我们正在将基于Apache的Web API移至其他位置,因此IP在发生变化。新的Web API机器使用相同的Apache版本,具有完全相同的vhost.conf和SSL配置,并且使用与旧的Web API相同的证书文件。
一旦我们将DNS更改为指向新的Web API计算机,我们就会在Windows 2012 R2 Servier上运行的C#4.5 WCF服务中注意到以下错误消息(从现在开始,我将其称为WCF服务计算机) 。我可以通过本地桌面上的chrome(通过https)访问新的Web API登陆页面,这使我相信这是WCF服务计算机上的特定问题。我还进行了完整性检查,以确保可以从WCF服务机远程登录到新IP和端口。
.NET 4.5是否对证书文件进行任何高速缓存,如果IP发生更改,则会抛出该高速缓存?
注意。在这种情况下,WCF服务是客户端,而基于Apache的Web API是服务器,两者通过HTTPS进行通信
System.Net.WebException: The underlying connection was closed: An unexpected error occurred on a send. ---> System.IO.IOException: Authentication failed because the remote party has closed the transport stream.
at System.Net.Security.SslState.StartReadFrame(Byte[] buffer, Int32 readBytes, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.StartReceiveBlob(Byte[] buffer, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.ForceAuthentication(Boolean receiveFirst, Byte[] buffer, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.ProcessAuthentication(LazyAsyncResult lazyResult)
at System.Threading.ExecutionContext.RunInternal(ExecutionContext executionContext, ContextCallback callback, Object state, Boolean preserveSyncCtx)
at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state, Boolean preserveSyncCtx)
at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state)
at System.Net.TlsStream.ProcessAuthentication(LazyAsyncResult result)
at System.Net.TlsStream.Write(Byte[] buffer, Int32 offset, Int32 size)
at System.Net.ConnectStream.WriteHeaders(Boolean async)
--- End of inner exception stack trace ---
at System.Net.HttpWebRequest.GetResponse()
直接从我们的.conf文件中获取SSL版本
SSLProtocol all -SSLv2 -SSLv3 -TLSv1
访问Apache Web API的WCF服务代码
authServiceURI = authServiceBaseURI + "/v1/me";
HttpWebRequest request = (HttpWebRequest)WebRequest.Create(authServiceURI);
request.UseDefaultCredentials = false;
request.Headers["Authorization"] = "Bearer " + bearerToken;
HttpWebResponse response = (HttpWebResponse)request.GetResponse();
using (response)
{
if (response.StatusCode == HttpStatusCode.OK)
{
StreamReader sr = new StreamReader(response.GetResponseStream());
JObject jObj = JObject.Parse(sr.ReadToEnd());
JProperty usernameProp = jObj.Property("user_name");
JProperty clientidProp = jObj.Property("client_id");
if(usernameProp != null)
{
string username = usernameProp.Value.ToString();
string clientID = clientidProp.Value.ToString();
UserService us = new UserService();
User u = us.GetByLogin(username);
if (u != null)
{
authenticatedToken = new AuthToken();
authenticatedToken.AuthenticatedUser = u;
authenticatedToken.AuthMethod = AuthType.OAuth2;
authenticatedToken.ClientID = clientID;
}
}
}
}
答案 0 :(得分:0)
我弄错了,新的Web API使用的ssl.conf与旧的Web API服务器略有不同。新服务器支持TLS1.1及更高版本,旧服务器支持TLS1.0及更高版本。显然,C#.NET 4.5默认情况下不支持TLS1.1,并且如果要通过TLS1.1进行通信,则需要显式设置SecurityProtocol。
ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls11;