经过身份验证的推送通知随机失败(403禁止) [英] Authenticated push notifications failing randomly (403 forbidden)
问题描述
您好,我的问题是关于使用"Microsoft推送通知服务"的经过身份验证的推送通知。 (MPNS)
Hello, my question is regarding to authenticated push notifications using "Microsoft Push Notification Service" (MPNS)
我们已经采取了所有必要的步骤来通过客户端证书设置身份验证,并且它正在运行(有时候)。我们还在ASP.NET,Java和"curl"中测试通知。命令行客户端。出于测试目的
我将说明curl的情况(在所有其他平台/语言中表现完全相同)。只是为了澄清,我们的证书之前已正确上传到我们的开发帐户,Windows Phone应用程序使用证书的Common
名称(CN)来创建推送渠道。
We have taken all the necessary steps for setting the authentication via client certificate and it's working (well, sometimes). We're also testing the notifications in ASP.NET, Java and with the "curl" command line client. For testing purposes
I will illustrate the case of curl (which behaves exactly the same in all the other platforms/languages). Just to clarify, priorly our certificate has been uploaded to our Dev Account properly and the Windows Phone application uses the certificate's Common
Name (CN) in order to create the push channel.
curl --cert P:\cert.pem:PASSWORD -v -H" Content-Type:text / xml" -H"X-WindowsPhone-Target:至
ast" -H"X-NotificationClass:2" -X POST -d"<?xml version ='1.0'coding ='utf-8'?>< wp:Notification xmlns:wp ='WPNotification'>< wp:Toast>< wp: Text1>我的标题< / wp:Text1>< wp:Text2>我的副标题< / wp:Text2>< / wp:Toast>< / wp:Notification>"
https://am3.notify.live.net/unthrottledthirdparty/01.00/AQHIEijj_5zkToYJ2ajW7THtAgAAAAADAQAAA
AQUZm52OkFGMTkyNEQyQkY2RDY4NzIFBkVVTk8wMQ
curl --cert P:\cert.pem:PASSWORD -v -H "Content-Type:text/xml" -H "X-WindowsPhone-Target:To
ast" -H "X-NotificationClass:2" -X POST -d "<?xml version='1.0' encoding='utf-8'?><wp:Notification xmlns:wp='WPNotification'><wp:Toast><wp:Text1>My title</wp:Text1><wp:Text2>My subtitle</wp:Text2></wp:Toast></wp:Notification>"
https://am3.notify.live.net/unthrottledthirdparty/01.00/AQHIEijj_5zkToYJ2ajW7THtAgAAAAADAQAAA
AQUZm52OkFGMTkyNEQyQkY2RDY4NzIFBkVVTk8wMQ
通知正确传递,MPNS响应为如下:
The notification is correctly delivered and MPNS responds as follows:
HTTP / 1.1 200 OK
缓存控制:私有
服务器:Microsoft-IIS / 7.5
X-DeviceConnectionStatus:已连接
X-NotificationStatus:已收到
X-SubscriptionStatus:有效
X-MessageID:00000000 -0000-0000-0000-000000000000
ActivityId:da569bb0-9e91-435d-bdc4-713b149d7c9e
X服务器:AM3MPNSM039
X- AspNet版本:4.0.30319
$
X-Powered-By:ASP.NET
日期:星期四,2014年5月22日09:33:01 GMT
HTTP/1.1 200 OK
Cache-Control: private
Server: Microsoft-IIS/7.5
X-DeviceConnectionStatus: Connected
X-NotificationStatus: Received
X-SubscriptionStatus: Active
X-MessageID: 00000000-0000-0000-0000-000000000000
ActivityId: da569bb0-9e91-435d-bdc4-713b149d7c9e
X-Server: AM3MPNSM039
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Date: Thu, 22 May 2014 09:33:01 GMT
但事实证明,完全相同的命令具有不同的"推送URI"。从具有完全相同应用程序的其他设备导致服务器中的403 Forbidden。
But it turns out that the exact same command with a different "Push URI" from another device with the exact same application results in a 403 Forbidden from the server.
