击中HTTPS Web服务器时抛出HttpWebRequest System.Net.WebException

时间:2018-12-05 14:15:42

标签: c# .net apache ssl

我们正在将基于Apache的Web API移至其他位置,因此IP在发生变化。新的Web API机器使用相同的Apache版本,具有完全相同的vhost.conf和SSL配置,并且使用与旧的Web API相同的证书文件。

一旦我们将DNS更改为指向新的Web API计算机,我们就会在Windows 2012 R2 Servier上运行的C#4.5 WCF服务中注意到以下错误消息(从现在开始,我将其称为WCF服务计算机) 。我可以通过本地桌面上的chrome(通过https)访问新的Web API登陆页面,这使我相信这是WCF服务计算机上的特定问题。我还进行了完整性检查,以确保可以从WCF服务机远程登录到新IP和端口。

.NET 4.5是否对证书文件进行任何高速缓存,如果IP发生更改,则会抛出该高速缓存?

注意。在这种情况下,WCF服务是客户端,而基于Apache的Web API是服务器,两者通过HTTPS进行通信

System.Net.WebException: The underlying connection was closed: An unexpected error occurred on a send. ---> System.IO.IOException: Authentication failed because the remote party has closed the transport stream.
   at System.Net.Security.SslState.StartReadFrame(Byte[] buffer, Int32 readBytes, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslState.StartReceiveBlob(Byte[] buffer, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslState.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslState.ForceAuthentication(Boolean receiveFirst, Byte[] buffer, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslState.ProcessAuthentication(LazyAsyncResult lazyResult)
   at System.Threading.ExecutionContext.RunInternal(ExecutionContext executionContext, ContextCallback callback, Object state, Boolean preserveSyncCtx)
   at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state, Boolean preserveSyncCtx)
   at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state)
   at System.Net.TlsStream.ProcessAuthentication(LazyAsyncResult result)
   at System.Net.TlsStream.Write(Byte[] buffer, Int32 offset, Int32 size)
   at System.Net.ConnectStream.WriteHeaders(Boolean async)
   --- End of inner exception stack trace ---
   at System.Net.HttpWebRequest.GetResponse()

直接从我们的.conf文件中获取SSL版本

SSLProtocol all -SSLv2 -SSLv3 -TLSv1

访问Apache Web API的WCF服务代码

        authServiceURI = authServiceBaseURI + "/v1/me";
        HttpWebRequest request = (HttpWebRequest)WebRequest.Create(authServiceURI);
        request.UseDefaultCredentials = false;
        request.Headers["Authorization"] = "Bearer " + bearerToken;
        HttpWebResponse response = (HttpWebResponse)request.GetResponse();
        using (response)
        {
            if (response.StatusCode == HttpStatusCode.OK)
            {
                StreamReader sr = new StreamReader(response.GetResponseStream());
                JObject jObj = JObject.Parse(sr.ReadToEnd());
                JProperty usernameProp = jObj.Property("user_name");
                JProperty clientidProp = jObj.Property("client_id");

                if(usernameProp != null) 
                {
                    string username = usernameProp.Value.ToString();
                    string clientID = clientidProp.Value.ToString();
                    UserService us = new UserService();
                    User u = us.GetByLogin(username);

                    if (u != null)
                    {
                        authenticatedToken = new AuthToken();
                        authenticatedToken.AuthenticatedUser = u;
                        authenticatedToken.AuthMethod = AuthType.OAuth2;
                        authenticatedToken.ClientID = clientID;
                    }
                }
            }
        }

1 个答案:

答案 0 :(得分:0)

我弄错了,新的Web API使用的ssl.conf与旧的Web API服务器略有不同。新服务器支持TLS1.1及更高版本,旧服务器支持TLS1.0及更高版本。显然,C#.NET 4.5默认情况下不支持TLS1.1,并且如果要通过TLS1.1进行通信,则需要显式设置SecurityProtocol。

ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls11;