调用第三方Web服务时出错

时间:2018-08-02 21:02:06

标签: c# .net ssl asp.net-web-api

我需要给第三方服务打电话。并且该服务配置有相互SSL身份验证,并且仅支持 tls 1.2 。已为我提供了pfx证书,应将其添加到我的请求中。我已经使用mmc在受信任的根证书颁发机构和个人文件夹中安装了证书,但是我总是收到innerexception:请求被中止:无法创建SSL / TLS安全通道。以下是我的代码

 public static T Post<T>(string resourceUri, object request)
        {

            ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12 | SecurityProtocolType.Tls11 | SecurityProtocolType.Tls;
            var requestHandler = new WebRequestHandler();
            requestHandler.ServerCertificateValidationCallback = delegate { return true; };
            requestHandler.ClientCertificates.Add(GetCertificate());

            using (var client = new HttpClient(requestHandler))
            {
                client.BaseAddress = new Uri(resourceUri);
                client.DefaultRequestHeaders.Accept.Add(new MediaTypeWithQualityHeaderValue("application/json"));

                try
                {
                    var responseMessage = client.PostAsJsonAsync(resourceUri, request).Result;
                }
                catch (Exception ex)
                {
                    var abc = ex;
                }
                //if (responseMessage.IsSuccessStatusCode)
                //    return responseMessage.Content.ReadAsAsync<T>().Result;
                //else
                //    throw new Exception(responseMessage.Content.ReadAsStringAsync().Result);
                return default(T);
            }
    }







 private static X509Certificate2 GetCertificate()
    {
        X509Store userCaStore = new X509Store(StoreName.My, StoreLocation.CurrentUser);
        try
        {
            userCaStore.Open(OpenFlags.ReadOnly);
            X509Certificate2Collection certificatesInStore = userCaStore.Certificates;
            var certName = "testing.stg.io";
            X509Certificate2Collection certs = certificatesInStore.Find(X509FindType.FindBySubjectName, certName, true);
            X509Certificate2 clientCertificate = null;
            if (certs.Count == 1)
                clientCertificate = certs[0];
            else
                throw new Exception("Unable to locate the certificate.");

            return clientCertificate;
        }

            catch
            {
                throw;
            }
            finally
            {
                userCaStore.Close();
            }
        }

异常屏幕截图:

enter image description here

启用网络跟踪后,这就是我在日志中看到的内容:

..................................... ...........................

System.Net.Sockets Verbose: 0 : [35672] 000003C0 : 64 1A CE 06 00 65 C1 90-78 DD 9F 5C 57 E5 89 FB : d....e..x..\W...
System.Net.Sockets Verbose: 0 : [35672] 000003D0 : 6F 0D AE 32 0F 9F 6A FF-35 51 71 CC EF AE C1 D0 : o..2..j.5Qq.....
System.Net.Sockets Verbose: 0 : [35672] 000003E0 : 41 29 D3 AC 1A 79 7E 85-63 FF F7 39 ED A0 6F 06 : A)...y~.c..9..o.
System.Net.Sockets Verbose: 0 : [35672] 000003F0 : 98 04 66 22 79 47 C6 55-5A 48 53 E6 4B A9 37 A3 : ..f"yG.UZHS.K.7.
System.Net.Sockets Verbose: 0 : [35672] Socket#64921669::EndSend(OverlappedAsyncResult#64923656)
System.Net.Sockets Verbose: 0 : [35672] Exiting Socket#64921669::EndSend()  -> Int32#1461
System.Net.Sockets Verbose: 0 : [35672] Socket#64921669::BeginReceive()
System.Net.Sockets Verbose: 0 : [35672] Exiting Socket#64921669::BeginReceive()     -> OverlappedAsyncResult#35236192
System.Net.Sockets Verbose: 0 : [35672] Data from Socket#64921669::PostCompletion
System.Net.Sockets Verbose: 0 : [35672] 00000000 : 15 03 03 00 02                                  : .....
System.Net.Sockets Verbose: 0 : [35672] Socket#64921669::EndReceive(OverlappedAsyncResult#35236192)
System.Net.Sockets Verbose: 0 : [35672] Exiting Socket#64921669::EndReceive()   -> Int32#5
System.Net.Sockets Verbose: 0 : [35672] Socket#64921669::BeginReceive()
System.Net.Sockets Verbose: 0 : [35672] Exiting Socket#64921669::BeginReceive()     -> OverlappedAsyncResult#21943666
System.Net.Sockets Verbose: 0 : [35432] Data from Socket#64921669::PostCompletion
System.Net.Sockets Verbose: 0 : [35432] 00000000 : 02 2A                                           : .*
System.Net.Sockets Verbose: 0 : [35432] Socket#64921669::EndReceive(OverlappedAsyncResult#21943666)
System.Net.Sockets Verbose: 0 : [35432] Exiting Socket#64921669::EndReceive()   -> Int32#2
System.Net Information: 0 : [35432] InitializeSecurityContext(credential = System.Net.SafeFreeCredential_SECURITY, context = 7c47298:7c69600, targetName = 14.140.230.181, inFlags = ReplayDetect, SequenceDetect, Confidentiality, AllocateMemory, InitManualCredValidation)
System.Net Information: 0 : [35432] InitializeSecurityContext(In-Buffers count=2, Out-Buffer length=0, returned code=CertUnknown).
System.Net.Sockets Verbose: 0 : [35432] Socket#64921669::Dispose()
System.Net Error: 0 : [35432] Exception in HttpWebRequest#60068066:: - The request was aborted: Could not create SSL/TLS secure channel..
System.Net Verbose: 0 : [35432] HttpWebRequest#60068066::EndGetRequestStream()
System.Net Error: 0 : [35432] Exception in HttpWebRequest#60068066::EndGetRequestStream - The request was aborted: Could not create SSL/TLS secure channel..
System.Net.Http Error: 0 : [35432] Exception in WebRequestHandler#45004109::SendAsync - The request was aborted: Could not create SSL/TLS secure channel..
   at System.Net.HttpWebRequest.EndGetRequestStream(IAsyncResult asyncResult, TransportContext& context)
   at System.Net.Http.HttpClientHandler.GetRequestStreamCallback(IAsyncResult ar)
System.Net.Http Error: 0 : [35432] HttpClient#2383799::SendAsync() - An error occurred while sending HttpRequestMessage#58870012. System.Net.Http.HttpRequestException: An error occurred while sending the request. ---> System.Net.WebException: The request was aborted: Could not create SSL/TLS secure channel.
   at System.Net.HttpWebRequest.EndGetRequestStream(IAsyncResult asyncResult, TransportContext& context)
   at System.Net.Http.HttpClientHandler.GetRequestStreamCallback(IAsyncResult ar)
   --- End of inner exception stack trace ---

给定错误的可能原因是什么? Wireshark屏幕截图。

enter image description here

上面的日志和捕获内容对你们有意义吗?我被困在这里很长时间,无法弄清楚失误在哪里?证书不良的原因可能是什么?

0 个答案:

没有答案