HTTP / 1.1 403禁止使用
服务器Microsoft-IIS / 8.0未列入黑名单
服务器:Microsoft-IIS / 8.0
日期:星期四,2014年5月22日09:38:38 GMT
HTTP/1.1 403 Forbidden
Server Microsoft-IIS/8.0 is not blacklisted
Server: Microsoft-IIS/8.0
Date: Thu, 22 May 2014 09:38:38 GMT
我们非常确定这不是我们的实施问题。如果有人可以使用我们提供的详细信息调试MPNS后端,我们将非常感激。以下是上述错误活动的完整日志:
We're quite sure that it's not an implementation problem of ours. We would be very grateful if someone could debug the MPNS backend with the details that we provide. Here are the full logs of the mentioned erroneous activity:
C:\ Users \ User> curl --cert P:\ cert.pem:PASSWORD -v -H" Content-Type:text / xml" -H"X-WindowsPhone-Target:至
ast" -H"X-NotificationClass:2" -X POST -d"<?xml version ='1.0'coding ='utf-8'
?>< wp:Notification xmlns:wp ='WPNotification'>< wp:Toast>< wp:Text1>我的标题< / wp:Te
xt1>< wp:Text2>我的副标题< / wp:Text2>< / wp:Toast>< / WP:通知>" https://am3.n
otify.live.net/unthrottledthirdparty/01.00/AQHIEijj_5zkToYJ2ajW7THtAgAAAAADAQAAA
AQUZm52OkFGMTkyNEQyQkY2RDY4NzIFBkVVTk8wMQ
*添加句柄:conn:0x1d587c8
*添加句柄:发送:0
*添加句柄:recv:0
* Curl_addHandleToPipeline:长度:1
* - Conn 0(0x1d587c8)send_pipe:1,recv_pipe:0
*关于connect()到am3.notify.live.net端口443(#0)
* 尝试134.170.65.250 ...
*连接到am3.notify.live.net(134.170.65.250)端口443(#0)
*成功设置证书验证位置:
$
* CAfile:C:\Program Files(x86)\ Git \bin\curl-ca-bundle.crt
CApath:无
* SSLv3,TLS握手,客户端问候(1):
* SSLv3,TLS握手,服务器问候(2):
* SSLv3,TLS握手,CERT(11):
* SSLv3,TLS握手,服务器完成(14):
* SSLv3,TLS握手,客户端密钥交换( 16):
* SSLv3,TLS更改密码,客户端问候(1):
* SSLv3,TLS握手,已完成(20):
* SSLv3,TLS更改密码,客户端问候(1):
* SSLv3,TLS握手,已完成(20):
*使用AES128-SHA进行SSL连接/>
*服务器证书:
* 主题:CN = * .push.live.net
* 开课日期:2013-07-25 17:54:35 GMT
* 到期日期:2015-07-25 17:54:35 GMT
* subjectAltName:am3.notify.live.net匹配
* 发行人:DC = com; DC =微软; DC = CORP; DC =雷德蒙; CN = MSIT机器验证
CA 2
* SSL证书验证确定。
> POST /unthrottledthirdparty/01.00/AQHIEijj_5zkToYJ2ajW7THtAgAAAAADAQAAAAQUZm52
$
OkFGMTkyNEQyQkY2RDY4NzIFBkVVTk8wMQ HTTP / 1.1
> User-Agent:curl / 7.30.0
>主持人:am3.notify.live.net
>接受:* / *
>内容类型:text / xml
> X-WindowsPhone-Target:Toast
> X-NotificationClass:2
>内容长度:181
>
*上传已完全发送:181个字节中的181个
* SSLv3,TLS握手,Hello请求(0):
* SSLv3,TLS握手,客户问候(1):
* SSLv3,TLS握手,服务器问候(2):
* SSLv3,TLS握手,CERT(11):
* SSLv3,TLS握手,请求CERT(13):
* SSLv3,TLS握手,服务器完成( 14):
