使用带有 HTTPS 证书的 System.Net.WebClient
在我的 C# Windows 客户端中,我向“母舰”进行了 POST 提交。当然,我希望提交的数据受到保护,因此我付费让 HostGator 向我颁发 SSL 证书。
我保存了 .CER 文件,并按如下方式构造请求:
//wrapper for WebClient object to use certificate file
class SecureWebClient : WebClient
{
protected override WebRequest GetWebRequest(Uri address)
{
HttpWebRequest request = (HttpWebRequest)base.GetWebRequest(address);
string certPath = @"e:\mycertificate.cer";
X509Certificate myCert = X509Certificate.CreateFromCertFile(certPath);
request.ClientCertificates.Add(myCert);
return request;
}
}
//request
private static SecureWebClient client = new SecureWebClient();
private static NameValueCollection = new NameValueCollection();
nvc.Add(POST_ACTION, ACTION_CODE_LOGIN);
nvc.Add(POST_EMAIL, email);
nvc.Add(POST_PASSWORD, password);
sResponse = System.Text.Encoding.ASCII.GetString(client.UploadValues(BASE_URL + ACTION_PAGE, nvc));
它抛出 System.Net.WebException:
底层连接已关闭:发送时发生意外错误。
InnerException 是一个 System.IO.IOException:
由于数据包格式意外,握手失败。
对我做错了什么有任何见解吗?
In my C# Windows client, I have a POST submission to "the mothership". I want the data in the submits to be secured, of course, so I paid for HostGator to issue me an SSL certificate.
I saved off the .CER file, and I'm constructing the request as such:
//wrapper for WebClient object to use certificate file
class SecureWebClient : WebClient
{
protected override WebRequest GetWebRequest(Uri address)
{
HttpWebRequest request = (HttpWebRequest)base.GetWebRequest(address);
string certPath = @"e:\mycertificate.cer";
X509Certificate myCert = X509Certificate.CreateFromCertFile(certPath);
request.ClientCertificates.Add(myCert);
return request;
}
}
//request
private static SecureWebClient client = new SecureWebClient();
private static NameValueCollection = new NameValueCollection();
nvc.Add(POST_ACTION, ACTION_CODE_LOGIN);
nvc.Add(POST_EMAIL, email);
nvc.Add(POST_PASSWORD, password);
sResponse = System.Text.Encoding.ASCII.GetString(client.UploadValues(BASE_URL + ACTION_PAGE, nvc));
Its throwing a System.Net.WebException:
The underlying connection was closed: An unexpected error occurred on a send.
The InnerException is a System.IO.IOException:
The handshake failed due to an unexpected packet format.
Any insight on what I am doing wrong?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(4)
如果您不使用客户端证书,并且您可以使用https://访问您的服务器,那么您的代码应如下所示:
只要您的 BASE_URL 使用 https://,那么所有数据(传入和传出服务器)都将被加密。
IOW 使用 SSL/TLS 从客户端到服务器不需要客户端执行任何特殊操作(使用证书),除了使用 https:// 作为方案之外,因为操作系统提供了一切(例如,受信任的根)您需要保护数据传输。
If you're not using client certificates and you can access your server using https:// then your code should look like:
As long as your BASE_URL uses https:// then all the data (to and from the server) will be encrypted.
IOW using SSL/TLS from a client to a server does not require the client to do anything special (with the certificate), besides using https:// as the scheme, since the operating system provides everything (e.g. trusted roots) you need to secure the data transmission.
客户端证书仅在私钥可用时才有效。使用 .cer 文件时通常情况并非如此,因为 X.509 证书不包含私钥。
确保私钥可用的唯一安全方法是从 PKCS#12 文件加载证书,其中证书和私钥均可用(即两者都导出到< .pfx 文件)。
注意:
我说通常是因为 Windows/CryptoAPI 有时会执行一些魔法(当与 X509Certificate 一起使用时)并自动将证书与证书中的私钥关联起来。
我说安全是因为这也适用于Mono,而不仅仅是MS .NET。
Client certificates will work only if the private key is available. This is not generally the case when using .cer files since the X.509 certificate does not include the private key.
The only safe way to ensure the private key is available is to load the certificate from a PKCS#12 file where both the certificate(s) and the private key are available (i.e. both were exported into the .pfx file).
Notes:
I said generally because Windows/CryptoAPI sometimes does some magic (when used with X509Certificate) and automatically associate a certificate with a private key from the certificate.key stores.
I said safe because that will work on Mono too, not just MS .NET.
听起来你好像在倒退。您应该在 Web 主机/服务器上安装 SLL 证书。然后,您创建一个到 Web 服务器的 Web 请求并需要 HTTPS 协议。
Sounds like you are doing it backwards. You should have the SLL Certificate installed on the web host/server. Then you create a web request to web server and requires the HTTPS protocol.
只需使用 RDP
打开 IE 连接到您的服务器,然后转到“Internet 选项”
导航到“高级”选项卡并启用“使用 SSL 2.0 和 SSL 3.0”
现在您的服务器请求将经过身份验证
Just connect to your server with RDP
Open IE and go to Internet Options
Navigate to Advanced Tab and Enable both Use SSL 2.0 and SSL 3.0
Now your server requests will be authenticated