以编程方式创建的 Web 服务在客户端服务调用时失败
Programmatically created web service fails on client service call
我创建了一个控制台应用程序项目来以编程方式托管 Web 服务,但是当我尝试为我的 Web 服务创建客户端代理并在其上调用方法时,出现以下错误:
An error occurred while making the HTTP request to
https://localhost:8000/FileRetrievalPoC. This could be due to the fact
that the server certificate is not configured properly with HTTP.SYS
in the HTTPS case. This could also be caused by a mismatch of the
security binding between the client and the server.
其内部异常:
The underlying connection was closed: An unexpected error occurred on
a send.
其内部异常:
Unable to read data from the transport connection: An existing
connection was forcibly closed by the remote host.
其内部异常:
An existing connection was forcibly closed by the remote host
Program.cs:
class Program
{
static void Main(string[] args)
{
var address = "https://localhost:8000/FileRetrievalPoC";
Console.WriteLine("Starting a service at {0}...", address);
FileRetrievalService.Start(address, StoreLocation.LocalMachine, StoreName.My, "localhost");
Console.WriteLine("Service started.");
Console.WriteLine("Press Enter to create a new proxy client and call the Get method.");
Console.WriteLine("Press Escape to end the application.");
while (true)
{
var key = Console.ReadKey();
if (key.Key == ConsoleKey.Enter)
{
var proxy = FileRetrievalService.Connect(address, "localhost", "exampleUsername", "examplePassword", StoreLocation.LocalMachine, StoreName.My, "localhost");
proxy.Get(@"C:\Users\User\Desktop\Document.txt");
((IClientChannel)proxy).Close();
}
else if (key.Key == ConsoleKey.Escape)
break;
}
FileRetrievalService.Stop();
}
}
IFileRetrieval.cs:
[ServiceContract]
public interface IFileRetrieval
{
[OperationContract]
string Get(string path);
[OperationContract]
void Set(string path, string contents);
}
FileRetrievalService.cs:
class FileRetrievalService : IFileRetrieval
{
private static BasicHttpsBinding _binding = new BasicHttpsBinding()
{
Name = "FileRetrievalPoC",
HostNameComparisonMode = HostNameComparisonMode.Exact,
Security = new BasicHttpsSecurity()
{
Message = new BasicHttpMessageSecurity()
{
AlgorithmSuite = SecurityAlgorithmSuite.Basic256Sha256Rsa15,
ClientCredentialType = BasicHttpMessageCredentialType.UserName
},
Mode = BasicHttpsSecurityMode.TransportWithMessageCredential,
Transport = new HttpTransportSecurity()
{
ClientCredentialType = HttpClientCredentialType.Windows
}
},
SendTimeout = TimeSpan.FromMinutes(1),
CloseTimeout = TimeSpan.FromMinutes(1),
OpenTimeout = TimeSpan.FromMinutes(1),
ReceiveTimeout = TimeSpan.FromMinutes(1)
};
private static ChannelFactory<IFileRetrieval> _channelFactory;
private static ServiceHost _host;
public static void Start(string address, StoreLocation location, StoreName name, string subject)
{
_host = new ServiceHost(typeof(FileRetrievalService));
_host.Credentials.ServiceCertificate.SetCertificate(location, name, X509FindType.FindBySubjectName, subject);
_host.AddServiceEndpoint(typeof(IFileRetrieval), _binding, address);
_host.Open();
}
public static void Stop()
{
if (_host != null)
_host.Close();
if (_channelFactory != null)
_channelFactory.Close();
}
public static IFileRetrieval Connect(string address, string domain, string username, string password, StoreLocation location, StoreName name, string subject)
{
if (_channelFactory == null)
_channelFactory = new ChannelFactory<IFileRetrieval>(_binding, address);