* SSLv3,TLS握手,CERT(11):
* SSLv3,TLS握手,客户密钥交换(16):
* SSLv3,TLS握手,CERT验证(15):
* SSLv3,TLS更改密码,客户端问候(1):
* SSLv3,TLS握手,已完成( 20):
* SSLv3,TLS更改密码,客户端问候(1):
* SSLv3,TLS握手,已完成(20):
< HTTP / 1.1 200 OK
<缓存控制:私有
*服务器Microsoft-IIS / 7.5未列入黑名单
<服务器:Microsoft-IIS / 7.5
< X-DeviceConnectionStatus:已连接
< X-NotificationStatus:已收到¥b $ b< X-SubscriptionStatus:有效
< X-MessageID:00000000-0000-0000-0000-000000000000
< ActivityId:da569bb0-9e91-435d-bdc4-713b149d7c9e
< X-Server:AM3MPNSM039
< X-AspNet-Version:4.0.30319
< X-Powered-By:ASP.NET
<日期:星期四,2014年5月22日09:33:01 GMT
< Content-Length:0
$
< b
*连接#0主机am3.notify.live.net保持不变
C:\ Users \ User>
$
$
b $ b C:\ Users \ User> curl --cert P:\ cert.pem:PASSWORD -v -H" Content-Type:text / xml" -H"X-WindowsPhone-Target:至
ast" -H"X-NotificationClass:2" -X POST -d"<?xml version ='1.0'coding ='utf-8'
?>< wp:Notification xmlns:wp ='WPNotification'>< wp:Toast>< wp:Text1>我的标题< / wp:Te
xt1>< wp:Text2>我的副标题< / wp:Text2>< / wp:Toast>< / WP:通知>" HTTPS://s.not
ify.live.net/a/1/db3/HmQAAAAL6rnaG9gFXh9VeLX6wX9FEnc_qIp3VHoVds5bKspnSjcAD1yGQYS
a2Zrh-l4XQ6neDbaO1AKTH5e8Cu7xK7q0 / Ki5lbGV2ZW5wYXRocy5jb20 / z_WezOv9DUCOV9vM1QvcWA
/ YCNL3xsxS6bCPEBEmHGgfZS3NsA
*添加句柄:conn:0x678948
*添加句柄:发送:0
*添加句柄:recv:0
* Curl_addHandleToPipeline:length:1
* - Conn 0(0x678948)send_pipe:1,recv_pipe:0
*关于连接()到s .notify.live.net端口443(#0)
* 试用168.63.29.91 ...
*连接到s.notify.live.net(168.63.29.91)端口443(#0)
*成功设置证书验证位置:
$
* CAfile:C:\Program Files(x86)\ Git \bin\curl-ca-bundle.crt
CApath:无
* SSLv3,TLS握手,客户端问候(1):
* SSLv3,TLS握手,服务器问候(2):
* SSLv3,TLS握手,CERT(11):
* SSLv3,TLS握手,服务器完成(14):
* SSLv3,TLS握手,客户端密钥交换( 16):
* SSLv3,TLS更改密码,客户端问候(1):
* SSLv3,TLS握手,已完成(20):
* SSLv3,TLS更改密码,客户端问候(1):
* SSLv3,TLS握手,已完成(20):
*使用AES128-SHA进行SSL连接/>
*服务器证书:
* 主题:CN = * .push.live.net
* 开课日期:2013-07-25 17:54:35 GMT
* 到期日期:2015-07-25 17:54:35 GMT
* subjectAltName:s.notify.live.net匹配
* 发行人:DC = com; DC =微软; DC = CORP; DC =雷德蒙; CN = MSIT机器验证
CA 2
* SSL证书验证确定。
> POST /一个/ 1 / DB3 / HmQAAAAL6rnaG9gFXh9VeLX6wX9FEnc_qIp3VHoVds5bKspnSjcAD1yGQYSa2Zrh
-l4XQ6neDbaO1AKTH5e8Cu7xK7q0 / Ki5lbGV2ZW5wYXRocy5jb20 / z_WezOv9DUCOV9vM1QvcWA / YCNL
3xsxS6bCPEBEmHGgfZS3NsA HTTP / 1.1
个User-Agent:curl / 7.30.0
>主持人:s.notify.live.net
