这就是WCF SSL安全通道出现故障的原因吗?
[英]Is this why a WCF SSL Secure Channel is faulting?
问题描述
I'm supporting a project where we recently needed to apply a series of upgrades to a newer version of the .Net Framework. 
我正在支持一个项目,在该项目中,我们最近需要对.Net Framework的较新版本进行一系列升级。 This has largely succeeded but for one final component that's been around for a very long time. 这在很大程度上取得了成功,但是对于已经存在了很长时间的最后一个组件而言。
Our client uses InfoPath templates to populate information for other users to consume. 我们的客户使用InfoPath模板来填充信息,以供其他用户使用。 Everything the templates need comes from a WCF web service we host. 模板所需的一切都来自我们托管的WCF Web服务。 We set the web service call up with the following code. 我们使用以下代码设置Web服务调用。
private WSHttpBinding CreateBinding()
{
var wsHttpBinding = new WSHttpBinding();
wsHttpBinding.CloseTimeout = TimeSpan.FromMinutes(10);
wsHttpBinding.OpenTimeout = TimeSpan.FromMinutes(10);
wsHttpBinding.ReceiveTimeout = TimeSpan.FromMinutes(10);
wsHttpBinding.SendTimeout = TimeSpan.FromMinutes(10);
wsHttpBinding.BypassProxyOnLocal = false;
wsHttpBinding.TransactionFlow = false;
wsHttpBinding.HostNameComparisonMode = HostNameComparisonMode.StrongWildcard;
wsHttpBinding.MaxBufferPoolSize = 524288;
wsHttpBinding.MaxReceivedMessageSize = 2147483647;
wsHttpBinding.MessageEncoding = WSMessageEncoding.Text;
wsHttpBinding.TextEncoding = Encoding.UTF8;
wsHttpBinding.UseDefaultWebProxy = true;
wsHttpBinding.AllowCookies = false;
wsHttpBinding.ReaderQuotas.MaxDepth = 32;
wsHttpBinding.ReaderQuotas.MaxStringContentLength = 2147483647;
wsHttpBinding.ReaderQuotas.MaxArrayLength = 16384;
wsHttpBinding.ReaderQuotas.MaxBytesPerRead = 4096;
wsHttpBinding.ReaderQuotas.MaxNameTableCharCount = 16384;
wsHttpBinding.ReliableSession.Ordered = true;
wsHttpBinding.ReliableSession.InactivityTimeout = TimeSpan.FromMinutes(10);
wsHttpBinding.ReliableSession.Enabled = false;
wsHttpBinding.Security.Mode = SecurityMode.TransportWithMessageCredential;
wsHttpBinding.Security.Transport.ClientCredentialType = HttpClientCredentialType.None;
wsHttpBinding.Security.Transport.ProxyCredentialType = HttpProxyCredentialType.None;
wsHttpBinding.Security.Transport.Realm = string.Empty;
wsHttpBinding.Security.Message.ClientCredentialType = MessageCredentialType.UserName;
wsHttpBinding.Security.Message.NegotiateServiceCredential = false;
wsHttpBinding.Security.Message.AlgorithmSuite = SecurityAlgorithmSuite.Basic256;
return wsHttpBinding;
}
private EndpointAddress CreateEndPoint()
{
X509Store store = new X509Store(StoreName.My, StoreLocation.CurrentUser);
store.Open(OpenFlags.ReadOnly);
X509Certificate2 certificate = store.Certificates.Find(X509FindType.FindBySubjectName, "*.wildcard.address.foo", false)[0];
store.Close();
EndpointIdentity identity = EndpointIdentity.CreateX509CertificateIdentity(certificate);
string address = getWcfServiceUrl();
AddressHeader header = AddressHeader.CreateAddressHeader(address);
List<AddressHeader> headerList = new List<AddressHeader> { header };
Uri uri = new Uri(address);
var endpointAddress = new EndpointAddress(uri, identity, headerList.ToArray());
return endpointAddress;
}
}
This works fine and if we're testing it out, calls can be made successfully for all other intents and purposes. 这可以很好地工作,并且如果我们正在测试它,则可以出于其他所有目的和目的成功进行呼叫。 Except for one . 除了一个 。
In one case we need to get information from a 3rd party resource. 在一种情况下,我们需要从第三方资源中获取信息。 In that situation, our web service makes a separate call out to this 3rd party at an HTTPS address (passed in to the url parameter here: 在这种情况下,我们的Web服务将在HTTPS地址(此地址传递到url参数)中单独呼叫此第三方:
private string requestURL(string url)
{
string toReturn = null;
Stream stream = null;
try
{
HttpWebRequest request = (HttpWebRequest)WebRequest.Create(url);
request.Method = httpMethod;
stream = ((HttpWebResponse)request.GetResponse()).GetResponseStream();
StreamReader reader = new StreamReader(stream);
toReturn = reader.ReadToEnd();
}
catch(Exception e)
{
throw new Exception("Error with that service please try again: " + e.Message, e);
}
finally
{
if(stream != null)
{
stream.Close();
}
}
return toReturn;
}
In this case, the following error is returned: 在这种情况下,将返回以下错误:
The request was aborted: Could not create SSL/TLS secure channel.
My suspicion is that we're setting up a very specific set of constraints around the SSL connection between our local client (ie InfoPath) and the web service but the call from that web service to the 3rd party is not set up with any constraints beyond simply calling over HTTPS. 我的怀疑是,我们围绕本地客户端(即InfoPath)和Web服务之间的SSL连接设置了一组非常具体的约束,但是从该Web服务到第三方的调用未设置任何约束只需通过HTTPS调用即可。
What should I be looking out for in trying to fix this issue? 在解决此问题时我应该注意什么?
1 个解决方案
解决方案1
1 已采纳 2017-11-10 02:13:02
WCF IMHO is particular about configuration at both ends and asks for things like transport credential specifically in the back and forth. WCF IMHO特别注重两端的配置,并在前后特别要求诸如传输凭据之类的东西。 I suspect you have no control of how the security is managed at the third party and can't change it, but your generic method to call all web services won't work because the configuration doesn't match. 我怀疑您无法控制在第三方如何管理安全性并且无法更改它,但是您的调用所有Web服务的通用方法将无法工作,因为配置不匹配。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.