无法在 .net 中发布 https WebRequest?
您好,我在尝试在 Https 下发布 WebRequest 时遇到问题。
我收到以下错误
1.-底层连接已关闭:无法连接到远程服务器。
2.-操作超时
3-底层连接已关闭:无法为 SSL/TLS 建立安全通道。
我尝试了我公司和客户公司的大约 3 或 4 个不同的代理,即使我直接与 ISP 提供商联系,没有任何限制,我在执行以下方法时会收到上述错误,
WebRequest.GetRequestStream()
无论是否在代理后面发生,请求只能从代理后面的一台 PC 成功发布。 代理未安装客户端证书。
这是在 .net Framework 1.1 下并且 该请求已包含网络凭据。
可能是什么?
更新
内部异常,第三个错误如下: 该函数已成功完成,但必须
根据 iisper.h 再次调用以完成上下文 文档 此错误属于
//
// MessageId: SEC_I_CONTINUE_NEEDED
//
// MessageText:
//
// The function completed successfully, but must be called
// again to complete the context
//
#define SEC_I_CONTINUE_NEEDED ((HRESULT)0x00090312L)
MSDN 这是指
SEC_I_CONTINUE_NEEDED 客户端必须将输出令牌发送到服务器并等待返回令牌。 然后,返回的令牌将在另一个调用中传递到 InitializeSecurityContext (Schannel)。 输出标记可以为空。
这是否意味着 PC 缺少客户端证书?
Hi i am encountering problems trying to post a WebRequest under Https.
i received the following errors
1.-The underlying connection was closed: Unable to connect to the remote server.
2.-the operation TimeOut
3-The underlying connection was closed: Could not establish secure channel for SSL/TLS.
i tried with about 3 or 4 different proxies of my company and the customer company and not even when i am directly with the ISP provider with no restrictions, i get the above errors when executing the following method
WebRequest.GetRequestStream()
this occurs behind a proxy or not, the request can only be succesfully post from one single PC which is behind a proxy. the proxy doesn't have a client certificate installed.
this is under .net framework 1.1 and
the request already contains network credentials.
what could be?
Update
the inner exception the 3rd error is the following:
The function completed successfully, but must be called again to complete the context
according to iisper.h documentation this error belongs to the
//
// MessageId: SEC_I_CONTINUE_NEEDED
//
// MessageText:
//
// The function completed successfully, but must be called
// again to complete the context
//
#define SEC_I_CONTINUE_NEEDED ((HRESULT)0x00090312L)
on MSDN this refers to
SEC_I_CONTINUE_NEEDED
The client must send the output token to the server and wait for a return token. The returned token is then passed in another call to InitializeSecurityContext (Schannel). The output token can be empty.
does this means the PC lacks a client certificate?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(4)
有很多事情可能会使事情变得复杂,例如与 SSL 证书不一致等。但首先,您应该进行一些基本的调试以排除明显的事情:
-- 您是否尝试发送一个简单的 Web 请求到其他服务器? 尝试(不安全)http 和(安全)https
- 您是否尝试从另一台计算机或另一个网络进行连接? 您提到客户端位于代理后面; 首先尝试一台没有代理的计算机,以排除这种情况。
-- 您是否在会话中发出多个 WebRequest? 打开请求的数量有硬性限制,因此请确保在收到 WebResponse 后关闭它们。 也许只需要一个请求就可以编写一个测试程序。
如果这不能缩小范围,那么事情可能会更复杂,涉及到他们的服务器或代理。 您可以使用 netshark 等程序跟踪传出的网络数据包,以尝试找出问题所在。
There are a whole number of things that could be complicating things, as far as inconsistencies with the SSL certs, etc. But first, you should do some basic debugging to rule out the obvious things:
-- Did you try sending a simple web request to other servers? Try both (unsecured) http and (secured) https
-- Did you try connecting from another computer, or from another network? You mentioned that the client is behind a proxy; try a computer w/o a proxy first, to rule that out.
-- Are you making multiple WebRequests within the session? There is a hard-limit on the number of open requests, so make sure you're closing them after you get the WebResponse. Perhaps make a test program with just one request.
If that doesn't narrow it down, then it's probably something more complicated, with their the server or the proxy. You can track outgoing network packets with a program such as netshark to try to track down where things are getting stuck.
您可以使用 Fiddler 或网络数据包嗅探工具(例如
EtherealWhireshark 在其正在工作的机器上以及其他机器之一上,并且比较结果。 这是相当低级的,但可能会阐明这个问题。You could make a trace of the HTTP traffic using Fiddler or a network packet sniffing tool like
EtherealWhireshark on the machine where it is working, and on one of the other machines, and compare the results. This is fairly low-level, but might throw some light on the issue.在 Windows 上,
如果连接了,屏幕将变为空白(按几次回车键即可退出)
如果您的请求位于 HTTPS 下,代理可能会也可能不会真正关心您的请求,因为它们无法读取它。
其他机器是否安装了客户端证书和证书链?
On windows that would be
and if it connects the screen will go blank (hit return a few times to exit)
The proxies may or may not actually care about your request if it is under HTTPS as they can't read it.
Do the other machines have the client certificate and the certificate chain installed?
SSL 证书名称可能不匹配。 自签名证书经常出现这种情况。
解决方案是编写您自己的身份验证例程,您要么始终返回 true,要么进行必要的身份验证以确保证书有效。
The SSL certificate name probably doesn't match. This is often the case with selfsigned certificates.
The solution is to write your own authentication routine where you either always return true or do the necessary authentication to make sure the certificate is valid.