[英]Security Error, post with Client Certificate (Self-signed Root) on Azure (Asp.net core)
我已将客户端证书上传到Azure,并尝试使用此证书在api方法中发布信息。 当我在本地计算机上调试时,我的代码有效,但是当我在Azure上将其作为应用程序服务运行时,我的代码将失败。
System.Net.Http.HttpRequestException:发送请求时发生错误。 ---> System.Net.Http.WinHttpException:System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task任务)的System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(任务任务)发生安全错误
1.ConfiguredTaskAwaiter.GetResult() at System.Net.Http.WinHttpHandler.<StartRequest>d__105.MoveNext() --- End of inner exception stack trace --- at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task) at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) at System.Runtime.CompilerServices.ConfiguredTaskAwaitable1.ConfiguredTaskAwaiter.GetResult()在System.Net.Http.HttpClient.d__58.MoveNext()---结束从先前抛出异常的位置开始的堆栈跟踪---在System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(任务任务)在System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotificatio n(任务任务)位于System.Runtime.CompilerServices.TaskAwaiter.ValidateEnd(任务任务)位于Bandytabeller.Controllers.swishController.d__3.MoveNext()在D:\\ ASP-hemsidor \\ NetCoreApplications \\ Bandytabeller \\ Bandytabeller \\ Api \\ swishController.cs :第102行
[HttpGet("{id}")]
public async Task pay(string id = "", string amount = "")
{
// Get the user agent
string userAgent = Request.Headers["User-Agent"].ToString();
// Create the payment request
SwishPaymentRequest post = new SwishPaymentRequest();
post.payeePaymentReference = id.ToString();
post.callbackUrl = "https://www.quiz-walk.se/";
post.payeeAlias = "1231181189";
post.amount = amount;
post.currency = "SEK";
post.message = "Faktura " + id.ToString();
// Create the http content
HttpContent data = new StringContent(JsonConvert.SerializeObject(post), Encoding.UTF8, "application/json");
// Create variables
X509Store certStore = null;
HttpClientHandler handler = null;
HttpClient client = null;
string token = "";
try
{
// Create a request handler
handler = new HttpClientHandler();
handler.ClientCertificateOptions = ClientCertificateOption.Manual;
handler.SslProtocols = SslProtocols.Tls12 | SslProtocols.Tls11 | SslProtocols.Tls;
handler.AutomaticDecompression = DecompressionMethods.Deflate | DecompressionMethods.GZip;
// Open certificate from certificate store
certStore = new X509Store(StoreName.My, StoreLocation.CurrentUser);
certStore.Open(OpenFlags.OpenExistingOnly | OpenFlags.ReadOnly);
X509Certificate2Collection certCollection = certStore.Certificates.Find(X509FindType.FindByThumbprint, "800CDE7BC219D53812FC164DFF0FE73DF8A8D7B6", false);
if (certCollection.Count > 0)
{
handler.ClientCertificates.Add(certCollection[0]);
}
// Disable ssl validation
handler.ServerCertificateCustomValidationCallback += (message, xcert, chain, errors) => true;
//handler.ClientCertificates.Add(cert);
// Create the http client
client = new HttpClient(handler, false);
// Post the payment request
//Task task = Task.Run(() => client.PostAsync("https://mss.swicpc.bankgirot.se/swish-cpcapi/api/v1/paymentrequests/", data));
HttpResponseMessage task = await client.PostAsync("https://mss.swicpc.bankgirot.se/swish-cpcapi/api/v1/paymentrequests/", data);
// Wait for the task to finish
//task.Wait();
// Make sure that the response is successful
if (task.StatusCode == System.Net.HttpStatusCode.Created)
{
// Get all header values
IEnumerable headers = task.Headers.GetValues("PaymentRequestToken");
// Get the token
foreach (string value in headers)
{
token += value;
}
}
}
catch (Exception ex)
{
token += ex.ToString();
logger.LogWarning(ex.ToString());
}
finally
{
// Dispose of the handler and the client
if(certStore != null)
{
certStore.Dispose();
}
if (handler != null)
{
handler.Dispose();
}
if (client != null)
{
client.Dispose();
}
}
// Create the url
string url = "http://www.bokforingstips.se";
if (userAgent.Contains("Windows Phone") == true)
{
url = "swish://paymentrequest?token=" + token;
}
else if (userAgent.Contains("iPhone") == true || userAgent.Contains("iPad") == true)
{
url = "swish://paymentrequest?token=" + token;
}
else if (userAgent.Contains("Android") == true)
{
url = "intent://paymentrequest?token=" + token + "/#Intent;scheme=swish;package=se.bankgirot.swish;end;";
}
else
{
return Content(handler.ClientCertificates[0].Issuer + " " + token);
}
// Redirect the user to url
return Redirect(url);
} // End of the pay method
我正在测试Swish API,并使用ServerCertificateCustomValidationCallback进行验证。 我在本地计算机上工作,但不在Azure上工作。 证书已加载,错误发生在PostAsync调用上。
Asp.Net Core 1.1.1
在Azure上使用.Net Framework 4.6.2进行了测试。 它不起作用,已启用system.net跟踪。
`System.Net Information: 0 : [12712] SecureChannel#3644764 - Certificate is of type X509Certificate2 and contains the private key.
