当Fiddler On时WCF调用工作,否则在调试时给出400 Bad Request
[英]WCF call working when Fiddler On, else gives 400 Bad Request while debugging
问题描述
Not Solved - still looking for a solution. 
没解决 - 仍在寻找解决方案。
I am making a WCF call passing in a SAML Token: 我正在通过SAML令牌传入WCF调用:
Using SAML token with Web Service (wsdl) 将SAML令牌与Web服务一起使用(wsdl)
private static string serviceEndpoint = "https service endpoint";
public static void CallProviderService(SecurityToken token)
{
var binding = new WS2007FederationHttpBinding(WSFederationHttpSecurityMode.TransportWithMessageCredential);
binding.Security.Message.EstablishSecurityContext = false;
binding.Security.Message.IssuedKeyType = SecurityKeyType.BearerKey;
var channelFactory = new ChannelFactory<ISomeProviderService>(binding, new EndpointAddress(new Uri(serviceEndpoint)));
string thumb = "mycertthumbprint";
channelFactory.Credentials.ClientCertificate.SetCertificate(StoreLocation.CurrentUser, StoreName.My, X509FindType.FindByThumbprint, thumb);
channelFactory.Credentials.ServiceCertificate.Authentication.CertificateValidationMode = System.ServiceModel.Security.X509CertificateValidationMode.PeerOrChainTrust;
channelFactory.ConfigureChannelFactory();
channelFactory.Credentials.SupportInteractive = false;
var elements = service.Endpoint.Binding.CreateBindingElements();
elements.Find<SecurityBindingElement>().EnableUnsecuredResponse = true;
service.Endpoint.Binding = new CustomBinding(elements);
var channel = channelFactory.CreateChannelWithIssuedToken<ISomeProviderService>(token);
try
{
var response = channel.MyServiceMethod(somedataobject);
}
catch (Exception ex)
{
//log message
}
}
When I had fiddler running the call worked find and returned me data. 当我有小提琴手跑步时,工作找到并返回给我数据。
With fiddler off, I get 400 Bad Request error in my catch block. 关闭fiddler,我的catch块中出现400 Bad Request错误。
My doubt is the certificate isn't being passed when Fiddler is off. 我怀疑当Fiddler关闭时,证书没有通过。
Any idea? 任何的想法?
Note: I have a .wsdl which I used to create proxy classes using Visual Studio ->Add Service Reference. 注意:我有一个.wsdl,我用它来使用Visual Studio创建代理类 - >添加服务引用。
Question: How can I check if my installed certificate is used while making this https service call? 问题:如何在进行此https服务呼叫时检查是否使用了已安装的证书?
Updated: Here are the Req/Response from Fiddler: 更新:以下是来自Fiddler的Req / Response:
Tunnel Request: 隧道要求:
Tunnel Response: 隧道响应:
Protocol Exception details: 协议异常详细信息:
From Client after Server Certificate Request: 服务器证书请求后从客户端:
Update 12/8/2014: I think I have got one time success using the binding in this link: WCF custom binding that will support HTTPS, a signed certificate and a signed username token 2014年12月8日更新:我认为我在此链接中使用绑定有一次成功: 支持HTTPS的WCF自定义绑定,签名证书和签名用户名令牌
I will update more as I don't know what that is doing much. 我会更新更新,因为我不知道这是做了多少。
3 个解决方案
解决方案1
5 2014-12-02 01:27:29
Due to very abundance of scenarios (and questions) like these, Eric Lawrence has written a blog post - Help! 由于这些场景(和问题)非常丰富,Eric Lawrence撰写了一篇博客文章 - 帮助! Running Fiddler Fixes My App??? 运行提琴手修复我的应用程序??? , just for this. ,就是为了这个。
Following section from the post, seems relevant to your problem - 从帖子的以下部分看来,与您的问题相关 -
HTTPS Issues HTTPS问题
Some users find that HTTPS traffic only works when Fiddler is running and decrypting secure traffic. 一些用户发现HTTPS流量仅在Fiddler运行和解密安全流量时有效。
Certificate Errors 证书错误
By default, Fiddler warns you about invalid certificates when connecting to HTTPS sites: 默认情况下,Fiddler会在连接到HTTPS站点时向您发出有关无效证书的警告:
See image in original post 查看原始帖子中的图片
If you elect to ignore this warning, Fiddler will effectively “hide” the certificate error from the client application, such that it only sees the certificate Fiddler generated for HTTPS interception. 如果您选择忽略此警告,Fiddler将从客户端应用程序中有效地“隐藏”证书错误,这样它只会看到为HTTPS拦截生成的证书Fiddler。
Most browsers show a meaningful error message if they encounter an invalid certificate: 大多数浏览器遇到无效证书时会显示有意义的错误消息:
See image in original post 查看原始帖子中的图片
…but many applications will fail silently or with a confusing error message. ...但许多应用程序将无提示失败或出现令人困惑的错误消息。 Even within the browser, sometimes no error message is shown (eg when using XmlHttpRequest). 即使在浏览器中,有时也不会显示错误消息(例如,在使用XmlHttpRequest时)。
The fix here is simple: Correct or replace the server's certificate. 这里的修复很简单:更正或替换服务器的证书。
解决方案2
2 2014-11-30 12:53:42
Checking the cert. 检查证书。
There are potentially two client certificates. 可能有两个客户端证书。 The one used on the TLS session and the one used in the SAML Token/SOAP message. 在TLS会话中使用的那个和在SAML令牌/ SOAP消息中使用的那个。 Typically they are the same cert. 通常它们是相同的证书。 But added by different parts of the code. 但是由代码的不同部分添加。
Fiddler only knows about the TLS cert. Fiddler只知道TLS证书。 If you had to add the TLS client cert to fiddler, then it could be this indeed. 如果你必须将TLS客户端证书添加到fiddler,那么它确实可能就是这样。 Test is simple, remove it from the Fiddler directory. 测试很简单,将其从Fiddler目录中删除。 If it stops working...... 如果它停止工作......
If you want to see the TLS client cert then you could make a trace with your favorite Network trace tool (NetMon, MessageAnalyser, WireShark, whatever). 如果您想查看TLS客户端证书,那么您可以使用自己喜欢的网络跟踪工具(NetMon,MessageAnalyser,WireShark等)进行跟踪。 Put it on the outgoing network adapter and take a look at the difference in the TLS messages. 将它放在传出网络适配器上,看一下TLS消息的区别。 You probably have to give the private key to the trace tool. 您可能必须将私钥提供给跟踪工具。 Because the client certificate is exchanged when it is already encrypted..... 因为客户端证书在加密时会被交换.....
Another option is to use the Schannel built in trace, but I haven't had time to figure out how that one works, because the network trace was always possible in my test environments. 另一个选择是使用Schannel内置跟踪,但我没有时间弄清楚它是如何工作的,因为在我的测试环境中总是可以进行网络跟踪。
解决方案3
1 2014-12-05 08:04:49
Can you switch certificate validation mode from below options and try - 您可以从以下选项切换证书验证模式并尝试 -
- ChainTrust ChainTrust
- None 没有
- PeerOrChainTrust PeerOrChainTrust
- PeerTrust PeerTrust
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.