Azure Web应用程序服务使用混合连接管理器使用HttpClient调用本地WEB API

Question

We have onpremise web service (asp.net core mvc) deployed on local network machine. We are trying to call these WEB API using App Service deployed on Azure. But it is giving time out error or Task was cancelled error in case when we try to connect it using "HTTP" Protocol. In case of "HTTPS" it is giving " security error occurred error ".

We have created Hybrid connection on Azure App Service to connect to onpremise web api service which shows online for both 80 and 443 port. We have setup Hybrid Connection Manager on local network machine too.

Below is the code snippet for calling code which is deployed on Azure App Service (eg https://xyz.azurewebsite.com )

 try
 {
    var httpClient = new HttpClient();
    httpClient.Timeout = TimeSpan.FromMinutes(60);
    httpClient.BaseAddress = new Uri("https://onpremise");
    httpClient.DefaultRequestHeaders.Accept.Clear();
    httpClient.DefaultRequestHeaders.Accept.Add(new MediaTypeWithQualityHeaderValue("application/json"));
    ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12 | SecurityProtocolType.Tls11 | SecurityProtocolType.Tls;
    ServicePointManager.ServerCertificateValidationCallback += (sender, cert, chain, sslPolicyErrors) => true;
    //Simple Get Request to test on-premise service
    var response = await httpClient.GetStringAsync("api/OnPremiseData/GetData");
    ViewBag.ResponseText = response;
 }

Above code works fine in case I debug application from localhost. So there is no issue with code I assume.

Below is web api code snippet:

[Route("api/[controller]/[action]")]
public class OnPremiseDataController : Controller
{        
  [HttpGet]
  public string GetData()
  {
    return "Success";
  }
}

and below is startup.cs file

public void ConfigureServices(IServiceCollection services)
{
  services.AddCors();
  services.AddMvc();            
}
// This method gets called by the runtime. Use this method to configure the HTTP request pipeline.
public void Configure(IApplicationBuilder app, IHostingEnvironment env)
{
  app.UseCors(options => options.WithOrigins("https://xyz.azurewebsite.com", "https://localhost:44310").AllowAnyMethod().AllowAnyHeader());
  if (env.IsDevelopment())
  {
    app.UseDeveloperExceptionPage();
  }            
  app.UseMvc();                
}

Answer 1

我们有类似的情况（本地WebApp和SQL），诀窍是在本地计算机上的Hybrid Connection Manager中使用端点的完全限定域名。

Answer 2

Below is the solution for above question. Basically I have solved 2 problem.

First is using FQDN (fully qualified domain name) I am able to connect to on-premise services. Please make sure you are using FQDN while configuring endpoint in Hybrid connection on Azure.

Second, using below line of code I am able to make secure HTTPS request ot on-premise server:

    HttpMessageHandler handler = new HttpClientHandler
    {
         SslProtocols = System.Security.Authentication.SslProtocols.Tls12 | System.Security.Authentication.SslProtocols.Tls11 | System.Security.Authentication.SslProtocols.Tls,
         ServerCertificateCustomValidationCallback = (sender, cert, chain, sslPolicyErrors) => true
    };

Below is complete solution of above problem :

    HttpMessageHandler handler = new HttpClientHandler
                    {
                        SslProtocols = System.Security.Authentication.SslProtocols.Tls12 | System.Security.Authentication.SslProtocols.Tls11 | System.Security.Authentication.SslProtocols.Tls,
                        ServerCertificateCustomValidationCallback = (sender, cert, chain, sslPolicyErrors) => true
                    };
var httpClient = new HttpClient(handler);
    httpClient.Timeout = TimeSpan.FromMinutes(60);
        httpClient.BaseAddress = new Uri("https://onpremise");
        httpClient.DefaultRequestHeaders.Accept.Clear();
        httpClient.DefaultRequestHeaders.Accept.Add(new MediaTypeWithQualityHeaderValue("application/json"));
        //Simple Get Request to test on-premise service
        var response = await httpClient.GetStringAsync("api/OnPremiseData/GetData");
        ViewBag.ResponseText = response;