System.Net Information: 0 : [12712] AcquireCredentialsHandle(package = Microsoft Unified Security Protocol Provider, intent = Outbound, scc = System.Net.SecureCredential)
System.Net Information: 0 : [12712] InitializeSecurityContext(credential = System.Net.SafeFreeCredential_SECURITY, context = 6801dc65d0:db724b14d0, targetName = mss.swicpc.bankgirot.se, inFlags = ReplayDetect, SequenceDetect, Confidentiality, AllocateMemory, InitManualCredValidation)
System.Net Information: 0 : [12712] InitializeSecurityContext(In-Buffers count=2, Out-Buffer length=1638, returned code=ContinueNeeded).
System.Net.Sockets Verbose: 0 : [12712] Socket#66404974::BeginSend()
System.Net.Sockets Verbose: 0 : [23872] Data from Socket#66404974::PostCompletion
System.Net.Sockets Verbose: 0 : [23872] (printing 1024 out of 1638)
System.Net.Sockets Verbose: 0 : [12712] Exiting Socket#66404974::BeginSend() -> OverlappedAsyncResult#29753716
System.Net.Sockets Verbose: 0 : [23872] 00000000 : 16 03 03 06 2E 0B 00 04-9C 00 04 99 00 04 96 30 : ...............0
System.Net.Sockets Verbose: 0 : [23872] 00000010 : 82 04 92 30 82 02 7A A0-03 02 01 02 02 08 1B 46 : ...0..z........F
System.Net.Sockets Verbose: 0 : [23872] 00000020 : F2 54 AE 99 F3 1C 30 0D-06 09 2A 86 48 86 F7 0D : .T....0...*.H...
System.Net.Sockets Verbose: 0 : [23872] 00000030 : 01 01 0B 05 00 30 73 31-0B 30 09 06 03 55 04 06 : .....0s1.0...U..
System.Net.Sockets Verbose: 0 : [23872] 00000040 : 13 02 53 45 31 1D 30 1B-06 03 55 04 0A 0C 14 54 : ..SE1.0...U....T
System.Net.Sockets Verbose: 0 : [23872] 00000050 : 65 73 74 62 61 6E 6B 20-32 20 41 42 20 28 70 75 : estbank 2 AB (pu
System.Net.Sockets Verbose: 0 : [23872] 00000060 : 62 6C 29 31 11 30 0F 06-03 55 04 05 13 08 54 45 : bl)1.0...U....TE
System.Net.Sockets Verbose: 0 : [23872] 00000070 : 53 54 53 45 54 32 31 32-30 30 06 03 55 04 03 0C : STSET21200..U...
System.Net.Sockets Verbose: 0 : [23872] 00000080 : 29 54 65 73 74 62 61 6E-6B 20 32 20 43 75 73 74 : )Testbank 2 Cust
System.Net.Sockets Verbose: 0 : [23872] 00000090 : 6F 6D 65 72 20 43 41 31-20 76 31 20 66 6F 72 20 : omer CA1 v1 for
System.Net.Sockets Verbose: 0 : [23872] 000000A0 : 53 77 69 73 68 20 54 65-73 74 30 1E 17 0D 31 35 : Swish Test0...15
System.Net.Sockets Verbose: 0 : [23872] 000000B0 : 31 30 32 36 32 33 30 30-30 30 5A 17 0D 31 37 31 : 1026230000Z..171
System.Net.Sockets Verbose: 0 : [23872] 000000C0 : 30 32 36 32 31 35 39 35-39 5A 30 37 31 0B 30 09 : 026215959Z071.0.
