我有一个自托管的REST API,并在W2008R2上托管了一个自签名证书。使用此代码,从W7调用此api十分有效。
ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12;
ServicePointManager.ServerCertificateValidationCallback = ValidateServerCertficate;
var request = (HttpWebRequest)WebRequest.Create(url);
request.Method = verb;
request.ContentType = "application/json";
request.Headers.Add("PlatformId", platformId);
if (bytes != null)
{
using (var requestStream = request.GetRequestStream())
{
requestStream.Write(bytes, 0, bytes.Length);
requestStream.Flush();
}
}
var response = request.GetResponse();
从任何W10都可以使用适用于Chrome的REST API客户端插件调用api。
但是,从任何W10调用(使用完全相同的客户端代码)都会失败。
我在两台客户机上都激活了跟踪。在工作的W7客户端计算机上:
System.Net Information: 0 : [10748] Connection#10366524 - Conexión desde 192.168.2.100:57610 a xx.xx.xx.xx:9095 creada.
System.Net Information: 0 : [10748] TlsStream#25181126::.ctor(host=xx.xx.xx.xx, #certs=0)
System.Net Information: 0 : [10748] Associating HttpWebRequest#7746814 with ConnectStream#59408853
System.Net Information: 0 : [10748] HttpWebRequest#7746814 - Request: GET /AvelonRMSExternalPlatformRestService/Countries HTTP/1.1
System.Net Information: 0 : [10748] ConnectStream#59408853 - Enviando encabezados
{
Content-Type: application/json
PlatformId: 03986D31-4F8A-4527-8AF5-A40030B4A4E8
Host: xx.xx.xx.xx:9095
Connection: Keep-Alive
}.
System.Net Information: 0 : [10748] SecureChannel#56152722::.ctor(hostname=xx.xx.xx.xx, #clientCertificates=0, encryptionPolicy=RequireEncryption)
System.Net Information: 0 : [10748] Enumerando paquetes de seguridad:
System.Net Information: 0 : [10748] Negotiate
System.Net Information: 0 : [10748] NegoExtender
System.Net Information: 0 : [10748] Kerberos
System.Net Information: 0 : [10748] NTLM
System.Net Information: 0 : [10748] Schannel
System.Net Information: 0 : [10748] Microsoft Unified Security Protocol Provider
System.Net Information: 0 : [10748] WDigest
System.Net Information: 0 : [10748] TSSSP
System.Net Information: 0 : [10748] pku2u
System.Net Information: 0 : [10748] MSOIDSSP
System.Net Information: 0 : [10748] CREDSSP
System.Net Information: 0 : [10748] SecureChannel#56152722 - Con 0 certificados de cliente entre los que elegir.
System.Net Information: 0 : [10748] AcquireCredentialsHandle(package = Microsoft Unified Security Protocol Provider, intent = Outbound, scc = System.Net.SecureCredential)
System.Net Information: 0 : [10748] InitializeSecurityContext(credential = System.Net.SafeFreeCredential_SECURITY, context = (null), targetName = xx.xx.xx.xx, inFlags = ReplayDetect, SequenceDetect, Confidentiality, AllocateMemory, InitManualCredValidation)
System.Net Information: 0 : [10748] InitializeSecurityContext(Longitud de In-Buffer=0, Longitud de Out-Buffer=149, código devuelto=ContinueNeeded).
System.Net.Sockets Verbose: 0 : [10748] Socket#63840421::Send()
System.Net.Sockets Verbose: 0 : [10748] Data from Socket#63840421::Send
System.Net.Sockets Verbose: 0 : [10748] 00000000 : 16 03 03 00 90 01 00 00-8C 03 03 56 BA F6 5A E2 : ...........V..Z.
System.Net.Sockets Verbose: 0 : [10748] 00000010 : 76 DE 3D 52 7E CF 87 55-C2 40 E5 27 D1 31 E2 B7 : v.=R~..U.@.'.1..
