无法为具有权限的SSL/TLS安全通道建立信任关系'localhost'奇怪的问题
本文关键字:关系 信任 问题 建立 localhost 安全 权限 SSL TLS 通道 | 更新日期: 2023-09-27 18:14:10
我又遇到了一个奇怪的问题。
在我将wcf从http重新聚焦到https之后,当我尝试调用。svc方法而不是从UI时,我开始得到这个异常"无法为权限'localhost'的SSL/TLS安全通道建立信任关系"。同样在InnerException中,我得到了这个:"根据验证程序,远程证书无效"。
我:
FunctionalApplicationBlock.InitializeWithShielding("BusinessServices Application");
if (Microsoft.WindowsAzure.CloudConfigurationManager.GetSetting("SkipServerCertificateValidation") == "true")
{
ServicePointManager.ServerCertificateValidationCallback = (snder, cert, chain, error) => true;
}
:
<system.identityModel>
<identityConfiguration>
<certificateValidation certificateValidationMode="None"/>
</identityConfiguration>
</system.identityModel>
。
我的绑定是:
<behaviors>
<serviceBehaviors>
<behavior name="CustomeBehavior">
<serviceAuthorization principalPermissionMode="Custom">
<authorizationPolicies>
<add policyType="Security.BusinessAuthorizationPolicy, Security" />
</authorizationPolicies>
</serviceAuthorization>
<serviceMetadata httpGetEnabled="true" httpsGetEnabled="true" />
<serviceDebug includeExceptionDetailInFaults="true" />
</behavior>
<behavior name="SecurityOff">
<serviceMetadata httpGetEnabled="true" httpsGetEnabled="true" />
<serviceDebug includeExceptionDetailInFaults="true" />
</behavior>
</serviceBehaviors>
</behaviors>
<protocolMapping>
<add binding="basicHttpsBinding" scheme="https" />
</protocolMapping>
<serviceHostingEnvironment aspNetCompatibilityEnabled="true" multipleSiteBindingsEnabled="true" minFreeMemoryPercentageToActivateService="0" />
<bindings>
<basicHttpsBinding>
<binding name="BasicHttpsBinding" sendTimeout="00:05:00" maxBufferPoolSize="2147483647" maxBufferSize="2147483647" maxReceivedMessageSize="2147483647" messageEncoding="Text">
<readerQuotas maxDepth="2000000" maxStringContentLength="2147483647" maxArrayLength="2147483647" maxBytesPerRead="2147483647" maxNameTableCharCount="2147483647" />
<security mode="Transport">
<transport clientCredentialType="None" />
</security>
</binding>
</basicHttpsBinding>
</bindings>
我看不出有什么问题。此外,我仍然能够调用。svc方法没有任何问题从HomeController。
所以,有我的问题-它可以是什么,为什么这是从http到https的变化后发生(或有另一个原因)?
编辑:客户端设置:
public static ChannelFactory<IBusiness> CreateFactory()
{
var authorization = new Authorization()
{
Key = GlobalConfig.BusinessAuthorizationKey
};
AddressHeader header = AddressHeader.CreateAddressHeader(authorization);
var address = new EndpointAddress(new Uri(ClientConfig.BusinessServiceEndpoint), header);
var channel = new ChannelFactory<IBusiness>(address.ResolveBinding(), address);
var bind = Helper.ResolveBinding(address);
if (bind is BasicHttpBinding)
{
var bindings = bind as BasicHttpBinding;
bindings.MaxBufferPoolSize = 2147483647;
bindings.MaxBufferSize = 2147483647;
bindings.MaxReceivedMessageSize = 2147483647;
bindings.MessageEncoding = WSMessageEncoding.Text;
bindings.ReaderQuotas.MaxArrayLength = 2147483647;
bindings.ReaderQuotas.MaxBytesPerRead = 2147483647;
bindings.ReaderQuotas.MaxDepth = 2147483647;
bindings.ReaderQuotas.MaxNameTableCharCount = 2147483647;
bindings.ReaderQuotas.MaxStringContentLength = 2147483647;
bindings.Security.Transport.ClientCredentialType = HttpClientCredentialType.None;
channel.Endpoint.Binding = bindings;
}
else
{
var bindings = bind as BasicHttpsBinding;
bindings.MaxBufferPoolSize = 2147483647;
bindings.MaxBufferSize = 2147483647;
bindings.MaxReceivedMessageSize = 2147483647;
bindings.MessageEncoding = WSMessageEncoding.Text;
bindings.ReaderQuotas.MaxArrayLength = 2147483647;
bindings.ReaderQuotas.MaxBytesPerRead = 2147483647;
bindings.ReaderQuotas.MaxDepth = 2147483647;
bindings.ReaderQuotas.MaxNameTableCharCount = 2147483647;
bindings.ReaderQuotas.MaxStringContentLength = 2147483647;
bindings.Security.Transport.ClientCredentialType = HttpClientCredentialType.None;
channel.Endpoint.Binding = bindings;
}
return channel;
}
我想无论如何您都需要获得有效的证书。同时,您可以尝试使用powershell
中的信息创建自签名证书。get-help about_signing
您还需要向IIS添加证书
已经处理好了
我只是添加了
ServicePointManager.ServerCertificateValidationCallback = (snder, cert, chain, error) => true;
在工厂创建。这个东西在一次调用后从未刷新过,这就是我得到这个错误的原因,当一切看起来都很好