建立TLS连接时,将忽略分配的客户端证书

时间:2017-05-26 17:39:58

标签: c# x509certificate tls1.2

在这个问题中Connecting to a Web Service using Client Certificate authentication我试图使用服务器管理员提供的客户端证书从c#调用SOAP Web服务。正如在那个问题中,我可以在浏览器中使用提供的证书访问Web服务(他使用CURL,我可以使用IE 但不能使用FF )。我已经确定在浏览器和下面的代码中使用相同的证书,并且服务器支持TLS 1.2,这与链接的问题不同 - 这是使我的问题与众不同的唯一因素。

证书已导入MyRoot存储中,我可以确定在进行WS方法调用之前找到它并将其分配给WS对象实例。

但在追踪中我可以看到它被忽略了:

  

System.Net信息:0:[5928]   TlsStream#11958757 ::。ctor(host = wsuat.domain.com,#ceces = 0)

我使用的代码非常简单,我从之前的开发人员那里继承了它,并且被告知大约1年前它“习惯了”。注释掉证书分配行后,它在本地工作正常,但是一旦我尝试在打开双向SSL的服务器上访问WS,它就会失败:

using (ASoapClient client = new ASoapClient())
{
    try
    {
        //ServicePointManager.Expect100Continue = true;
        ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12;

        client.ClientCredentials.ClientCertificate.SetCertificate(
             StoreLocation.LocalMachine
            ,StoreName.Root // also can load from .My
            ,X509FindType.FindBySerialNumber // also can find by SubjectName
            ,"FA33.........................634"
        );
        SubmitResult rr = client.Submit(req);
    }
    catch(Exception ex)
    {
        MessageBox.Show(ex.Message, "Error submitting");
    }
}

当我将Expect100Continue设置为true时,我收到以下异常:

System.ServiceModel.CommunicationException: An error occurred while making the HTTP request to https://wsuat.domain.com/wsuat/ws.asmx.
This could be due to the fact that the server certificate is not configured properly with HTTP.SYS in the HTTPS case. This could also be caused by a mismatch of the security binding between the client and the server.
---> System.Net.WebException: The underlying connection was closed: An unexpected error occurred on a send. 
---> System.IO.IOException: Unable to read data from the transport connection: An existing connection was forcibly closed by the remote host. 
---> System.Net.Sockets.SocketException: An existing connection was forcibly closed by the remote host

当我发表评论时,我得到以下内容:

System.ServiceModel.Security.SecurityNegotiationException: Could not establish secure channel for SSL/TLS with authority 'wsuat.domain.com'.
---> System.Net.WebException: The request was aborted: Could not create SSL/TLS secure channel.
at System.Net.HttpWebRequest.GetResponse()
at System.ServiceModel.Channels.HttpChannelFactory`1.HttpRequestChannel.HttpChannelRequest.WaitForReply(TimeSpan timeout)

1 个答案:

答案 0 :(得分:2)

正如经常发生的那样,一旦我完全绝望地提出这个问题,答案就找到了答案。在MSDN中查找了--OEE= A*P*Q (this is the final desired result/ calculation) --A= (Planned run time - Unplanned Down Time)/Planned run time --A= (Prt - Dtu)/Prt --Prt= Maximum Available Time - Planned Down Time --Prt= Mat=DTp --Effective production time= Planned run time - Unplanned Down Time --Ept=Prt-DTu --P= (BDT*total number of produced parts)/Effective production time --P= (BDT*Tp)/Ept --Q= Total number of OK parts/Total number of produced parts --Q= Tok/Tp select sm.SR_ID, sm.SR_PartID, sm.SR_StartTime, isnull(sm.SR_EndTime,GETDATE()) AS EndTime, isnull(sm.SR_BDT,1) AS BDT, DATEDIFF(n, sm.SR_StartTime, isnull(sm.SR_EndTime, GETDATE())) AS Prt, isnull(p.TotalProduced,0) AS Tp, isnull(s.Scrap,0) AS Scrap, (isnull(p.TotalProduced, 0) - isnull(s.Scrap, 0)) AS Tok, isnull(dt.DownTimeDuration, 0) AS DTu, ((isnull(p.TotalProduced, 0) - isnull(s.Scrap, 0)) / isnull(p.TotalProduced, 0)) AS Q, --Q= Tok/Tp ((DATEDIFF(n, sm.SR_StartTime, isnull(sm.SR_EndTime, GETDATE())) - isnull(dt.DownTimeDuration, 0)) / DATEDIFF(n, sm.SR_StartTime, isnull(sm.SR_EndTime, GETDATE()))) AS A, ((isnull(sm.SR_BDT, 1) * isnull(p.TotalProduced, 0)) / (DATEDIFF(n, sm.SR_StartTime, isnull(sm.SR_EndTime, GETDATE())) - isnull(dt.DownTimeDuration, 0))) AS P, (((isnull(p.TotalProduced, 0) - isnull(s.Scrap, 0)) / isnull(p.TotalProduced, 0)) * ((DATEDIFF(n, sm.SR_StartTime, isnull(sm.SR_EndTime, GETDATE())) - isnull(dt.DownTimeDuration, 0)) / DATEDIFF(n, sm.SR_StartTime, isnull(sm.SR_EndTime, GETDATE())))*((isnull(sm.SR_BDT,1)*isnull(p.TotalProduced,0))/(DATEDIFF(n,sm.SR_StartTime,isnull(sm.SR_EndTime,GETDATE()))-isnull(dt.DownTimeDuration,0)))) AS OEE FROM ShiftReportMaster sm LEFT JOIN (SELECT SH_ShiftID, Sum(SH_Produced) AS TotalProduced FROM ShiftHourCounts GROUP BY SH_ShiftID) p ON (p.SH_ShiftID = sm.SR_ID) LEFT JOIN (SELECT SRS_SR_ID, SRS_PartID, Sum(SRS_Scraped) AS Scrap FROM ShiftReportScrap GROUP BY SRS_SR_ID, SRS_PartID) s ON (s.SRS_SR_ID = sm.SR_ID) AND (s.SRS_PartID = sm.SR_PartID) LEFT JOIN (SELECT srd.DTR_SRID, [Downtime reasons].DT_Planned, Sum(srd.DTR_DownTimeDuration) AS DownTimeDuration FROM ShiftReportDowntime srd LEFT JOIN [Downtime reasons] ON srd.DTR_Reason = [Downtime reasons].DT_ID GROUP BY srd.DTR_SRID, [Downtime reasons].DT_Planned HAVING ((([Downtime reasons].DT_Planned) = 0))) dt ON (dt.DTR_SRID = sm.SR_ID) WHERE sm.SR_ID = 3689; 安全模式,并发现了传输basicHttpBinding属性。

我添加clientCredentialType元素并将其设置为transport,如下所示,一切正常:

Certificate
相关问题
最新问题