>接受:* / *
>内容类型:text / xml
> X-WindowsPhone-Target:Toast
> X-NotificationClass:2
>内容长度:181
>
*上传已完全发送:181个字节中的181个
* SSLv3,TLS握手,Hello请求(0):
* SSLv3,TLS握手,客户问候(1):
* SSLv3,TLS握手,服务器问候(2):
* SSLv3,TLS握手,CERT(11):
* SSLv3,TLS握手,请求CERT(13):
* SSLv3,TLS握手,服务器完成( 14):
* SSLv3,TLS握手,CERT(11):
* SSLv3,TLS握手,客户密钥交换(16):
* SSLv3,TLS握手,CERT验证(15):
* SSLv3,TLS更改密码,客户端问候(1):
* SSLv3,TLS握手,已完成( 20):
* SSLv3,TLS更改密码,客户端问候(1):
* SSLv3,TLS握手,已完成(20):
< HTTP / 1.1 403禁止
*服务器Microsoft-IIS / 8.0未列入黑名单
<服务器:Microsoft-IIS / 8.0
<日期:2014年5月22日星期四09:38:38 GMT
< Content-Length:0
$
< b
*连接#0到主机s.notify.live.net保持原样
C:\Users\User>curl --cert P:\cert.pem:PASSWORD -v -H "Content-Type:text/xml" -H "X-WindowsPhone-Target:To
ast" -H "X-NotificationClass:2" -X POST -d "<?xml version='1.0' encoding='utf-8'
?><wp:Notification xmlns:wp='WPNotification'><wp:Toast><wp:Text1>My title</wp:Te
xt1><wp:Text2>My subtitle</wp:Text2></wp:Toast></wp:Notification>" https://am3.n
otify.live.net/unthrottledthirdparty/01.00/AQHIEijj_5zkToYJ2ajW7THtAgAAAAADAQAAA
AQUZm52OkFGMTkyNEQyQkY2RDY4NzIFBkVVTk8wMQ
* Adding handle: conn: 0x1d587c8
* Adding handle: send: 0
* Adding handle: recv: 0
* Curl_addHandleToPipeline: length: 1
* - Conn 0 (0x1d587c8) send_pipe: 1, recv_pipe: 0
* About to connect() to am3.notify.live.net port 443 (#0)
* Trying 134.170.65.250...
* Connected to am3.notify.live.net (134.170.65.250) port 443 (#0)
* successfully set certificate verify locations:
* CAfile: C:\Program Files (x86)\Git\bin\curl-ca-bundle.crt
CApath: none
* SSLv3, TLS handshake, Client hello (1):
* SSLv3, TLS handshake, Server hello (2):
* SSLv3, TLS handshake, CERT (11):
* SSLv3, TLS handshake, Server finished (14):
* SSLv3, TLS handshake, Client key exchange (16):
* SSLv3, TLS change cipher, Client hello (1):
* SSLv3, TLS handshake, Finished (20):
* SSLv3, TLS change cipher, Client hello (1):
* SSLv3, TLS handshake, Finished (20):
* SSL connection using AES128-SHA
* Server certificate:
* subject: CN=*.push.live.net
* start date: 2013-07-25 17:54:35 GMT
* expire date: 2015-07-25 17:54:35 GMT
* subjectAltName: am3.notify.live.net matched
* issuer: DC=com; DC=microsoft; DC=corp; DC=redmond; CN=MSIT Machine Auth
CA 2
* SSL certificate verify ok.