System.Net.Sockets Verbose: 0 : [10748] 00000020 : 00 74 13 AA 2B 18 33 E4-F5 A5 E0 00 00 34 C0 28 : .t..+.3......4.(
System.Net.Sockets Verbose: 0 : [10748] 00000030 : C0 27 C0 14 C0 13 00 9F-00 9E 00 9D 00 9C C0 2C : .'.............,
System.Net.Sockets Verbose: 0 : [10748] 00000040 : C0 2B C0 24 C0 23 C0 0A-C0 09 00 3D 00 3C 00 35 : .+.$.#.....=.<.5
System.Net.Sockets Verbose: 0 : [10748] 00000050 : 00 2F 00 6A 00 40 00 38-00 32 00 0A 00 13 00 05 : ./[email protected]......
System.Net.Sockets Verbose: 0 : [10748] 00000060 : 00 04 01 00 00 2F 00 0A-00 08 00 06 00 17 00 18 : ...../..........
System.Net.Sockets Verbose: 0 : [10748] 00000070 : 00 19 00 0B 00 02 01 00-00 0D 00 14 00 12 06 01 : ................
System.Net.Sockets Verbose: 0 : [10748] 00000080 : 06 03 04 01 05 01 02 01-04 03 05 03 02 03 02 02 : ................
System.Net.Sockets Verbose: 0 : [10748] 00000090 : FF 01 00 01 00 : .....
System.Net.Sockets Verbose: 0 : [10748] Exiting Socket#63840421::Send() -> Int32#149
System.Net.Sockets Verbose: 0 : [10748] Socket#63840421::Receive()
System.Net.Sockets Verbose: 0 : [10748] Data from Socket#63840421::Receive
System.Net.Sockets Verbose: 0 : [10748] 00000000 : 16 03 03 0A BC : .....
System.Net.Sockets Verbose: 0 : [10748] Exiting Socket#63840421::Receive() -> Int32#5
System.Net.Sockets Verbose: 0 : [10748] Socket#63840421::Receive()
System.Net.Sockets Verbose: 0 : [10748] Data from Socket#63840421::Receive
System.Net.Sockets Verbose: 0 : [10748] 00000005 : 02 00 00 4D 03 03 56 BA-F6 8B EB 92 55 E1 4E A7 : ...M..V.....U.N.
System.Net.Sockets Verbose: 0 : [10748] 00000015 : 04 9A DB 53 EC 79 D6 72-65 5D 6E E3 0C 00 7D 37 : ...S.y.re]n...}7
System.Net.Sockets Verbose: 0 : [10748] 00000025 : 18 DD 26 D3 2D 05 20 09-11 00 00 F3 5B 63 C1 EC : ..&.-. .....[c..
[DELETED LINES OF DATA]
System.Net.Sockets Verbose: 0 : [10748] 00000AC0 : 00 : .
System.Net.Sockets Verbose: 0 : [10748] Exiting Socket#63840421::Receive() -> Int32#1393
System.Net Information: 0 : [10748] InitializeSecurityContext(credential = System.Net.SafeFreeCredential_SECURITY, context = 845ab0:4f91430, targetName = xx.xx.xx.xx, inFlags = ReplayDetect, SequenceDetect, Confidentiality, AllocateMemory, InitManualCredValidation)
System.Net Information: 0 : [10748] InitializeSecurityContext(Número de In-Buffers=2, Longitud de Out-Buffer=0, código devuelto=CredentialsNeeded).
System.Net Information: 0 : [10748] SecureChannel#56152722 - Con 0 certificados de cliente entre los que elegir.
System.Net Information: 0 : [10748] Utilizando el identificador de credencial almacenado en caché.
System.Net Information: 0 : [10748] InitializeSecurityContext(credential = System.Net.SafeFreeCredential_SECURITY, context = 845ab0:4f91430, targetName = xx.xx.xx.xx, inFlags = ReplayDetect, SequenceDetect, Confidentiality, AllocateMemory, InitManualCredValidation)
System.Net Information: 0 : [10748] InitializeSecurityContext(Número de In-Buffers=2, Longitud de Out-Buffer=173, código devuelto=ContinueNeeded).
[DELETED REST OF LOG]
从出现故障的W10客户端计算机上:
System.Net Information: 0 : [7852] Connection#31523018 - Conexión desde 192.168.1.35:53781 a xx.xx.xx.xx:9095 creada.
