[英]Could not create SSL/TLS secure channel - works as exe but not in asp.net mvc
I have a problem with connectiong to an api over https. 通过https连接api时遇到问题。 I wrote a little console application:
我写了一个小控制台应用程序:
var handler = new WebRequestHandler();
X509Store store = new X509Store(StoreName.My, StoreLocation.LocalMachine);
store.Open(OpenFlags.ReadOnly);
foreach (X509Certificate2 mCert in store.Certificates)
{
// add my locale certificate
if (mCert.FriendlyName == "some_identifier_name")
handler.ClientCertificates.Add(mCert);
}
var httpClient = new HttpClient(handler);
var response= httpClient.GetAsync("https://url-to-my.com/api/something").Result;
var result = response.Content.ReadAsStringAsync().Result;
Console.WriteLine(result);
This little script works fine, I get a statuscode 200 and also the json data from the api. 这个小脚本工作正常,我得到一个状态代码200和来自api的json数据。 As you can see I have a certificate installed on my local machine, which I add in the code.
正如您所看到的,我在本地计算机上安装了证书,我在代码中添加了证书。
I tried the same script on my webserver and everything works fine there too! 我在我的网络服务器上尝试了相同的脚本,一切都运行正常! But if I run the script in my mvc application I still get the message "The request was aborted: Could not create SSL/TLS secure channel".
但是,如果我在我的mvc应用程序中运行该脚本,我仍然会收到消息“请求已中止:无法创建SSL / TLS安全通道”。
Where is the difference with the same code if I run it as an exe or as a mvc website? 如果我将它作为exe或mvc网站运行,那么相同代码的区别在哪里?
PS: This code is not the answer to my question, I already tried it: PS:这段代码不是我的问题的答案,我已经尝试过了:
ServicePointManager.SecurityProtocol = SecurityProtocolType.Ssl3 | SecurityProtocolType.Tls | SecurityProtocolType.Tls11 | SecurityProtocolType.Tls12;
Solution: IIS > Applications Pools > Chose your Apppool > Advanced Settings > Identity > Change to LocalSystem 解决方案:IIS>应用程序池>选择您的Apppool>高级设置>身份>更改为LocalSystem
Seems like you have to give your application pool enough rights to read the certificate from your local machine. 似乎您必须为应用程序池提供足够的权限来从本地计算机读取证书。
After spending 2 to 3 days for above issue, found following solution and you don't want to change "Identity" to "LocalSystem" (In Apppool Advance setting), 在上述问题花了2到3天后,找到以下解决方案并且您不想将“身份”更改为“LocalSystem”(在Apppool Advance设置中),
Reference : http://lukieb.blogspot.com/2015/04/the-request-was-aborted-could-not.html 参考: http : //lukieb.blogspot.com/2015/04/the-request-was-aborted-could-not.html
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.