_channelFactory.Credentials.ClientCertificate.SetCertificate(location, name, X509FindType.FindBySubjectName, subject);
_channelFactory.Credentials.UserName.UserName = username;
_channelFactory.Credentials.UserName.Password = password;
_channelFactory.Credentials.Windows.ClientCredential = new NetworkCredential(username, password, domain);
return _channelFactory.CreateChannel();
}
public string Get(string path)
{
throw new NotImplementedException();
}
public void Set(string path, string contents)
{
throw new NotImplementedException();
}
}
这一切都是以编程方式完成的,我查看了 Stack Overflow 但找不到发生这种情况的充分理由。有谁知道问题出在哪里?您可以将此源代码添加到一个新的控制台应用程序中,然后 运行 它在您的本地计算机上进行尝试,并亲眼见证它的发生。它是SSL证书吗?如果是这样,我怎样才能因为这里的错误原因而变得更加冗长?这不是一个很有帮助的例外。
编辑:我想我可能在这里漏掉了一步,such as using netsh to bind a certificate to my machine's port。
我的问题是 I did not use netsh to bind the certificate to my machine's port。打开管理命令提示符并调用:
netsh http add sslcert ipport=0.0.0.0:8000 appid=<A randomly generated GUID for your application> certhash=<Your localhost certificate's thumbprint from the default MY store, which is under Local Machine -> Personal, which you can get from the MMC Certificates snap-in>
下一步是确保它在客户端受信任的人之下。至少,对我来说是这样,因为我使用的是我为 localhost 测试目的生成的自签名证书。因此,例如,如果您从 Comodo 或 Verisign 或其他一些 CA 获得证书,您的证书可能根本不需要这个,因为根 CA 将被信任,通常默认情况下 Windows,因为根 CA public 这些证书开箱即用,位于证书 MMC 管理单元的受信任的根证书颁发机构部分。
然后,您需要做的就是确保您的计算机凭据正确无误。我正在使用 Windows 身份验证,因此它会尝试断言我的凭据有效(这些在我调用 Connect 方法的代码中指定)。
随着年龄的增长,我发现我越来越倾向于自己回答问题...
编辑:您只需使用 Trusted People 商店即可完成所有这些操作。如果你确实想这样做,那么在我上面的代码中使用 StoreName.TrustedPeople,在你的 netsh 命令中,指定 certstorename=TrustedPeople,否则它默认为 MY,这是 Personal 存储在证书 MMC 管理单元中。
此外,要删除已绑定的 SSL 证书,请使用 netsh http delete sslcert ipport=0.0.0.0:8000
此外,我的代码不需要设置客户端证书即可运行,因此可以从 Connect 方法中删除。如果你们中的任何人计划在生产中使用它,还需要进一步加强。
我创建了一个控制台应用程序项目来以编程方式托管 Web 服务,但是当我尝试为我的 Web 服务创建客户端代理并在其上调用方法时,出现以下错误:
An error occurred while making the HTTP request to https://localhost:8000/FileRetrievalPoC. This could be due to the fact that the server certificate is not configured properly with HTTP.SYS in the HTTPS case. This could also be caused by a mismatch of the security binding between the client and the server.
其内部异常:
The underlying connection was closed: An unexpected error occurred on a send.
其内部异常:
Unable to read data from the transport connection: An existing connection was forcibly closed by the remote host.
其内部异常:
An existing connection was forcibly closed by the remote host
Program.cs:
class Program
{
static void Main(string[] args)
{
var address = "https://localhost:8000/FileRetrievalPoC";
Console.WriteLine("Starting a service at {0}...", address);
FileRetrievalService.Start(address, StoreLocation.LocalMachine, StoreName.My, "localhost");
Console.WriteLine("Service started.");
Console.WriteLine("Press Enter to create a new proxy client and call the Get method.");
Console.WriteLine("Press Escape to end the application.");
while (true)
{
var key = Console.ReadKey();
if (key.Key == ConsoleKey.Enter)
{
var proxy = FileRetrievalService.Connect(address, "localhost", "exampleUsername", "examplePassword", StoreLocation.LocalMachine, StoreName.My, "localhost");
proxy.Get(@"C:\Users\User\Desktop\Document.txt");
((IClientChannel)proxy).Close();
}
else if (key.Key == ConsoleKey.Escape)
break;
}
FileRetrievalService.Stop();
}
}
IFileRetrieval.cs:
[ServiceContract]
public interface IFileRetrieval
{
[OperationContract]
string Get(string path);
[OperationContract]
