![](/img/trans.png)
[英]HttpClient.GetAsync immediately throws TaskCanceledException
[英]httpClient.GetAsync throws exception; certificate configuration suspected
我有两个尝试通信的服务器( X和Y ),但是没有通过TLS1.2(TLS1.1和TLS1.0都正常运行)。
我有一台服务器X无法从localhost
获得响应。
抛出异常的调用是这行代码
HttpResponseMessage response = await httpClient.GetAsync(address, cancel);
地址为https://localhost/XXXXX/Identity/.well-known/jwks
,取消为IsCancellationRequested = false
我注意到为https://localhost/XXXXX/Identity/.well-known/jwks
提供的服务器证书是有效的,用RSA256签名,不在撤销列表等等,一切看起来不错, 但是subject是* .testing.corp ,它与我尝试导航到的URL不匹配。 当从服务器X上的Chrome导航到https://localhost/XXXXX/Identity/.well-known/jwks
时,这会导致出现证书警告,但在手动点击后我会得到我期望的结果。
所以我的想法是,如果我可以覆盖HttpClient.GetAsync的证书验证,我应该能够做到这一点,所以我在我的客户端添加以下代码:
var handler = new WebRequestHandler();
httpClient = new HttpClient(handler);
handler.ServerCertificateValidationCallback = new RemoteCertificateValidationCallback(dumbvalidationdeletemeishouldnotbeversioned);
public static bool dumbvalidationdeletemeishouldnotbeversioned(object sender, X509Certificate cert, X509Chain chain, SslPolicyErrors err)
{
return true;
}
有趣的是,这一点永远不会发生,当我GetAsync
代码GetAsync
,一个步骤抛出异常而不会遇到虚拟验证。
到底是怎么回事? 为什么这种方法会失败?
更多背景:
编辑:相关, X正在利用Identity Server尝试进行身份验证。 尝试访问https://localhost/XXXXX/Identity/.well-known/jwks
时出现故障https://localhost/XXXXX/Identity/.well-known/jwks
我正在使用IISCrypto配置这些计算机上的协议。 (在评论中考虑@ Oleg的建议并没有改变这种行为)。 我通过单击“最佳实践”按钮然后取消选中TLS1.0和TLS1.1来配置它们,以便两个服务器看起来像这样:
编辑:添加一些堆栈跟踪信息
在我添加虚拟处理程序之前,这是抛出异常的堆栈跟踪:
System.Net.Http.HttpRequestException: An error occurred while sending the request. ---> System.Net.WebException: The underlying connection was closed: An unexpected error occurred on a send. ---> System.IO.IOException: Unable to read data from the transport connection: An existing connection was forcibly closed by the remote host. ---> System.Net.Sockets.SocketException: An existing connection was forcibly closed by the remote host
at System.Net.Sockets.NetworkStream.EndRead(IAsyncResult asyncResult)
--- End of inner exception stack trace ---
at System.Net.TlsStream.EndWrite(IAsyncResult asyncResult)
at System.Net.ConnectStream.WriteHeadersCallback(IAsyncResult ar)
--- End of inner exception stack trace ---
at System.Net.HttpWebRequest.EndGetResponse(IAsyncResult asyncResult)
at System.Net.Http.HttpClientHandler.GetResponseCallback(IAsyncResult ar)
--- End of inner exception stack trace ---
at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at System.Runtime.CompilerServices.TaskAwaiter`1.GetResult()
at XXXXXXXX.Authentication.Extensions.XXXXXXOpenIDConnectAuthentication.<ReadJWTKeys>d__8.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at XXXXXXX.Authentication.Extensions.XXXXXXOpenIDConnectAuthentication.<MessageRecieved>d__6.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at Microsoft.Owin.Security.OpenIdConnect.OpenIdConnectAuthenticationHandler.<AuthenticateCoreAsync>d__1a.MoveNext()
添加虚拟处理程序后, 异常完全为空 < - 请参阅注释。 异常是完全相同的,但是当我调试进程时,我的虚拟处理程序中的return语句永远不会被命中,因此我的问题的关键点变为“还有什么可以检查?”
应该补充一点
ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12;
(来自System.Net
命名空间)调用之前
await httpClient.GetAsync(address, cancel);
强制使用正确的协议。 请参阅博客,其中包含HttpClient
和ServicePointManager.SecurityProtocol
详细实验。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.