安全错误,在Azure(Asp.net核心)上发布带有客户端证书(自签名根)的邮件 [英] Security Error, post with Client Certificate (Self-signed Root) on Azure (Asp.net core)
问题描述
我已将客户端证书上载到Azure,并尝试使用此证书在api方法中发布信息.当我在本地计算机上调试时,我的代码可以工作,但是当我在Azure上将其作为应用程序服务运行时,我的代码将失败.
I have uploaded a client certificate to Azure and are trying to make a post to a api method with this certificate. My code works when I am debugging on my local computer but it fails when I run it on Azure as a App Service.
System.Net.Http.HttpRequestException:发送请求时发生错误. ---> System.Net.Http.WinHttpException:发生安全错误 在System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(任务任务) 在System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(任务任务) 在System.Runtime.CompilerServices.ConfiguredTaskAwaitable
1.ConfiguredTaskAwaiter.GetResult() at System.Net.Http.WinHttpHandler.<StartRequest>d__105.MoveNext() --- End of inner exception stack trace --- at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task) at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) at System.Runtime.CompilerServices.ConfiguredTaskAwaitable
1.ConfiguredTaskAwaiter.GetResult()处 在System.Net.Http.HttpClient.d__58.MoveNext() ---从上一个引发异常的位置开始的堆栈结束跟踪--- 在System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(任务任务) 在System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(任务任务) 在System.Runtime.CompilerServices.TaskAwaiter.ValidateEnd(任务任务) 在D:\ ASP-hemsidor \ NetCoreApplications \ Bandytabeller \ Bandytabeller \ Api \ swishController.cs:line 102中的Bandytabeller.Controllers.swishController.d__3.MoveNext()中
System.Net.Http.HttpRequestException: An error occurred while sending the request. ---> System.Net.Http.WinHttpException: A security error occurred at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task) at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) at System.Runtime.CompilerServices.ConfiguredTaskAwaitable
1.ConfiguredTaskAwaiter.GetResult() at System.Net.Http.WinHttpHandler.<StartRequest>d__105.MoveNext() --- End of inner exception stack trace --- at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task) at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) at System.Runtime.CompilerServices.ConfiguredTaskAwaitable
1.ConfiguredTaskAwaiter.GetResult() at System.Net.Http.HttpClient.d__58.MoveNext() --- End of stack trace from previous location where exception was thrown --- at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task) at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) at System.Runtime.CompilerServices.TaskAwaiter.ValidateEnd(Task task) at Bandytabeller.Controllers.swishController.d__3.MoveNext() in D:\ASP-hemsidor\NetCoreApplications\Bandytabeller\Bandytabeller\Api\swishController.cs:line 102
[HttpGet("{id}")]
public async Task pay(string id = "", string amount = "")
{
// Get the user agent
string userAgent = Request.Headers["User-Agent"].ToString();
// Create the payment request
SwishPaymentRequest post = new SwishPaymentRequest();
post.payeePaymentReference = id.ToString();
post.callbackUrl = "https://www.quiz-walk.se/";
post.payeeAlias = "1231181189";
post.amount = amount;
post.currency = "SEK";
post.message = "Faktura " + id.ToString();
// Create the http content
HttpContent data = new StringContent(JsonConvert.SerializeObject(post), Encoding.UTF8, "application/json");
// Create variables
X509Store certStore = null;
HttpClientHandler handler = null;
HttpClient client = null;
string token = "";
try
{
// Create a request handler
handler = new HttpClientHandler();
handler.ClientCertificateOptions = ClientCertificateOption.Manual;
handler.SslProtocols = SslProtocols.Tls12 | SslProtocols.Tls11 | SslProtocols.Tls;
handler.AutomaticDecompression = DecompressionMethods.Deflate | DecompressionMethods.GZip;
// Open certificate from certificate store
certStore = new X509Store(StoreName.My, StoreLocation.CurrentUser);
certStore.Open(OpenFlags.OpenExistingOnly | OpenFlags.ReadOnly);
