从WebApi尝试GET时无法验证HTTPS连接 [英] Failed to Authenticate HTTPS connection when attempting GET from WebApi
问题描述
我正在使用ASP.Net Core,我有2个项目。
I am using ASP.Net Core and I have 2 projects.
- ASP.Net核心MVC应用程序
- ASP.Net核心WebApi应用程序
如果我使用Postman尝试其中一个WebApi端点我没有任何问题和/ api / values按预期返回(标准测试端点)
If i attempt one of the WebApi end points using Postman i do not have any issues and the /api/values returns as expected (standard test endpoint)
但是如果我使用MVC应用程序尝试相同的操作,我会得到一个非常令人沮丧的错误:
However if i attempt the same operation using the MVC application I get a very frustrating error:
HttpsConnectionFilter[1]
Failed to authenticate HTTPS connection
我使用Kestrel托管Asp.Net核心。
I am hosting using Kestrel for Asp.Net core.
我有一个自我签名的PFX证书我使用powershell,这是抛出异常的代码:
I have a self signed PFX certificate i created using powershell, and this is the code throwing the exception:
var handler = new HttpClientHandler();
handler.ClientCertificateOptions = ClientCertificateOption.Manual;
handler.SslProtocols = SslProtocols.Tls12;
handler.ClientCertificates.Add(new X509Certificate2("localcert.pfx", "xxx"));
var client = new HttpClient(handler);
var content = await client.GetStringAsync("https://localhost:44301/api/values");
如果我要运行这个,我会得到同样的错误:
And i get the same error if i were to run this:
var client = new HttpClient();
var content = await client.GetStringAsync("https://localhost:44301/api/values");
我的Kestrel设置在我的Program.cs中是这样的
My Kestrel setup is like so in my Program.cs
var cert = new X509Certificate2("localcert.pfx", "xxx");
var host = new WebHostBuilder()
.UseKestrel(cfg => cfg.UseHttps(cert))
.UseUrls("https://localhost:44300")
.UseContentRoot(Directory.GetCurrentDirectory())
.UseIISIntegration()
.UseStartup<Startup>()
.Build();
host.Run();
我知道我为上面的HttpClient再次定义了证书,但我很绝望。
I know i defined the cert again for the HttpClient above, but i am desperate.
任何人都可以提供一些见解,了解为什么会发生这种情况,以及如何修复它,甚至调试它,因为它让我发疯。我正在浏览并单步执行KestrelHttpServer代码以查看是否会提供一些见解。
Can anyone offer some insight as to why this is happening and how i can go about fixing it, or even debugging it because it is driving me crazy. I am in the process of going through and stepping through the KestrelHttpServer code to see if that will offer some insight.
这是我从Kestrel控制台窗口获得的完整错误
This is the full error i get from the Kestrel console window
info:HttpsConnectionFilter 1
无法验证HTTPS连接。 System.IO.IOException:身份验证失败,因为远程方已关闭
传输流。 at
System.Net.Security.SslState.StartReadFrame(Byte [] buffer,Int32
readBytes,AsyncProtocolRequest asyncRequest)
System.Net.Security.SslState.PartialFrameCallback(AsyncProtocolRequest
) asyncRequest)
---抛出异常的前一个位置的堆栈跟踪结束---
System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()at
System.Net.Security。
System.Net.Security.SslState.EndProcessAuthentication(IAsyncResult
结果)在
System.Net.Security.SslStream.EndAuthenticateAsServer(IAsyncResult $)的SslState.InternalEndProcessAuthentication(LazyAsyncResult
lazyResult) b $ b asyncResult)
System.Threading.Tasks.TaskFactory1.FromAsyncCoreLogic(IAsyncResult
2 endFunction,Action
iar,Func1 endAction,Task
1 promise,Boolean
requiresSynchronization)
---从抛出异常的上一个位置开始的堆栈跟踪结束--- at
System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()at
System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task
task)at
Microsoft.AspNetCore.Server.Kestrel。 Https.HttpsConnectionFilter.d__6.MoveNext()
info: HttpsConnectionFilter1 Failed to authenticate HTTPS connection. System.IO.IOException: Authentication failed because the remote party has closed the transport stream. at System.Net.Security.SslState.StartReadFrame(Byte[] buffer, Int32 readBytes, AsyncProtocolRequest asyncRequest) at System.Net.Security.SslState.PartialFrameCallback(AsyncProtocolRequest asyncRequest) --- End of stack trace from previous location where exception was thrown --- at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() at System.Net.Security.SslState.InternalEndProcessAuthentication(LazyAsyncResult lazyResult) at System.Net.Security.SslState.EndProcessAuthentication(IAsyncResult result) at System.Net.Security.SslStream.EndAuthenticateAsServer(IAsyncResult asyncResult) at System.Threading.Tasks.TaskFactory
1.FromAsyncCoreLogic(IAsyncResult iar, Func
2 endFunction, Action1 endAction, Task
1 promise, Boolean requiresSynchronization) --- End of stack trace from previous location where exception was thrown --- at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) at Microsoft.AspNetCore.Server.Kestrel.Https.HttpsConnectionFilter.d__6.MoveNext()
推荐答案
我遇到了同样的问题。经过几个小时检查所有可能的事情,甚至是一些不可能的事情,我设法将其追溯到错误生成的SSL证书。
I had the same problem. After many hours of checking everything possible and even some impossible stuff, I managed to trace it back to wrongly generated SSL certificate.
我根据本手册创建了我的:< a href =https://msdn.microsoft.com/en-us/library/ff699202.aspx =nofollow noreferrer>如何:创建自己的测试证书。
I was creating mine according to this manual: How to: Create Your Own Test Certificate.
使用此命令生成证书:
makecert -sv yourprivatekeyfile.pvk -n "cert name" yourcertfile.cer -r
其中如果 -r $省略了c $ c>,发生了描述错误。
where if -r
is omitted, described error occurs.
然后必须根据手册生成 pfx
。如果只使用 cer
, Kestrel
将无法成功启动。
Then pfx
must be generated according to the manual. If one uses just cer
, Kestrel
will not start successfully.
我通过生成新的SSL证书解决了这个问题。
I solved it by generating a new SSL certificate.
这篇关于从WebApi尝试GET时无法验证HTTPS连接的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!