堆栈内存溢出
  简体   繁体   English

无法为具有权限“本地主机”的SSL / TLS安全通道建立信任关系

[英]Could not establish trust relationship for the SSL/TLS secure channel with authority 'localhost' strange issue

 原文  2014-07-22 08:14:35       c#/ asp.net-mvc/ wcf/ ssl

问题描述

Again strange issue to me. 再次给我一个奇怪的问题。

After I refocused my wcf from http to https, when I try to call .svc methods not from UI, I started to get this exception "Could not establish trust relationship for the SSL/TLS secure channel with authority 'localhost' issue". 将wcf从http调整为https之后,当我尝试不从UI调用.svc方法时,我开始收到此异常“无法为具有权限'localhost'问题的SSL / TLS安全通道建立信任关系”。 Also in InnerException I got this: "The remote certificate is invalid according to the validation procedure". 同样在InnerException中,我得到了这样的信息:“根据验证过程,远程证书无效。”

I have: 我有: 

            FunctionalApplicationBlock.InitializeWithShielding("BusinessServices Application");

            if (Microsoft.WindowsAzure.CloudConfigurationManager.GetSetting("SkipServerCertificateValidation") == "true")
            {
                ServicePointManager.ServerCertificateValidationCallback = (snder, cert, chain, error) => true;
            }

In Globasl.asax 在Globasl.asax中

I have: 我有: 

  <system.identityModel>
    <identityConfiguration>
      <certificateValidation certificateValidationMode="None"/>
    </identityConfiguration>
  </system.identityModel>

in Web.config. 在Web.config中。

My binding is: 我的绑定是: 

<behaviors>
  <serviceBehaviors>
    <behavior name="CustomeBehavior">
      <serviceAuthorization principalPermissionMode="Custom">
        <authorizationPolicies>
          <add policyType="Security.BusinessAuthorizationPolicy, Security" />
        </authorizationPolicies>
      </serviceAuthorization>
      <serviceMetadata httpGetEnabled="true" httpsGetEnabled="true" />
      <serviceDebug includeExceptionDetailInFaults="true" />
    </behavior>
    <behavior name="SecurityOff">
      <serviceMetadata httpGetEnabled="true" httpsGetEnabled="true" />
      <serviceDebug includeExceptionDetailInFaults="true" />
    </behavior>
  </serviceBehaviors>
</behaviors>
<protocolMapping>
  <add binding="basicHttpsBinding" scheme="https" />
</protocolMapping>
<serviceHostingEnvironment aspNetCompatibilityEnabled="true" multipleSiteBindingsEnabled="true" minFreeMemoryPercentageToActivateService="0" />

<bindings>
  <basicHttpsBinding>
    <binding name="BasicHttpsBinding" sendTimeout="00:05:00" maxBufferPoolSize="2147483647" maxBufferSize="2147483647" maxReceivedMessageSize="2147483647" messageEncoding="Text">
      <readerQuotas maxDepth="2000000" maxStringContentLength="2147483647" maxArrayLength="2147483647" maxBytesPerRead="2147483647" maxNameTableCharCount="2147483647" />
      <security mode="Transport">
        <transport clientCredentialType="None" />
      </security>
    </binding>
  </basicHttpsBinding>
</bindings>

I can't see where there can be an issue. 我看不到哪里有问题。 Also I'm STILL able to call .svc methods without any problems from HomeController. 另外,我仍然能够调用.svc方法,而HomeController没有任何问题。

So, there is my question - What can it be and why this is happening after changes from http to https (or there are another reason)? 所以,我有一个问题-从http更改为https后,为什么会发生这种情况?为什么会发生这种情况(或者还有其他原因)?

Edit: Client set up: 编辑:客户端设置: 

public static ChannelFactory<IBusiness> CreateFactory()
        {
            var authorization = new Authorization()
            {
                Key = GlobalConfig.BusinessAuthorizationKey
            };
            AddressHeader header = AddressHeader.CreateAddressHeader(authorization);
            var address = new EndpointAddress(new Uri(ClientConfig.BusinessServiceEndpoint), header);
            var channel = new ChannelFactory<IBusiness>(address.ResolveBinding(), address);

            var bind = Helper.ResolveBinding(address);

            if (bind is BasicHttpBinding)
            {
                var bindings = bind as BasicHttpBinding;