X509Certificate2Collection certCollection = certStore.Certificates.Find(X509FindType.FindByThumbprint, "800CDE7BC219D53812FC164DFF0FE73DF8A8D7B6", false);
if (certCollection.Count > 0)
{
handler.ClientCertificates.Add(certCollection[0]);
}
// Disable ssl validation
handler.ServerCertificateCustomValidationCallback += (message, xcert, chain, errors) => true;
//handler.ClientCertificates.Add(cert);
// Create the http client
client = new HttpClient(handler, false);
// Post the payment request
//Task task = Task.Run(() => client.PostAsync("https://mss.swicpc.bankgirot.se/swish-cpcapi/api/v1/paymentrequests/", data));
HttpResponseMessage task = await client.PostAsync("https://mss.swicpc.bankgirot.se/swish-cpcapi/api/v1/paymentrequests/", data);
// Wait for the task to finish
//task.Wait();
// Make sure that the response is successful
if (task.StatusCode == System.Net.HttpStatusCode.Created)
{
// Get all header values
IEnumerable headers = task.Headers.GetValues("PaymentRequestToken");
// Get the token
foreach (string value in headers)
{
token += value;
}
}
}
catch (Exception ex)
{
token += ex.ToString();
logger.LogWarning(ex.ToString());
}
finally
{
// Dispose of the handler and the client
if(certStore != null)
{
certStore.Dispose();
}
if (handler != null)
{
handler.Dispose();
}
if (client != null)
{
client.Dispose();
}
}
// Create the url
string url = "http://www.bokforingstips.se";
if (userAgent.Contains("Windows Phone") == true)
{
url = "swish://paymentrequest?token=" + token;
}
else if (userAgent.Contains("iPhone") == true || userAgent.Contains("iPad") == true)
{
url = "swish://paymentrequest?token=" + token;
}
else if (userAgent.Contains("Android") == true)
{
url = "intent://paymentrequest?token=" + token + "/#Intent;scheme=swish;package=se.bankgirot.swish;end;";
}
else
{
return Content(handler.ClientCertificates[0].Issuer + " " + token);
}
// Redirect the user to url
return Redirect(url);
} // End of the pay method
我正在测试Swish API,并使用ServerCertificateCustomValidationCallback进行验证.我在本地计算机上工作,但不在Azure上工作.证书已加载,错误发生在PostAsync调用上.
I am testing the Swish API and I use ServerCertificateCustomValidationCallback to do my on validation. I works on my local computer but not on Azure. The certificate is loaded, the error occurs on the PostAsync call.
Asp.Net Core 1.1.1
Asp.Net Core 1.1.1
已在Azure上使用.Net Framework 4.6.2进行了测试.它不起作用,已启用system.net跟踪.
Tested with .Net Framework 4.6.2 on Azure. It does not work, have enabled system.net tracing.
`System.Net Information: 0 : [12712] SecureChannel#3644764 - Certificate is of type X509Certificate2 and contains the private key.
System.Net Information: 0 : [12712] AcquireCredentialsHandle(package = Microsoft Unified Security Protocol Provider, intent = Outbound, scc = System.Net.SecureCredential)
System.Net Information: 0 : [12712] InitializeSecurityContext(credential = System.Net.SafeFreeCredential_SECURITY, context = 6801dc65d0:db724b14d0, targetName = mss.swicpc.bankgirot.se, inFlags = ReplayDetect, SequenceDetect, Confidentiality, AllocateMemory, InitManualCredValidation)
System.Net Information: 0 : [12712] InitializeSecurityContext(In-Buffers count=2, Out-Buffer length=1638, returned code=ContinueNeeded).
System.Net.Sockets Verbose: 0 : [12712] Socket#66404974::BeginSend()
System.Net.Sockets Verbose: 0 : [23872] Data from Socket#66404974::PostCompletion
System.Net.Sockets Verbose: 0 : [23872] (printing 1024 out of 1638)
System.Net.Sockets Verbose: 0 : [12712] Exiting Socket#66404974::BeginSend() -> OverlappedAsyncResult#29753716
System.Net.Sockets Verbose: 0 : [23872] 00000000 : 16 03 03 06 2E 0B 00 04-9C 00 04 99 00 04 96 30 : ...............0
System.Net.Sockets Verbose: 0 : [23872] 00000010 : 82 04 92 30 82 02 7A A0-03 02 01 02 02 08 1B 46 : ...0..z........F
System.Net.Sockets Verbose: 0 : [23872] 00000020 : F2 54 AE 99 F3 1C 30 0D-06 09 2A 86 48 86 F7 0D : .T....0...*.H...
System.Net.Sockets Verbose: 0 : [23872] 00000030 : 01 01 0B 05 00 30 73 31-0B 30 09 06 03 55 04 06 : .....0s1.0...U..
