无法使用授权WCF C#WCF Rest Service为ssl / tls建立安全通道
[英]could not establish secure channel for ssl/tls with authority wcf C# wcf rest service
问题描述
I create a client application that get data from my rest wcf service as you can see : 
如您所见,我创建了一个客户端应用程序,该程序从我的其余wcf服务获取数据:
Uri reqUri = new Uri("https://localhost/paymentservice.svc/listpayment");
WebRequest req = WebRequest.Create(reqUri);
req.PreAuthenticate = true;
NetworkCredential credential = new NetworkCredential("test", "test123");
req.Credentials = credential;
WebResponse resp = req.GetResponse();
DataContractSerializer data = new DataContractSerializer(typeof(string));
var res = data.ReadObject(resp.GetResponseStream());
Console.WriteLine(res);
Console.ReadLine();
I create a certificate in iis as you can se : 我可以在iis中创建一个证书:
And upload my published file on it . 并在上面上传我发布的文件。 But when i call my client i get this error : 但是当我打电话给客户时,我得到了这个错误:
An unhandled exception of type 'System.Net.WebException' occurred in System.dll
Additional information: The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel
Here is my service webconfig 这是我的服务webconfig
<?xml version="1.0" encoding="utf-8"?>
<configuration>
<configSections>
<!-- For more information on Entity Framework configuration, visit http://go.microsoft.com/fwlink/?LinkID=237468 -->
<section name="entityFramework" type="System.Data.Entity.Internal.ConfigFile.EntityFrameworkSection, EntityFramework, Version=6.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" requirePermission="false" />
</configSections>
<appSettings>
<add key="aspnet:UseTaskFriendlySynchronizationContext" value="true" />
</appSettings>
<system.web>
<compilation debug="true" targetFramework="4.5.2" />
<httpRuntime targetFramework="4.5.2" />
<httpModules>
<add name="ApplicationInsightsWebTracking" type="Microsoft.ApplicationInsights.Web.ApplicationInsightsHttpModule, Microsoft.AI.Web" />
</httpModules>
<authentication mode="None" />
</system.web>
<system.serviceModel>
<bindings>
<basicHttpBinding>
<binding name="secureHttpBinding">
<security mode="Message">
<message clientCredentialType="UserName" />
</security>
</binding>
</basicHttpBinding>
</bindings>
<services>
<service name="Payment.Application.ServiceImplement.PaymentService" behaviorConfiguration="customBehaviour">
<endpoint address=""
binding="webHttpBinding"
contract="Payment.Domain.Service.IPaymentService"
behaviorConfiguration="web"/>
</service>
<service name="Payment.Infrustructure.RepositoryImplement.PaymentRepository" behaviorConfiguration="customBehaviour" >
<endpoint address=""
binding="webHttpBinding"
contract="Payment.Domain.Repository.IPaymentRepository"
behaviorConfiguration="web"/>
</service>
</services>
<behaviors>
<serviceBehaviors>
<behavior name="customBehaviour">
<serviceCredentials>
<userNameAuthentication userNamePasswordValidationMode="Custom"
customUserNamePasswordValidatorType="Payment.Service.UserAuthentication,Payment.Service"/>
</serviceCredentials>
<!-- To avoid disclosing metadata information, set the values below to false before deployment -->
<serviceMetadata httpGetEnabled="true" httpsGetEnabled="true" />
<!-- To receive exception details in faults for debugging purposes, set the value below to true. Set to false before deployment to avoid disclosing exception information -->
<serviceDebug includeExceptionDetailInFaults="false" />
</behavior>
</serviceBehaviors>
<endpointBehaviors>
<behavior name="web">
<webHttp/>
</behavior>
</endpointBehaviors>
</behaviors>
<protocolMapping>
<add binding="basicHttpsBinding" scheme="https" />
</protocolMapping>
<serviceHostingEnvironment aspNetCompatibilityEnabled="true" multipleSiteBindingsEnabled="true" />
</system.serviceModel>
<system.webServer>
<httpProtocol>
<customHeaders>
<add name="Access-Control-Allow-Methods" value="GET, POST,PUT,DELETE" />
</customHeaders>
</httpProtocol>
<modules runAllManagedModulesForAllRequests="true">
<remove name="ApplicationInsightsWebTracking" />
<add name="ApplicationInsightsWebTracking" type="Microsoft.ApplicationInsights.Web.ApplicationInsightsHttpModule, Microsoft.AI.Web" preCondition="managedHandler" />
</modules>
<!--
To browse web app root directory during debugging, set the value below to true.
