我正在AWS中创建documentDb的新集群,并尝试通过MongoDriver与我的net.core应用程序连接。具有启用了Ssl的属性的群集。
根据this question and answers,我尝试了几种方法来实现自己的目标。
--sslCAFile参数的mongoShell中使用它。var clientSetting = MongoClientSettings.FromUrl("mongodb://<myloging>:<mypassword>@<myclusterendpoint>/?ssl=true&replicaSet=rs0");
var setting = new MongoClientSettings()
{
Server = clientSetting.Server,
UseSsl = clientSetting.UseSsl,
Credential = clientSetting.Credential,
GuidRepresentation = GuidRepresentation.CSharpLegacy,
ReadPreference = new ReadPreference(ReadPreferenceMode.Primary),
VerifySslCertificate = true,
SslSettings = new SslSettings
{
ClientCertificates = new List<X509Certificate2>()
{
new X509Certificate2("<path>\\rds-combined-ca-bundle.pem")
},
EnabledSslProtocols = System.Security.Authentication.SslProtocols.Default,
CheckCertificateRevocation = true
},
ReplicaSetName = clientSetting.ReplicaSetName
};
setting.SslSettings.ClientCertificateSelectionCallback = (sender, host, certificates, certificate, issuers) => setting.SslSettings.ClientCertificates.ToList()[0];
setting.SslSettings.ServerCertificateValidationCallback = (sender, certificate, chain, errors) => true;
setting.MaxConnectionIdleTime = new TimeSpan(0, 0, 30);
client = new MongoClient(setting);
并执行以下操作:
var filter = new BsonDocument("name", "mycollection");
var collectionCursor = client.GetDatabase("mydatabase").ListCollections(new ListCollectionsOptions { Filter = filter });
if (!collectionCursor.Any())
{
throw new Exception("Collection not found");
}
我希望它将获得名称为mycollection或Collection not found异常的集合,但得到
A timeout occured after 30000ms selecting a server using CompositeServerSelector{ Selectors = MongoDB.Driver.MongoClient+AreSessionsSupportedServerSelector, LatencyLimitingServerSelector{ AllowedLatencyRange = 00:00:00.0150000 } }. Client view of cluster state is { ClusterId : "1", ConnectionMode : "ReplicaSet", Type : "ReplicaSet", State : "Disconnected", Servers : [{ ServerId: "{ ClusterId : 1, EndPoint : "Unspecified/<myclusterendpoint>" }", EndPoint: "Unspecified/<myclusterendpoint>", State: "Disconnected", Type: "Unknown" }] }.
尝试通过MongoShell连接时出现相同的问题。也许问题出在不同的地区。示例:在us-east-2中创建的集群,我尝试从乌克兰进行连接。 :)
UPD :假设我应该位于一个VPC中以连接到DocumentDb群集。
答案 0 :(得分:1)
我看到了一些您可能想看的东西:
UseSsl = clientSetting.UseSsl,-将此设置为true new X509Certificate2("<path>\\rds-combined-ca-bundle.pem")-您可能需要先阅读文件内容,而不是根据API文档提供路径:https://docs.microsoft.com/en-us/dotnet/api/system.security.cryptography.x509certificates.x509certificate2.-ctor?view=netframework-4.7.2 答案 1 :(得分:1)
我的问题是在设计对AWS DocumentDB的访问权限。 More info about database access out of VPC。