System.Net.Sockets Verbose: 0 : [23872] 00000040 : 13 02 53 45 31 1D 30 1B-06 03 55 04 0A 0C 14 54 : ..SE1.0...U....T
System.Net.Sockets Verbose: 0 : [23872] 00000050 : 65 73 74 62 61 6E 6B 20-32 20 41 42 20 28 70 75 : estbank 2 AB (pu
System.Net.Sockets Verbose: 0 : [23872] 00000060 : 62 6C 29 31 11 30 0F 06-03 55 04 05 13 08 54 45 : bl)1.0...U....TE
System.Net.Sockets Verbose: 0 : [23872] 00000070 : 53 54 53 45 54 32 31 32-30 30 06 03 55 04 03 0C : STSET21200..U...
System.Net.Sockets Verbose: 0 : [23872] 00000080 : 29 54 65 73 74 62 61 6E-6B 20 32 20 43 75 73 74 : )Testbank 2 Cust
System.Net.Sockets Verbose: 0 : [23872] 00000090 : 6F 6D 65 72 20 43 41 31-20 76 31 20 66 6F 72 20 : omer CA1 v1 for
System.Net.Sockets Verbose: 0 : [23872] 000000A0 : 53 77 69 73 68 20 54 65-73 74 30 1E 17 0D 31 35 : Swish Test0...15
System.Net.Sockets Verbose: 0 : [23872] 000000B0 : 31 30 32 36 32 33 30 30-30 30 5A 17 0D 31 37 31 : 1026230000Z..171
System.Net.Sockets Verbose: 0 : [23872] 000000C0 : 30 32 36 32 31 35 39 35-39 5A 30 37 31 0B 30 09 : 026215959Z071.0.
System.Net.Sockets Verbose: 0 : [23872] 000000D0 : 06 03 55 04 06 13 02 53-45 31 13 30 11 06 03 55 : ..U....SE1.0...U
System.Net.Sockets Verbose: 0 : [23872] 000000E0 : 04 0A 0C 0A 35 35 36 39-31 33 37 33 38 32 31 13 : ....55691373821.
System.Net.Sockets Verbose: 0 : [23872] 000000F0 : 30 11 06 03 55 04 03 0C-0A 31 32 33 31 31 38 31 : 0...U....1231181
System.Net.Sockets Verbose: 0 : [23872] 00000100 : 31 38 39 30 82 01 22 30-0D 06 09 2A 86 48 86 F7 : 1890.."0...*.H..
System.Net.Sockets Verbose: 0 : [23872] 00000110 : 0D 01 01 01 05 00 03 82-01 0F 00 30 82 01 0A 02 : ...........0....
System.Net.Sockets Verbose: 0 : [23872] 00000120 : 82 01 01 00 BC CF F1 F1-62 AB 84 50 EC 91 13 A9 : ........b..P....
System.Net.Sockets Verbose: 0 : [23872] 00000130 : 6B FE 20 78 32 01 54 E9-84 8F FD 4C 77 61 EB B5 : k. x2.T....Lwa..
System.Net.Sockets Verbose: 0 : [23872] 00000140 : 1F 86 66 E8 C9 17 35 37-DB F3 7B 07 72 AA 80 D5 : ..f...57..{.r...
System.Net.Sockets Verbose: 0 : [23872] 00000150 : 79 C5 AB AD C7 92 E0 55-4C 03 3C ED D7 49 4E D6 : y......UL.Mj.0{N.....
System.Net.Sockets Verbose: 0 : [23872] 00000220 : 9E 39 36 3F 02 03 01 00-01 A3 66 30 64 30 12 06 : .96?......f0d0..
System.Net.Sockets Verbose: 0 : [23872] 00000230 : 03 55 1D 20 04 0B 30 09-30 07 06 05 2A 03 04 05 : .U. ..0.0...*...
System.Net.Sockets Verbose: 0 : [23872] 00000240 : 01 30 0E 06 03 55 1D 0F-01 01 FF 04 04 03 02 07 : .0...U..........
System.Net.Sockets Verbose: 0 : [23872] 00000250 : 80 30 1D 06 03 55 1D 0E-04 16 04 14 60 78 11 F2 : .0...U......`x..
System.Net.Sockets Verbose: 0 : [23872] 00000260 : 80 61 20 15 74 29 36 9E-F8 96 1E 7D 33 6C 7F F8 : .a .t)6....}3l..
System.Net.Sockets Verbose: 0 : [23872] 00000270 : 30 1F 06 03 55 1D 23 04-18 30 16 80 14 26 CD F1 : 0...U.#..0...&..