Set to false before deployment to avoid disclosing web app folder information.
-->
<directoryBrowse enabled="true" />
<validation validateIntegratedModeConfiguration="false" />
</system.webServer>
<entityFramework>
<defaultConnectionFactory type="System.Data.Entity.Infrastructure.SqlConnectionFactory, EntityFramework" />
<providers>
<provider invariantName="System.Data.SqlClient" type="System.Data.Entity.SqlServer.SqlProviderServices, EntityFramework.SqlServer" />
</providers>
</entityFramework>
<connectionStrings>
<add name="DefaultConnection" connectionString="Data Source=.;initial catalog=SymfaDB;user id= sa ;password=12345;" providerName="System.Data.SqlClient" />
<!--<add name="DefaultConnection" connectionString="Data Source=92.50.12.222,1433;initial catalog=ParkingDB;user id= sa ;password=123qweQWE@;" providerName="System.Data.SqlClient" />-->
</connectionStrings>
</configuration>
When irun the project in visual studio and call this url http://localhost:4428/PaymentService.svc/listpayment I get the data as you can see : 当我在Visual Studio中运行该项目并调用此URL http://localhost:4428/PaymentService.svc/listpayment我得到的数据如下所示:
But when i upload the publish file into iis and call this url https://localhost/PaymentService.svc/listpayment as you can see i get this error : 但是当我将发布文件上传到iis并调用此URL https://localhost/PaymentService.svc/listpayment ,您可以看到我收到此错误:
As you can see when i call this https://localhost/PaymentService.svc my service is available . 如您所见,当我调用此https://localhost/PaymentService.svc我的服务可用。
2 个解决方案
解决方案1
0 2017-06-15 10:57:33
You need to install the certificate as trusted source. 您需要将证书安装为可信源。
- Open a command prompt with admin rights, type "mmc" and press enter which will open Microsoft Management Console. 打开具有管理员权限的命令提示符,键入“ mmc”,然后按Enter键将打开Microsoft管理控制台。
- From Menu go to File > Add/Remove Snap-In, select Certificates and Click Add 从菜单转到文件>添加/删除管理单元,选择证书,然后单击添加。
- Select Computer Account and click Next, select Local Computer and click Finish. 选择计算机帐户,然后单击下一步,选择本地计算机,然后单击完成。
- Go to Certificates (Local Computer) > Personal > Certificates 转到证书(本地计算机)>个人>证书
- From the Menu go to Action > All Tasks > Import 从菜单转到操作>所有任务>导入
- Click Next in the Certificate Import Wizard, Provide the path to the certificate file, enter the password if any then click Next, Next and Finish. 在“证书导入向导”中单击“下一步”,提供证书文件的路径,输入密码(如果有),然后单击“下一步”,“下一步”和“完成”。
- Now you will be back to Microsoft Management Console, click on Trusted Root Certification Authorities, select Certificates, Action > All Tasks > Import and follow the step 6. 现在,您将回到Microsoft管理控制台,单击“受信任的根证书颁发机构”,依次选择“证书”,“操作”>“所有任务”>“导入”,然后执行步骤6。
Also the hostname used in the URL should match the name that's on certificate. URL中使用的主机名也应与证书上的名称匹配。 Make sure the URL you're using and the URL on the 'Issued to' field of the certificate are the same. 确保您使用的URL与证书的“颁发给”字段中的URL相同。
解决方案2
0 已采纳 2017-06-16 08:55:08
To get rid of this error use the machine name exactly same as your certificate section “Issued to” says. 要消除此错误,请使用与证书部分“颁发给”完全相同的计算机名称。 For example, if you open your certificate then you'll see issued to property and which should be your Machine name. 例如,如果您打开证书,则将看到“颁发给”属性,该属性应该是您的计算机名称。 If your machine is part of a domain then machine name would be like .. etc, so if you open it in your browser will fully qualified name of your machine then you won't be getting that error. 如果您的计算机是域的一部分,则计算机名称将类似于..等,因此,如果在浏览器中打开它,将获得完全限定的计算机名称,则不会出现该错误。 So i just call my service by domain like https://union-pc58.union.com/Service1.svc 所以我只是按https://union-pc58.union.com/Service1.svc类的域来调用我的服务
Just follow this link 只需点击此链接
http://www.c-sharpcorner.com/UploadFile/vendettamit/create-secure-wcf-rest-api-with-custom-basic-authentication/ http://www.c-sharpcorner.com/UploadFile/vendettamit/create-secure-wcf-rest-api-with-custom-basic-authentication/
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.