SslStream.AuthenticateAsClient 出现异常(消息格式错误)

发布于 2024-08-14 18:16:37 字数 1021 浏览 11 评论 0原文

我遇到了奇怪的问题。我正在尝试通过 TCP/SSL 连接到 Apple 服务器。我正在使用 Apple 提供的客户端证书来推送通知。我在我的服务器(Win2k3)上将证书安装在本地受信任的根证书和本地个人证书文件夹中。

现在我有一个处理该连接的类库,当我从服务器运行的控制台应用程序调用这个类库时,它工作得很好,但是当我从 asp.net 页面或 asmx Web 服务调用该类库时,我得到以下异常。

对 SSPI 的调用失败,请参阅内部异常。收到的消息是意外的或格式错误。

这是我的代码:

X509Certificate cert = new X509Certificate(certificateLocation, certificatePassword);                       
X509CertificateCollection certCollection = new X509CertificateCollection(new X509Certificate[1] { cert });
// OPEN the new SSL Stream
SslStream ssl = new SslStream(client.GetStream(), false, new RemoteCertificateValidationCallback(ValidateServerCertificate), null);                       
ssl.AuthenticateAsClient(ipAddress, certCollection, SslProtocols.Default, false);

ssl.AuthenticateAsClient 是抛出错误的地方。

这让我抓狂。如果控制台应用程序可以正常连接,则 ASP.NET 网络层安全性一定存在一些问题,导致身份验证失败...不确定,也许需要在 web.config 中添加某些内容或某种安全策略。另外只是想指出,我可以在本地开发计算机上与控制台和网站良好连接。

有人有什么想法吗?

I have got wierd problem going on. I am trying to connect to Apple server via TCP/SSL. I am using a Client certificate provided by Apple for push notifications. I installed the certificate on my server (Win2k3) in both Local Trusted Root certificates and Local Personal Certificates folder.

Now I have a class library that deals with that connection, when i call this class library from a console application running from the server it works absolutely fine, but when i call that class library from an asp.net page or asmx web service I get the following exception.

A call to SSPI failed, see inner exception. The message received was unexpected or badly formatted.

This is my code:

X509Certificate cert = new X509Certificate(certificateLocation, certificatePassword);                       
X509CertificateCollection certCollection = new X509CertificateCollection(new X509Certificate[1] { cert });
// OPEN the new SSL Stream
SslStream ssl = new SslStream(client.GetStream(), false, new RemoteCertificateValidationCallback(ValidateServerCertificate), null);                       
ssl.AuthenticateAsClient(ipAddress, certCollection, SslProtocols.Default, false);

ssl.AuthenticateAsClient is where the error gets thrown.

This is driving me nuts. If the console application can connect fine, there must be some problem with asp.net network layer security that is failing the authentication... not sure, perhaps need to add something or some sort of security policy in the web.config. Also just to point out that i can connect fine on my local development machine both with console and website.

Anyone has got any ideas?

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(4

坚持沉默 2024-08-21 18:16:37

您的系统上安装了证书吗?如果您运行的是 Windows,它应该位于管理控制台下的本地计算机/个人或受信任文件夹中(运行 -> mmc)。

Have you installed the certificate on your system? If you are running windows it should be in Local Computer/Personal or Trusted Folders under Management Console (Run -> mmc).

像极了他 2024-08-21 18:16:37

ASP.NET 在不同的帐户下运行,因此您必须使用 WinHttpCertCfg.exe 工具来允许以下帐户访问您应安装在本地计算机个人/受信任文件夹中的证书。

  • ASPNET
  • 网络服务
  • 经过身份验证的用户

,例如

winhttpcertcfg -g -c LOCAL_MACHINE\MY -s "CertificateName" -a "ASPNET"

其中证书名称是您的证书的友好名称。您可以从此处<获取工具和信息/a>.

The ASP.NET runs under a different account so you have to use WinHttpCertCfg.exe tool to allow the following account to access the certificate which you should install in Local Computer Personal/Trusted folders.

  • ASPNET
  • Network Service
  • Authenticated Users

e.g.

winhttpcertcfg -g -c LOCAL_MACHINE\MY -s "CertificateName" -a "ASPNET"

where certificate name is the friendly name of your certificate. You can get the tool and information from here.

风吹雪碎 2024-08-21 18:16:37

我遇到了同样的问题 - 添加 ASP.NET DefaultAppPool/Network Service 用户并没有帮助我。

我最终发现,当证书位于受信任的根证书文件夹中时,ASP.NET Web 服务无法访问该证书(即使控制台应用程序可以)。我将其拖回个人证书文件夹,现在可以从控制台和 Web 应用程序调用该方法。

I had this same problem - adding the ASP.NET DefaultAppPool/Network Service user didn't help me though.

I finally figured out that the ASP.NET webservice couldn't access the certificate when it was in the Trusted Root Certificates folder (even though the console app can). I dragged it back to the Personal Certificates folder and can now call the method from both console and web apps.

习ぎ惯性依靠 2024-08-21 18:16:37

将 X509Certificate 更改为 X509Certificate2,并将 X509CertificateCollection 更改为 X509Certificate2Collection

change X509Certificate to X509Certificate2 and also X509CertificateCollection to X509Certificate2Collection

~没有更多了~
我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
原文