System.Net Information: 0 : [7852] TlsStream#15586314::.ctor(host=xx.xx.xx.xx, #certs=0)
System.Net Information: 0 : [7852] Associating HttpWebRequest#62955487 with ConnectStream#35059110
System.Net Information: 0 : [7852] HttpWebRequest#62955487 - Request: GET /AvelonRMSExternalPlatformRestService/Countries HTTP/1.1
System.Net Information: 0 : [7852] ConnectStream#35059110 - Enviando encabezados
{
Content-Type: application/json
PlatformId: 03986D31-4F8A-4527-8AF5-A40030B4A4E8
Host: xx.xx.xx.xx:9095
Connection: Keep-Alive
}.
System.Net Information: 0 : [7852] SecureChannel#28137373::.ctor(hostname=xx.xx.xx.xx, #clientCertificates=0, encryptionPolicy=RequireEncryption)
System.Net Information: 0 : [7852] Enumerando paquetes de seguridad:
System.Net Information: 0 : [7852] Negotiate
System.Net Information: 0 : [7852] NegoExtender
System.Net Information: 0 : [7852] Kerberos
System.Net Information: 0 : [7852] NTLM
System.Net Information: 0 : [7852] TSSSP
System.Net Information: 0 : [7852] pku2u
System.Net Information: 0 : [7852] WDigest
System.Net Information: 0 : [7852] Schannel
System.Net Information: 0 : [7852] Microsoft Unified Security Protocol Provider
System.Net Information: 0 : [7852] CloudAP
System.Net Information: 0 : [7852] CREDSSP
System.Net Information: 0 : [7852] SecureChannel#28137373 - Con 0 certificados de cliente entre los que elegir.
System.Net Information: 0 : [7852] AcquireCredentialsHandle(package = Microsoft Unified Security Protocol Provider, intent = Outbound, scc = System.Net.SecureCredential)
System.Net Information: 0 : [7852] InitializeSecurityContext(credential = System.Net.SafeFreeCredential_SECURITY, context = (null), targetName = xx.xx.xx.xx, inFlags = ReplayDetect, SequenceDetect, Confidentiality, AllocateMemory, InitManualCredValidation)
System.Net Information: 0 : [7852] InitializeSecurityContext(Longitud de In-Buffer=0, Longitud de Out-Buffer=155, código devuelto=ContinueNeeded).
System.Net.Sockets Verbose: 0 : [7852] Socket#17375337::Send()
System.Net.Sockets Verbose: 0 : [7852] Data from Socket#17375337::Send
System.Net.Sockets Verbose: 0 : [7852] 00000000 : 16 03 03 00 96 01 00 00-92 03 03 56 BA F5 B5 96 : ...........V....
System.Net.Sockets Verbose: 0 : [7852] 00000010 : 5D 49 B9 74 F0 A9 25 16-80 FD 00 2F 53 A6 F1 10 : ]I.t..%..../S...
System.Net.Sockets Verbose: 0 : [7852] 00000020 : 92 E0 5B 60 A8 6C C2 CF-26 C3 80 00 00 38 C0 30 : ..[`.l..&....8.0
System.Net.Sockets Verbose: 0 : [7852] 00000030 : C0 2F C0 28 C0 27 C0 14-C0 13 00 9F 00 9E 00 9D : ./.(.'..........
System.Net.Sockets Verbose: 0 : [7852] 00000040 : 00 9C 00 3D 00 3C 00 35-00 2F C0 2C C0 2B C0 24 : ...=.<.5./.,.+.$
System.Net.Sockets Verbose: 0 : [7852] 00000050 : C0 23 C0 0A C0 09 00 6A-00 40 00 38 00 32 00 0A : .#[email protected]..
System.Net.Sockets Verbose: 0 : [7852] 00000060 : 00 13 00 05 00 04 01 00-00 31 00 0A 00 06 00 04 : .........1......
System.Net.Sockets Verbose: 0 : [7852] 00000070 : 00 17 00 18 00 0B 00 02-01 00 00 0D 00 14 00 12 : ................
System.Net.Sockets Verbose: 0 : [7852] 00000080 : 04 01 05 01 02 01 04 03-05 03 02 03 02 02 06 01 : ................