                bindings.MaxBufferPoolSize = 2147483647;
                bindings.MaxBufferSize = 2147483647;
                bindings.MaxReceivedMessageSize = 2147483647;
                bindings.MessageEncoding = WSMessageEncoding.Text;
                bindings.ReaderQuotas.MaxArrayLength = 2147483647;
                bindings.ReaderQuotas.MaxBytesPerRead = 2147483647;
                bindings.ReaderQuotas.MaxDepth = 2147483647;
                bindings.ReaderQuotas.MaxNameTableCharCount = 2147483647;
                bindings.ReaderQuotas.MaxStringContentLength = 2147483647;
                bindings.Security.Transport.ClientCredentialType = HttpClientCredentialType.None;

                channel.Endpoint.Binding = bindings;
            }
            else
            {
                var bindings = bind as BasicHttpsBinding;

                bindings.MaxBufferPoolSize = 2147483647;
                bindings.MaxBufferSize = 2147483647;
                bindings.MaxReceivedMessageSize = 2147483647;
                bindings.MessageEncoding = WSMessageEncoding.Text;
                bindings.ReaderQuotas.MaxArrayLength = 2147483647;
                bindings.ReaderQuotas.MaxBytesPerRead = 2147483647;
                bindings.ReaderQuotas.MaxDepth = 2147483647;
                bindings.ReaderQuotas.MaxNameTableCharCount = 2147483647;
                bindings.ReaderQuotas.MaxStringContentLength = 2147483647;
                bindings.Security.Transport.ClientCredentialType = HttpClientCredentialType.None;

                channel.Endpoint.Binding = bindings;
            }

            return channel;
        }

2 个解决方案

解决方案1
 0  2014-07-22 08:39:19

I suppose You'll need to get valid certificate anyway. 我想您还是需要获得有效的证书。 In meantime you may try to create self-signed certificate using info from powershell 同时,您可以尝试使用Powershell中的信息创建自签名证书 

get-help about_signing

Also you'll need to add certificate to IIS 另外,您还需要向IIS添加证书

解决方案2
 -1 已采纳  2014-07-22 12:29:30

Managed to deal with it. 设法处理它。

I simply added 我只是添加了 

ServicePointManager.ServerCertificateValidationCallback = (snder, cert, chain, error) => true;

in factory creation. 在工厂创建中。 This thing has never refreshed after one call before, that's the reason I was getting this error, when everything seemed fine. 之前一个电话,这个东西从未刷新过,这就是当一切似乎都很好时我收到此错误的原因。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 WCF:无法为具有权限的SSL / TLS安全通道建立信任关系 - WCF: Could not establish trust relationship for the SSL/TLS secure channel with authority 错误:无法通过授权为SSL / TLS安全通道建立信任关系 - Error: Could not establish trust relationship for the SSL/TLS secure channel with authority SSL WCF“无法与权限&#39;localhost&#39;建立SSL / TLS安全通道的信任关系 - SSL WCF "Could not establish trust relationship for the SSL/TLS secure channel with authority 'localhost' C#客户端到SoapUI https模拟服务:无法为具有权限“ localhost:8083”的SSL / TLS安全通道建立信任关系 - C# client to SoapUI https mock service: Could not establish trust relationship for the SSL/TLS secure channel with authority 'localhost:8083' asp.net core 2.0 中的 WCF - 无法为具有权限的 SSL/TLS 安全通道建立信任关系 - WCF in asp.net core 2.0 - Could not establish trust relationship for the SSL/TLS secure channel with authority .NET 4.6.2 中 SOAP 的“无法为具有授权的 SSL/TLS 安全通道建立信任关系” - “Could not establish trust relationship for the SSL/TLS secure channel with authority” for SOAP in .NET 4.6.2 为什么我的客户端无法通过授权建立SSL / TLS安全通道的信任关系? - Why my client could not establish trust relationship for the SSL/TLS secure channel with authority? 随机抛出“无法建立SSL / TLS安全通道的信任关系” - Randomly throwing “Could not establish trust relationship for the SSL/TLS secure channel” 无法建立SSL / TLS安全通道的信任关系 - Could not establish trust relationship for the SSL/TLS secure channel WebException无法为SSL / TLS安全通道建立信任关系 - WebException Could not establish trust relationship for the SSL/TLS secure channel
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM