带有 ssl 的 HttpRequest:在 IIS 下运行时无法识别证书
我们运行一个肥皂服务应用程序(wse 3,但也符合 WCF)。 除了本身是一项服务之外,该应用程序还使用带有 ssl 的 HttpRequest 实例从第三方检索信息。 当通过单元测试运行该 HttpRequest 实例时,第三方服务会识别给定的证书并且工作正常。 但是,当我们的肥皂服务应用程序在 IIS 中运行时,第三方不再识别该证书。
当 HttpClient 在 IIS 下运行时有什么不同?它会改变我使用 HttpRequest 发送的请求吗?我怎样才能直接设置这个(配置?)?
We run a soap service app (wse 3 but also complying with WCF).
Apart from being a service itself, the app also retrieves information from a third party using a HttpRequest instance with ssl.
When running that HttpRequest instance with a unit test, the third party service recognizes the given certificate and it works just fine.
However, when our soap service app is running in IIS, the third party does not recognize the certificate anymore.
What is different when an HttpClient is run under IIS? Does it change the requests I send using HttpRequest? How can I set this straight (configuration?)?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
本文 给了我如何解决问题的想法。
Asp.net 检查服务器证书的名称“CN= ...”是否与服务器的域名匹配。
因此,如果外部服务器的证书不符合该规则,来自 ASP.NET 应用程序的 https 请求将不会信任该连接。因此,如果您没有机会更改外部服务器的配置(第 3 方),则必须禁用该检查。
可以通过将自定义委托传递给 asp.net 的(主要是)静态 ServicePointManager 类来关闭它。
我将这一点放入我的 https 连接器类的静态构造函数中:
(但是,对于整个应用程序中的任何 https 连接,该检查将被关闭)
亲切的问候,C.
This article gave me an idea how to solve the problem.
Asp.net checks whether a server certificate's name "CN= ..." matches the server's domain name.
So if the external server's certificate does not comply to that rule a https request from a asp.net application will not trust the connection. So if you have no chance to change the external server's configuration (3rd party) you have to disable the check.
It can be switched off by passing a custom delegate to asp.net's (mainly) static ServicePointManager class.
I put that bit into a static constructor of my https connector-class:
(however that check will be switched off for any https connection in the whole application)
Kind regards, C.
您似乎没有足够的权限在 IIS 中使用您的证书,您可以使用 Microsoft Windows HTTP 服务证书配置工具 (WinHttpCertCfg.exe) 安装客户端证书并授予其他用户帐户对客户端证书的访问权限,例如作为网络服务帐户。
要了解有关此内容的更多信息,请参阅这篇 MSDN 文章。
It seems that you haven't enough rights for using your certificate within IIS, you can use the Microsoft Windows HTTP Services Certificate Configuration Tool (WinHttpCertCfg.exe) to install the client certificate and to grant access to the client certificate for additional user accounts such as the Network Service account.
To see more about this follow to this MSDN article.