这是我第一次使用证书认证。 商业合作伙伴公开两个服务,一个XML Web服务和HTTP服务。 我有一个.NET客户端来访问他们两个。
我曾尝试
0设置环境
我已经安装了SSLCACertificates(根和两个中间)和客户端证书在我的本地机器使用certmgr.exe(胜7专业)。
1.对于Web服务
- 我有客户证书(DER)。
- 该服务将通过.NET代理消耗。
下面的代码:
OrderWSService proxy = new OrderWSService();
string CertFile = "ClientCert_DER.cer";
proxy.ClientCertificates.Add(new System.Security.Cryptography.X509Certificates.X509Certificate(CertFile));
orderTrackingTO ot = new orderTrackingTO() { order_id = "80", tracking_id = "82", status = stateOrderType.IN_PREPARATION };
resultResponseTO res = proxy.insertOrderTracking(ot);
异常报告最后声明: The request failed with an empty response 。
2.对于HTTP接口
- 它是一个HTTPS接口I必须通过POST方法来调用。
- 该HTTPS请求从.NET客户端使用的HttpWebRequest来发送。
下面的代码:
string PostData = "MyPostData";
//setting the request
HttpWebRequest req;
req = (HttpWebRequest)HttpWebRequest.Create(url);
req.UserAgent = "MyUserAgent";
req.Method = "POST";
req.ContentType = "application/x-www-form-urlencoded";
req.ClientCertificates.Add(new System.Security.Cryptography.X509Certificates.X509Certificate(CertFile, "MyPassword"));
//setting the request content
byte[] byteArray = Encoding.UTF8.GetBytes(PostData);
Stream dataStream = req.GetRequestStream();
dataStream.Write(byteArray, 0, byteArray.Length);
dataStream.Close();
//obtaining the response
WebResponse res = req.GetResponse();
r = new StreamReader(res.GetResponseStream());
异常报告最后声明: The request was aborted: Could not create SSL/TLS secure channel 。
3.最后一次尝试:使用浏览器
在Chrome中,将证书安装后,如果我尝试访问这两个URL我得到一个107错误:
Error 107 (net::ERR_SSL_PROTOCOL_ERROR)
我卡住了。
以下应该可以帮助您找出问题,这里有两个方法来测试SSL连接的一个测试网站,而另一种是回调方法,以确定为什么SSL失败。 如果不出意外,应该给你一个更好的主意,为什么它是失败的。
当方法被调用它会弹出选择证书对话框,很明显,当你这样做的真正的,你会想从证书存储自动读取。 我已经把这个中的原因是因为,如果没有找到有效证书,然后你就会知道你的问题是在安装证书的方式。
做的最好的事情就是把这个代码在一个简单的控制台应用程序:
using System.Security.Cryptography.X509Certificates;
using System.Net.Security;
using System.Net;
private static void CheckSite(string url, string method)
{
X509Certificate2 cert = null;
ServicePointManager.ServerCertificateValidationCallback += ValidateRemoteCertificate;
X509Store store = new X509Store(StoreLocation.LocalMachine);
store.Open(OpenFlags.ReadOnly | OpenFlags.OpenExistingOnly);
X509Certificate2Collection certcollection = (X509Certificate2Collection)store.Certificates;
// pick a certificate from the store
cert = X509Certificate2UI.SelectFromCollection(certcollection,
"Caption",
"Message", X509SelectionFlag.SingleSelection)[0];
store.Close();
HttpWebRequest ws = (HttpWebRequest)WebRequest.Create(url);
ws.Credentials = CredentialCache.DefaultCredentials;
ws.Method = method;
if (cert != null)
ws.ClientCertificates.Add(cert);
using (HttpWebResponse webResponse = (HttpWebResponse)ws.GetResponse())
{
using (Stream responseStream = webResponse.GetResponseStream())
{
using (StreamReader responseStreamReader = new StreamReader(responseStream, true))
{
string response = responseStreamReader.ReadToEnd();
Console.WriteLine(response);
responseStreamReader.Close();
}
responseStream.Close();
}
webResponse.Close();
}
}
/// <summary>
/// Certificate validation callback.
/// </summary>
private static bool ValidateRemoteCertificate(object sender, X509Certificate cert, X509Chain chain, SslPolicyErrors error)
{
// If the certificate is a valid, signed certificate, return true.
if (error == System.Net.Security.SslPolicyErrors.None)
{
return true;
}
Console.WriteLine("X509Certificate [{0}] Policy Error: '{1}'",
cert.Subject,
error.ToString());
return false;
}
文章来源: Accessing a web service and a HTTP interface using certificate authentication