System.Net.Sockets Verbose: 0 : [23872] 00000280 : 34 AD 9D 0F 17 DC 90 6D-AE B2 BB DF BE A0 0C F5 : 4......m........
System.Net.Sockets Verbose: 0 : [23872] 00000290 : 40 30 0D 06 09 2A 86 48-86 F7 0D 01 01 0B 05 00 : @0...*.H........
System.Net.Sockets Verbose: 0 : [23872] 000002A0 : 03 82 02 01 00 16 18 A4-67 4E 78 3C B7 1F 91 F5 : ........gNx|....
System.Net.Sockets Verbose: 0 : [23872] 000002D0 : F1 DD 3E DE 05 F1 7A FC-5A D1 E4 78 33 80 8C 84 : ..>...z.Z..x3...
System.Net.Sockets Verbose: 0 : [23872] 000002E0 : EF 68 FD 90 13 E7 77 35-B9 8E B4 3C 0F 2C DE 55 : .h....w5...uM..V..F...
System.Net.Sockets Verbose: 0 : [23872] 00000370 : DE DB 8D 63 2A 46 C2 3E-31 1E 01 DA B1 57 EE FD : ...c*F.>1....W..
System.Net.Sockets Verbose: 0 : [23872] 00000380 : A6 0C A1 09 8F 03 41 2D-4D 77 19 A9 61 22 50 01 : ......A-Mw..a"P.
System.Net.Sockets Verbose: 0 : [23872] 00000390 : F9 72 46 A7 42 20 03 16-91 F4 37 00 78 73 5D 8E : .rF.B ....7.xs].
System.Net.Sockets Verbose: 0 : [23872] 000003A0 : 05 21 01 FB C7 5D D4 AD-39 41 F4 3C 07 BC 9C 03 : .!...]..9A. Int32#1638
System.Net.Sockets Verbose: 0 : [23872] Socket#66404974::BeginReceive()
System.Net.Sockets Verbose: 0 : [12712] Data from Socket#66404974::PostCompletion
System.Net.Sockets Verbose: 0 : [12712] 00000000 : 15 03 03 00 02 : .....
System.Net.Sockets Verbose: 0 : [12712] Socket#66404974::EndReceive(OverlappedAsyncResult#64760428)
System.Net.Sockets Verbose: 0 : [12712] Exiting Socket#66404974::EndReceive() -> Int32#5
System.Net.Sockets Verbose: 0 : [23872] Exiting Socket#66404974::BeginReceive() -> OverlappedAsyncResult#64760428
System.Net.Sockets Verbose: 0 : [23872] Socket#66404974::BeginReceive()
System.Net.Sockets Verbose: 0 : [12712] Data from Socket#66404974::PostCompletion
System.Net.Sockets Verbose: 0 : [12712] 00000000 : 02 28 : .(
System.Net.Sockets Verbose: 0 : [12712] Socket#66404974::EndReceive(OverlappedAsyncResult#27335310)
System.Net.Sockets Verbose: 0 : [12712] Exiting Socket#66404974::EndReceive() -> Int32#2
System.Net.Sockets Verbose: 0 : [23872] Exiting Socket#66404974::BeginReceive() -> OverlappedAsyncResult#27335310
System.Net Information: 0 : [23872] InitializeSecurityContext(credential = System.Net.SafeFreeCredential_SECURITY, context = 6801dc65d0:db724b14d0, targetName = mss.swicpc.bankgirot.se, inFlags = ReplayDetect, SequenceDetect, Confidentiality, AllocateMemory, InitManualCredValidation)
System.Net Information: 0 : [23872] InitializeSecurityContext(In-Buffers count=2, Out-Buffer length=0, returned code=IllegalMessage).
System.Net.Sockets Verbose: 0 : [23872] Socket#66404974::Dispose()
System.Net Error: 0 : [23872] Exception in HttpWebRequest#15120020:: - The request was aborted: Could not create SSL/TLS secure channel..
System.Net Verbose: 0 : [23872] HttpWebRequest#15120020::EndGetRequestStream()
System.Net Error: 0 : [23872] Exception in HttpWebRequest#15120020::EndGetRequestStream - The request was aborted: Could not create SSL/TLS secure channel..`
推荐答案
从不调用ServerCertificateCustomValidationCallback,我猜Azure不允许此回调.根证书必须是受信任的.
The ServerCertificateCustomValidationCallback is never called and I guess that Azure don´t allow this callback. The root certificate must be trusted.
这篇关于安全错误,在Azure(Asp.net核心)上发布带有客户端证书(自签名根)的邮件的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!