System.Net.Sockets Verbose: 0 : [23872] 000000D0 : 06 03 55 04 06 13 02 53-45 31 13 30 11 06 03 55 : ..U....SE1.0...U
System.Net.Sockets Verbose: 0 : [23872] 000000E0 : 04 0A 0C 0A 35 35 36 39-31 33 37 33 38 32 31 13 : ....55691373821.
System.Net.Sockets Verbose: 0 : [23872] 000000F0 : 30 11 06 03 55 04 03 0C-0A 31 32 33 31 31 38 31 : 0...U....1231181
System.Net.Sockets Verbose: 0 : [23872] 00000100 : 31 38 39 30 82 01 22 30-0D 06 09 2A 86 48 86 F7 : 1890.."0...*.H..
System.Net.Sockets Verbose: 0 : [23872] 00000110 : 0D 01 01 01 05 00 03 82-01 0F 00 30 82 01 0A 02 : ...........0....
System.Net.Sockets Verbose: 0 : [23872] 00000120 : 82 01 01 00 BC CF F1 F1-62 AB 84 50 EC 91 13 A9 : ........b..P....
System.Net.Sockets Verbose: 0 : [23872] 00000130 : 6B FE 20 78 32 01 54 E9-84 8F FD 4C 77 61 EB B5 : k. x2.T....Lwa..
System.Net.Sockets Verbose: 0 : [23872] 00000140 : 1F 86 66 E8 C9 17 35 37-DB F3 7B 07 72 AA 80 D5 : ..f...57..{.r...
System.Net.Sockets Verbose: 0 : [23872] 00000150 : 79 C5 AB AD C7 92 E0 55-4C 03 3C ED D7 49 4E D6 : y......UL.Mj.0{N.....
System.Net.Sockets Verbose: 0 : [23872] 00000220 : 9E 39 36 3F 02 03 01 00-01 A3 66 30 64 30 12 06 : .96?......f0d0..
System.Net.Sockets Verbose: 0 : [23872] 00000230 : 03 55 1D 20 04 0B 30 09-30 07 06 05 2A 03 04 05 : .U. ..0.0...*...
System.Net.Sockets Verbose: 0 : [23872] 00000240 : 01 30 0E 06 03 55 1D 0F-01 01 FF 04 04 03 02 07 : .0...U..........
System.Net.Sockets Verbose: 0 : [23872] 00000250 : 80 30 1D 06 03 55 1D 0E-04 16 04 14 60 78 11 F2 : .0...U......`x..
System.Net.Sockets Verbose: 0 : [23872] 00000260 : 80 61 20 15 74 29 36 9E-F8 96 1E 7D 33 6C 7F F8 : .a .t)6....}3l..
System.Net.Sockets Verbose: 0 : [23872] 00000270 : 30 1F 06 03 55 1D 23 04-18 30 16 80 14 26 CD F1 : 0...U.#..0...&..
System.Net.Sockets Verbose: 0 : [23872] 00000280 : 34 AD 9D 0F 17 DC 90 6D-AE B2 BB DF BE A0 0C F5 : 4......m........
System.Net.Sockets Verbose: 0 : [23872] 00000290 : 40 30 0D 06 09 2A 86 48-86 F7 0D 01 01 0B 05 00 : @0...*.H........
System.Net.Sockets Verbose: 0 : [23872] 000002A0 : 03 82 02 01 00 16 18 A4-67 4E 78 3C B7 1F 91 F5 : ........gNx|....
System.Net.Sockets Verbose: 0 : [23872] 000002D0 : F1 DD 3E DE 05 F1 7A FC-5A D1 E4 78 33 80 8C 84 : ..>...z.Z..x3...
System.Net.Sockets Verbose: 0 : [23872] 000002E0 : EF 68 FD 90 13 E7 77 35-B9 8E B4 3C 0F 2C DE 55 : .h....w5...uM..V..F...
System.Net.Sockets Verbose: 0 : [23872] 00000370 : DE DB 8D 63 2A 46 C2 3E-31 1E 01 DA B1 57 EE FD : ...c*F.>1....W..
