无法创建 SSL/TLS 从插件到 Web 服务的安全通道
Could not create SSL/TLS secure channel from plugin to web service
当我尝试使用服务引用中的方法时,我的插件出现问题。我有一个 客户端 将参数发送到 网络服务 ,然后将这些参数发送到 我的插件 ,然后我必须使用 web 参考方法 将这些参数发送到 web 服务 。要访问 Web 服务,我需要使用拥有最后一个 Web 服务的公司颁发的证书。我使用的代码是这样的:
BasicHttpsBinding binding = new BasicHttpsBinding
{
Security = new BasicHttpsSecurity
{
Transport = new HttpTransportSecurity
{
ClientCredentialType = HttpClientCredentialType.Certificate
}
}
};
UploaderServiceClient client = new UploaderServiceClient(binding, new EndpointAddress(args.EndPoint));
client.ClientCredentials.ClientCertificate.SetCertificate(StoreLocation.LocaMachine, StoreName.My, X509FindType.FindBySerialNumber, args.SerialNum);
client.approveTransportDocument(appC, FileDesc);
使用这段代码后出现异常:
The request was aborted: Could not create SSL/TLS secure channel.
最后一个 Web 服务工作正常并且证书有效,因为如果我在表单上使用相同的代码它工作正常。
编辑:
我正在添加我得到的异常,也许它会有所帮助:
System.ServiceModel.Security.SecurityNegotiationException: Could not
establish secure channel for SSL/TLS with authority 'imas-ws.vmi.lt'.
---> System.Net.WebException: The request was aborted: Could not create SSL/TLS secure channel. at
System.Net.HttpWebRequest.GetResponse() at
System.ServiceModel.Channels.HttpChannelFactory`1.HttpRequestChannel.HttpChannelRequest.WaitForReply(TimeSpan
timeout) --- End of inner exception stack trace ---
Server stack trace: at
System.ServiceModel.Channels.HttpChannelUtilities.ProcessGetResponseWebException(WebException
webException, HttpWebRequest request, HttpAbortReason abortReason)
at
System.ServiceModel.Channels.HttpChannelFactory`1.HttpRequestChannel.HttpChannelRequest.WaitForReply(TimeSpan
timeout) at
System.ServiceModel.Channels.RequestChannel.Request(Message message,
TimeSpan timeout) at
System.ServiceModel.Dispatcher.RequestChannelBinder.Request(Message
message, TimeSpan timeout) at
System.ServiceModel.Channels.ServiceChannel.Call(String action,
Boolean oneway, ProxyOperationRuntime operation, Object[] ins,
Object[] outs, TimeSpan timeout) at
System.ServiceModel.Channels.ServiceChannelProxy.InvokeService(IMethodCallMessage
methodCall, ProxyOperationRuntime operation) at
System.ServiceModel.Channels.ServiceChannelProxy.Invoke(IMessage
message)
Exception rethrown at [0]: at
System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage
reqMsg, IMessage retMsg) at
System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData&
msgData, Int32 type) at
Eur_Iz.Ie.UploaderService.submitTransportDocument(TransportDocument
LocalTransportDocument, FileDescription ContextInformation,
AdditionalContext AdditionalContext) at
Eur_Iz.Ie.UploaderServiceClient.submitTransportDocument(TransportDocument LocalTransportDocument, FileDescription ContextInformation,
AdditionalContext AdditionalContext) in u:\DPb\Plns\Eur_Iz\Service
References\Ie\Reference.cs:line 3295 at
Eur_Iz.ClientPlugin.DataHandling(IServicePluginArgs args)
可能是带有客户端证书或服务器证书的东西。可能是信任问题(客户端或服务器缺少 CA 证书)。
在事件日志中启用 CAPI2 日志可能会告诉您为什么 Could not create SSL/TLS secure channel. CAPI2 日志在默认情况下是禁用的。当您启用它时,请尝试再次发出请求。应该有一些错误事件,其中包含有关原因的有用信息。
找到答案问题是我必须授予 Web 服务使用证书的权限。这是对我有帮助的 link:https://serverfault.com/questions/131046/how-to-grant-iis-7-5-access-to-a-certificate-in-certificate-store/132791#132791
当我尝试使用服务引用中的方法时,我的插件出现问题。我有一个 客户端 将参数发送到 网络服务 ,然后将这些参数发送到 我的插件 ,然后我必须使用 web 参考方法 将这些参数发送到 web 服务 。要访问 Web 服务,我需要使用拥有最后一个 Web 服务的公司颁发的证书。我使用的代码是这样的:
BasicHttpsBinding binding = new BasicHttpsBinding
{
Security = new BasicHttpsSecurity
{
Transport = new HttpTransportSecurity
{
ClientCredentialType = HttpClientCredentialType.Certificate
}
}
};
UploaderServiceClient client = new UploaderServiceClient(binding, new EndpointAddress(args.EndPoint));
client.ClientCredentials.ClientCertificate.SetCertificate(StoreLocation.LocaMachine, StoreName.My, X509FindType.FindBySerialNumber, args.SerialNum);
client.approveTransportDocument(appC, FileDesc);
使用这段代码后出现异常:
The request was aborted: Could not create SSL/TLS secure channel.
