at DevExpress.XtraEditors.TextEdit.OnEditValueChanging(ChangingEventArgs e) at DevExpress.XtraEditors.BaseEdit.set_EditValue(Object value)
at Myapp.Client.Main.GUI.Akutlista.ucAkutLista.SetActiveOrganisationEnhet(List 1   organisationsEnhetList,List`1 prioriteringsGruppList)in   C:\ MYAPP \ Produkter \ MYAPP   Utveckling \解决方案\ Myapp.Client.Main \ GUI \ Akutlista \ ucAkutLista.cs:行   1731 at Myapp.Client.Main.GUI.Akutlista.ucAkutLista.LoadControl()   在C:\ Myapp \ Produkter \ Myapp中   Utveckling \解决方案\ Myapp.Client.Main \ GUI \ Akutlista \ ucAkutLista.cs:行   395 at   Myapp.Client.Main.GUI.Planering.ucOversiktsTabControl.loadPage()in   C:\ MYAPP \ Produkter \ MYAPP   Utveckling \解决方案\ Myapp.Client.Main \ GUI \ Planering \ ucOversiktsTabControl.cs:行   703在   Myapp.Client.Main.GUI.Planering.ucOversiktsTabControl..ctor()in   C:\ MYAPP \ Produkter \ MYAPP   Utveckling \解决方案\ Myapp.Client.Main \ GUI \ Planering \ ucOversiktsTabControl.cs:行   68点   Myapp.Client.Main.GUI.Planering.frmPlaneringsOversikt.InitializeComponent()   在C:\ Myapp \ Produkter \ Myapp中   Utveckling \解决方案\ Myapp.Client.Main \ GUI \ Planering \ frmPlaneringsOversikt.Designer.cs:行   180点到   Myapp.Client.Main.GUI.Planering.frmPlaneringsOversikt..ctor()in   C:\ MYAPP \ Produkter \ MYAPP   Utveckling \解决方案\ Myapp.Client.Main \ GUI \ Planering \ frmPlaneringsOversikt.cs:行   147点   Myapp.Client.Main.GUI.Planering.frmPlaneringsOversikt.OpenForm()in   C:\ MYAPP \ Produkter \ MYAPP   Utveckling \解决方案\ Myapp.Client.Main \ GUI \ Planering \ frmPlaneringsOversikt.cs:行   在Myapp.Client.Main.GUI.frmMainMyapp.OpenPlaningOverview()中的112   C:\ MYAPP \ Produkter \ MYAPP   Utveckling \ Solution \ Myapp.Client.Main \ GUI \ frmMainMyapp.cs:line 2265
  在   Myapp.Client.Main.GUI.frmMainMyapp.navBarItemPlanering_LinkClicked(对象   发件人,NavBarLinkEventArgs e)在C:\ Myapp \ Produkter \ Myapp中   Utveckling \ Solution \ Myapp.Client.Main \ GUI \ frmMainMyapp.cs:第619行
  在DevExpress.XtraNavBar.NavBarItem.RaiseLinkEvent(Object linkEvent,   NavBarItemLink链接)at   DevExpress.XtraNavBar.NavBarItem.RaiseLinkClicked(NavBarItemLink链接)   在   DevExpress.XtraNavBar.NavBarItem.RaiseLinkClickedCore(NavBarItemLink   链接)   DevExpress.XtraNavBar.NavBarControl.RaiseLinkClicked(NavBarItemLink   链接)   DevExpress.XtraNavBar.ViewInfo.NavBarViewInfo.DoLinkClick(NavBarHitInfo   hitInfo)   DevExpress.XtraNavBar.ViewInfo.NavBarViewInfo.DoClick(NavBarHitInfo   hitInfo)   DevExpress.XtraNavBar.ViewInfo.NavigationPaneViewInfo.DoClick(NavBarHitInfo   hitInfo)   DevExpress.XtraNavBar.ViewInfo.NavBarViewInfo.OnMouseUp(MouseEventArgs   e)在DevExpress.XtraNavBar.NavBarControl.OnMouseUp(MouseEventArgs)   ev)在System.Windows.Forms.Control.WmMouseUp(消息&amp; m,   MouseButtons按钮,Int32点击)at   System.Windows.Forms.Control.WndProc(Message&amp; m)at   DevExpress.XtraNavBar.NavBarControl.WndProc(Message&amp; m)at at   System.Windows.Forms.Control.ControlNativeWindow.OnMessage(Message&amp; m)   在System.Windows.Forms.Control.ControlNativeWindow.WndProc(Message&amp;   m)在System.Windows.Forms.NativeWindow.Callback(IntPtr hWnd,Int32)   msg,IntPtr wparam,IntPtr lparam)

编辑:我有关于MS WinInet的提示可能是问题,为了克服它我需要重新启动应用程序或以某种方式重置MS WinInet?

1 个答案:

答案 0 :(得分:0)

您检查过防火墙设置了吗?如果是这样,那么值得检查正确的端口是否正在打开进行通信。

相关问题
最新问题