System.Net.Sockets Verbose: 0 : [7852] 00000090 : 06 03 00 23 00 00 FF 01-00 01 00 : ...#.......
System.Net.Sockets Verbose: 0 : [7852] Exiting Socket#17375337::Send() -> Int32#155
System.Net.Sockets Verbose: 0 : [7852] Socket#17375337::Receive()
System.Net.Sockets Verbose: 0 : [7852] Data from Socket#17375337::Receive
System.Net.Sockets Verbose: 0 : [7852] 00000000 : 16 03 03 0A BC : .....
System.Net.Sockets Verbose: 0 : [7852] Exiting Socket#17375337::Receive() -> Int32#5
System.Net.Sockets Verbose: 0 : [7852] Socket#17375337::Receive()
System.Net.Sockets Verbose: 0 : [7852] Data from Socket#17375337::Receive
System.Net.Sockets Verbose: 0 : [7852] 00000005 : 02 00 00 4D 03 03 56 BA-F5 B7 5B 2C B9 AF C3 88 : ...M..V...[,....
System.Net.Sockets Verbose: 0 : [7852] 00000015 : 63 FA 0E EA CF A1 B4 E8-29 E4 8F 3A 51 06 0C 16 : c.......)..:Q...
System.Net.Sockets Verbose: 0 : [7852] 00000025 : F6 B6 A8 5A 0D 24 20 0B-03 00 00 3E 87 1B B9 B9 : ...Z.$ ....>....
[DELETED LINES OF DATA]
System.Net.Sockets Verbose: 0 : [7852] 00000AC0 : 00 : .
System.Net.Sockets Verbose: 0 : [7852] Exiting Socket#17375337::Receive() -> Int32#1313
System.Net Information: 0 : [7852] InitializeSecurityContext(credential = System.Net.SafeFreeCredential_SECURITY, context = fab233c920:e654e74680, targetName = xx.xx.xx.xx, inFlags = ReplayDetect, SequenceDetect, Confidentiality, AllocateMemory, InitManualCredValidation)
System.Net Information: 0 : [7852] InitializeSecurityContext(Número de In-Buffers=2, Longitud de Out-Buffer=0, código devuelto=InternalError).
System.Net.Sockets Verbose: 0 : [7852] Socket#17375337::Dispose()
System.Net Error: 0 : [7852] Excepción en HttpWebRequest#62955487:: - Anulada la solicitud: No se puede crear un canal seguro SSL/TLS..
System.Net Error: 0 : [7852] Excepción en HttpWebRequest#62955487::GetResponse - Anulada la solicitud: No se puede crear un canal seguro SSL/TLS..
[NO MORE LOGGING AVAILABLE]
ClientHello和ServerHello完成,但是在W10上,对InitializeSecurityContext的第二次调用失败,并出现内部错误,其中在工作的W7机器上返回了CredentialsNeeded:
InitializeSecurityContext(Número de In-Buffers=2, Longitud de Out-Buffer=0, código devuelto=InternalError).
在Windows事件日志中,我看到以下内容:
TLS协议定义的致命错误代码是40。WindowsSChannel错误状态是813
似乎W10握手失败。
我不知道如何从这里继续。有人遇到过这个问题吗?是否可以进行其他日志记录?
我已经尝试过的事情:
我使用.NET 4.5.2在服务器和客户端上工作。我在.NET 4下尝试了客户端
我试图强制Tls 1.0和Tls 1.1
我试图以管理员权限运行客户端应用程序。
我更新(Windows更新)两个系统。
从W10可以正常使用W2012R2服务器上的相同设置。问题是当我在2008R2服务器上托管时。
在此先感谢,华金
最佳答案
终于发现了问题所在。我使用了密钥长度为512位的自签名SHA265证书。似乎W10不再支持该较短的密钥长度。我生成了一个密钥长度为2048位的新证书,一切开始正常工作。
关于c# - 通过https对W2008R2上托管的wcf rest api的调用是从W7而不是从W10进行的,我们在Stack Overflow上找到一个类似的问题:https://stackoverflow.com/questions/35312093/