Understanding SSL connections with .NET's Http

2019-04-12 15:39发布

问题:

I can't seem to get my head around this one. I'm using HttpWebRequest to try and send some data out to another site. I'm attempting to figure out the best way to get our firewalls configured, but I'm at a loss. By watching the NetMon trace, it appears as though it's ignoring what I tell it; the HTTP headers I see go out from the request (not the browser-to-my-server request, but the my-server-to-remote-server request) don't add up.

Http: Request, CONNECT some.random.url:443
Command: CONNECT
URI: some.random.url:443
    Location: some.random.url:443
ProtocolVersion: HTTP/1.1
Host: some.random.url
ProxyConnection: Keep-Alive
HeaderEnd: CRLF

The TCP DstPort also seems to always start with HTTP(80). I can't seem to get it to handle 443 initially, no matter what; does SSL start out with a port 80 negotiate before it begins "real" transmission? To boot, this request seems to ignore any HttpWebRequest settings I try to set before initiating the request: even if I set HTTP 1.0, or keep-alive to false, it still starts off with the above headers.

What's it doing? I'd like to know how to let it through, but I'm not sure why it's exhibiting that behavior?

Code below, if it helps.

Uri newUri = new Uri("https://some.random.url:443/random");
System.Net.HttpWebRequest wr = (HttpWebRequest)WebRequest.Create(newUri);
wr.Method = "POST";
wr.ContentType = "application/x-www-form-urlencoded";
ASCIIEncoding encoding = new ASCIIEncoding();
byte[] requestBytes = encoding.GetBytes("test");
wr.ContentLength = requestBytes.Length;
System.IO.Stream stream = wr.GetRequestStream(); //FAILS HERE, ServerProtocolViolation

I've scoured over Google and other SSL/HttpWebRequest problems, but can't come up with a silver bullet.

回答1:

Your problem appears to be the proxy server between your ASP.NET server and the remote server. You can try not using the proxy server (wr.Proxy = null), but that may be required for your network setup.

I'd recommend talking to whoever is responsible for the network where your server is and seeing if the proxy supports SSL pass-through (via the CONNECT command .NET is sending on your behalf).



回答2:

I've done HttpWebRequest calls over SSL and have never run into this problem. The only thing I can see that you do that I've never done is including the the port number (443) in the URL.

.NET should handle the creation of the SSL connection without being told what port to use when you use the https protocol. If you haven't already, try without the port number. If you have, then I'm out of ideas ;)



回答3:

try this and let me know how you find it!

htw.Credentials = new NetworkCredentials(username, password)