void Set(string path, string contents);
}
FileRetrievalService.cs:
class FileRetrievalService : IFileRetrieval
{
private static BasicHttpsBinding _binding = new BasicHttpsBinding()
{
Name = "FileRetrievalPoC",
HostNameComparisonMode = HostNameComparisonMode.Exact,
Security = new BasicHttpsSecurity()
{
Message = new BasicHttpMessageSecurity()
{
AlgorithmSuite = SecurityAlgorithmSuite.Basic256Sha256Rsa15,
ClientCredentialType = BasicHttpMessageCredentialType.UserName
},
Mode = BasicHttpsSecurityMode.TransportWithMessageCredential,
Transport = new HttpTransportSecurity()
{
ClientCredentialType = HttpClientCredentialType.Windows
}
},
SendTimeout = TimeSpan.FromMinutes(1),
CloseTimeout = TimeSpan.FromMinutes(1),
OpenTimeout = TimeSpan.FromMinutes(1),
ReceiveTimeout = TimeSpan.FromMinutes(1)
};
private static ChannelFactory<IFileRetrieval> _channelFactory;
private static ServiceHost _host;
public static void Start(string address, StoreLocation location, StoreName name, string subject)
{
_host = new ServiceHost(typeof(FileRetrievalService));
_host.Credentials.ServiceCertificate.SetCertificate(location, name, X509FindType.FindBySubjectName, subject);
_host.AddServiceEndpoint(typeof(IFileRetrieval), _binding, address);
_host.Open();
}
public static void Stop()
{
if (_host != null)
_host.Close();
if (_channelFactory != null)
_channelFactory.Close();
}
public static IFileRetrieval Connect(string address, string domain, string username, string password, StoreLocation location, StoreName name, string subject)
{
if (_channelFactory == null)
_channelFactory = new ChannelFactory<IFileRetrieval>(_binding, address);
_channelFactory.Credentials.ClientCertificate.SetCertificate(location, name, X509FindType.FindBySubjectName, subject);
_channelFactory.Credentials.UserName.UserName = username;
_channelFactory.Credentials.UserName.Password = password;
_channelFactory.Credentials.Windows.ClientCredential = new NetworkCredential(username, password, domain);
return _channelFactory.CreateChannel();
}
public string Get(string path)
{
throw new NotImplementedException();
}
public void Set(string path, string contents)
{
throw new NotImplementedException();
}
}
这一切都是以编程方式完成的,我查看了 Stack Overflow 但找不到发生这种情况的充分理由。有谁知道问题出在哪里?您可以将此源代码添加到一个新的控制台应用程序中,然后 运行 它在您的本地计算机上进行尝试,并亲眼见证它的发生。它是SSL证书吗?如果是这样,我怎样才能因为这里的错误原因而变得更加冗长?这不是一个很有帮助的例外。
编辑:我想我可能在这里漏掉了一步,such as using netsh to bind a certificate to my machine's port。
我的问题是 I did not use netsh to bind the certificate to my machine's port。打开管理命令提示符并调用:
netsh http add sslcert ipport=0.0.0.0:8000 appid=<A randomly generated GUID for your application> certhash=<Your localhost certificate's thumbprint from the default MY store, which is under Local Machine -> Personal, which you can get from the MMC Certificates snap-in>
下一步是确保它在客户端受信任的人之下。至少,对我来说是这样,因为我使用的是我为 localhost 测试目的生成的自签名证书。因此,例如,如果您从 Comodo 或 Verisign 或其他一些 CA 获得证书,您的证书可能根本不需要这个,因为根 CA 将被信任,通常默认情况下 Windows,因为根 CA public 这些证书开箱即用,位于证书 MMC 管理单元的受信任的根证书颁发机构部分。
然后,您需要做的就是确保您的计算机凭据正确无误。我正在使用 Windows 身份验证,因此它会尝试断言我的凭据有效(这些在我调用 Connect 方法的代码中指定)。
随着年龄的增长,我发现我越来越倾向于自己回答问题...
编辑:您只需使用 Trusted People 商店即可完成所有这些操作。如果你确实想这样做,那么在我上面的代码中使用 StoreName.TrustedPeople,在你的 netsh 命令中,指定 certstorename=TrustedPeople,否则它默认为 MY,这是 Personal 存储在证书 MMC 管理单元中。
此外,要删除已绑定的 SSL 证书,请使用 netsh http delete sslcert ipport=0.0.0.0:8000
此外,我的代码不需要设置客户端证书即可运行,因此可以从 Connect 方法中删除。如果你们中的任何人计划在生产中使用它,还需要进一步加强。