最后一个 Web 服务工作正常并且证书有效,因为如果我在表单上使用相同的代码它工作正常。 编辑: 我正在添加我得到的异常,也许它会有所帮助:
System.ServiceModel.Security.SecurityNegotiationException: Could not establish secure channel for SSL/TLS with authority 'imas-ws.vmi.lt'. ---> System.Net.WebException: The request was aborted: Could not create SSL/TLS secure channel. at System.Net.HttpWebRequest.GetResponse() at System.ServiceModel.Channels.HttpChannelFactory`1.HttpRequestChannel.HttpChannelRequest.WaitForReply(TimeSpan timeout) --- End of inner exception stack trace ---
Server stack trace: at System.ServiceModel.Channels.HttpChannelUtilities.ProcessGetResponseWebException(WebException webException, HttpWebRequest request, HttpAbortReason abortReason)
at System.ServiceModel.Channels.HttpChannelFactory`1.HttpRequestChannel.HttpChannelRequest.WaitForReply(TimeSpan timeout) at System.ServiceModel.Channels.RequestChannel.Request(Message message, TimeSpan timeout) at System.ServiceModel.Dispatcher.RequestChannelBinder.Request(Message message, TimeSpan timeout) at System.ServiceModel.Channels.ServiceChannel.Call(String action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[] outs, TimeSpan timeout) at System.ServiceModel.Channels.ServiceChannelProxy.InvokeService(IMethodCallMessage methodCall, ProxyOperationRuntime operation) at System.ServiceModel.Channels.ServiceChannelProxy.Invoke(IMessage message)Exception rethrown at [0]: at System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage reqMsg, IMessage retMsg) at System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData& msgData, Int32 type) at Eur_Iz.Ie.UploaderService.submitTransportDocument(TransportDocument LocalTransportDocument, FileDescription ContextInformation, AdditionalContext AdditionalContext) at Eur_Iz.Ie.UploaderServiceClient.submitTransportDocument(TransportDocument LocalTransportDocument, FileDescription ContextInformation, AdditionalContext AdditionalContext) in u:\DPb\Plns\Eur_Iz\Service References\Ie\Reference.cs:line 3295 at Eur_Iz.ClientPlugin.DataHandling(IServicePluginArgs args)
可能是带有客户端证书或服务器证书的东西。可能是信任问题(客户端或服务器缺少 CA 证书)。
在事件日志中启用 CAPI2 日志可能会告诉您为什么 Could not create SSL/TLS secure channel. CAPI2 日志在默认情况下是禁用的。当您启用它时,请尝试再次发出请求。应该有一些错误事件,其中包含有关原因的有用信息。
找到答案问题是我必须授予 Web 服务使用证书的权限。这是对我有帮助的 link:https://serverfault.com/questions/131046/how-to-grant-iis-7-5-access-to-a-certificate-in-certificate-store/132791#132791