System.Net.Sockets Verbose: 0 : [23872] 00000380 : A6 0C A1 09 8F 03 41 2D-4D 77 19 A9 61 22 50 01 : ......A-Mw..a"P.
System.Net.Sockets Verbose: 0 : [23872] 00000390 : F9 72 46 A7 42 20 03 16-91 F4 37 00 78 73 5D 8E : .rF.B ....7.xs].
System.Net.Sockets Verbose: 0 : [23872] 000003A0 : 05 21 01 FB C7 5D D4 AD-39 41 F4 3C 07 BC 9C 03 : .!...]..9A. Int32#1638
System.Net.Sockets Verbose: 0 : [23872] Socket#66404974::BeginReceive()
System.Net.Sockets Verbose: 0 : [12712] Data from Socket#66404974::PostCompletion
System.Net.Sockets Verbose: 0 : [12712] 00000000 : 15 03 03 00 02 : .....
System.Net.Sockets Verbose: 0 : [12712] Socket#66404974::EndReceive(OverlappedAsyncResult#64760428)
System.Net.Sockets Verbose: 0 : [12712] Exiting Socket#66404974::EndReceive() -> Int32#5
System.Net.Sockets Verbose: 0 : [23872] Exiting Socket#66404974::BeginReceive() -> OverlappedAsyncResult#64760428
System.Net.Sockets Verbose: 0 : [23872] Socket#66404974::BeginReceive()
System.Net.Sockets Verbose: 0 : [12712] Data from Socket#66404974::PostCompletion
System.Net.Sockets Verbose: 0 : [12712] 00000000 : 02 28 : .(
System.Net.Sockets Verbose: 0 : [12712] Socket#66404974::EndReceive(OverlappedAsyncResult#27335310)
System.Net.Sockets Verbose: 0 : [12712] Exiting Socket#66404974::EndReceive() -> Int32#2
System.Net.Sockets Verbose: 0 : [23872] Exiting Socket#66404974::BeginReceive() -> OverlappedAsyncResult#27335310
System.Net Information: 0 : [23872] InitializeSecurityContext(credential = System.Net.SafeFreeCredential_SECURITY, context = 6801dc65d0:db724b14d0, targetName = mss.swicpc.bankgirot.se, inFlags = ReplayDetect, SequenceDetect, Confidentiality, AllocateMemory, InitManualCredValidation)
System.Net Information: 0 : [23872] InitializeSecurityContext(In-Buffers count=2, Out-Buffer length=0, returned code=IllegalMessage).
System.Net.Sockets Verbose: 0 : [23872] Socket#66404974::Dispose()
System.Net Error: 0 : [23872] Exception in HttpWebRequest#15120020:: - The request was aborted: Could not create SSL/TLS secure channel..
System.Net Verbose: 0 : [23872] HttpWebRequest#15120020::EndGetRequestStream()
System.Net Error: 0 : [23872] Exception in HttpWebRequest#15120020::EndGetRequestStream - The request was aborted: Could not create SSL/TLS secure channel..`
从不调用ServerCertificateCustomValidationCallback,我猜Azure不允许此回调。 根证书必须是受信任的。
如何使用自签名客户端证书修复 asp.net core 3.1 中的 RevocationStatusUnknown
[英]How to fix RevocationStatusUnknown in asp.net core 3.1 with self-signed client certificate
OnCertificateValidated 未运行 - 自签名证书客户端身份验证 - ASP.NET Core 和 Kestrel
[英]OnCertificateValidated not running - Self-Signed Certificate Client Authentication - ASP.NET Core and Kestrel
无法使用自签名客户端证书来验证对ASP.NET MVC3服务的调用
[英]Cannot authenticate a call to ASP.NET MVC3 service with a self-signed client certificate
Self Hosted Asp Net Core Web 服务器,使用自签名证书进行客户端身份验证
[英]Self Hosted Asp Net Core Web server, client authentication with self-signed certificates
使用 BouncyCastle 创建基于自签名根证书颁发的证书
[英]Creating certificate issued based on self-signed root certificate with BouncyCastle
如何以编程方式创建有效的自签名X509Certificate2,而不是从.NET Core中的文件加载
[英]How to create a valid, self-signed X509Certificate2 programmatically, not loading from file in .NET Core
将自签名 ssl 证书添加到 gcp 容器化 .net core web vm 实例
[英]Add self-signed ssl certificate to gcp containerized .net core web vm instance
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.