> POST /unthrottledthirdparty/01.00/AQHIEijj_5zkToYJ2ajW7THtAgAAAAADAQAAAAQUZm52
OkFGMTkyNEQyQkY2RDY4NzIFBkVVTk8wMQ HTTP/1.1
> User-Agent: curl/7.30.0
> Host: am3.notify.live.net
> Accept: */*
> Content-Type:text/xml
> X-WindowsPhone-Target:Toast
> X-NotificationClass:2
> Content-Length: 181
>
* upload completely sent off: 181 out of 181 bytes
* SSLv3, TLS handshake, Hello request (0):
* SSLv3, TLS handshake, Client hello (1):
* SSLv3, TLS handshake, Server hello (2):
* SSLv3, TLS handshake, CERT (11):
* SSLv3, TLS handshake, Request CERT (13):
* SSLv3, TLS handshake, Server finished (14):
* SSLv3, TLS handshake, CERT (11):
* SSLv3, TLS handshake, Client key exchange (16):
* SSLv3, TLS handshake, CERT verify (15):
* SSLv3, TLS change cipher, Client hello (1):
* SSLv3, TLS handshake, Finished (20):
* SSLv3, TLS change cipher, Client hello (1):
* SSLv3, TLS handshake, Finished (20):
< HTTP/1.1 200 OK
< Cache-Control: private
* Server Microsoft-IIS/7.5 is not blacklisted
< Server: Microsoft-IIS/7.5
< X-DeviceConnectionStatus: Connected
< X-NotificationStatus: Received
< X-SubscriptionStatus: Active
< X-MessageID: 00000000-0000-0000-0000-000000000000
< ActivityId: da569bb0-9e91-435d-bdc4-713b149d7c9e
< X-Server: AM3MPNSM039
< X-AspNet-Version: 4.0.30319
< X-Powered-By: ASP.NET
< Date: Thu, 22 May 2014 09:33:01 GMT
< Content-Length: 0
<
* Connection #0 to host am3.notify.live.net left intact
C:\Users\User>
C:\Users\User>curl --cert P:\cert.pem:PASSWORD -v -H "Content-Type:text/xml" -H "X-WindowsPhone-Target:To
ast" -H "X-NotificationClass:2" -X POST -d "<?xml version='1.0' encoding='utf-8'
?><wp:Notification xmlns:wp='WPNotification'><wp:Toast><wp:Text1>My title</wp:Te
xt1><wp:Text2>My subtitle</wp:Text2></wp:Toast></wp:Notification>" https://s.not
ify.live.net/a/1/db3/HmQAAAAL6rnaG9gFXh9VeLX6wX9FEnc_qIp3VHoVds5bKspnSjcAD1yGQYS
a2Zrh-l4XQ6neDbaO1AKTH5e8Cu7xK7q0/Ki5lbGV2ZW5wYXRocy5jb20/z_WezOv9DUCOV9vM1QvcWA
/YCNL3xsxS6bCPEBEmHGgfZS3NsA
* Adding handle: conn: 0x678948
* Adding handle: send: 0
* Adding handle: recv: 0
* Curl_addHandleToPipeline: length: 1
* - Conn 0 (0x678948) send_pipe: 1, recv_pipe: 0
* About to connect() to s.notify.live.net port 443 (#0)
* Trying 168.63.29.91...
* Connected to s.notify.live.net (168.63.29.91) port 443 (#0)
* successfully set certificate verify locations:
* CAfile: C:\Program Files (x86)\Git\bin\curl-ca-bundle.crt
CApath: none
* SSLv3, TLS handshake, Client hello (1):
* SSLv3, TLS handshake, Server hello (2):
* SSLv3, TLS handshake, CERT (11):
* SSLv3, TLS handshake, Server finished (14):
* SSLv3, TLS handshake, Client key exchange (16):
* SSLv3, TLS change cipher, Client hello (1):
* SSLv3, TLS handshake, Finished (20):
* SSLv3, TLS change cipher, Client hello (1):
* SSLv3, TLS handshake, Finished (20):
* SSL connection using AES128-SHA
* Server certificate:
* subject: CN=*.push.live.net
* start date: 2013-07-25 17:54:35 GMT
* expire date: 2015-07-25 17:54:35 GMT
* subjectAltName: s.notify.live.net matched
* issuer: DC=com; DC=microsoft; DC=corp; DC=redmond; CN=MSIT Machine Auth
CA 2
* SSL certificate verify ok.
> POST /a/1/db3/HmQAAAAL6rnaG9gFXh9VeLX6wX9FEnc_qIp3VHoVds5bKspnSjcAD1yGQYSa2Zrh
-l4XQ6neDbaO1AKTH5e8Cu7xK7q0/Ki5lbGV2ZW5wYXRocy5jb20/z_WezOv9DUCOV9vM1QvcWA/YCNL
3xsxS6bCPEBEmHGgfZS3NsA HTTP/1.1
> User-Agent: curl/7.30.0
> Host: s.notify.live.net
> Accept: */*
> Content-Type:text/xml
> X-WindowsPhone-Target:Toast
> X-NotificationClass:2
> Content-Length: 181
>
* upload completely sent off: 181 out of 181 bytes
* SSLv3, TLS handshake, Hello request (0):
* SSLv3, TLS handshake, Client hello (1):
* SSLv3, TLS handshake, Server hello (2):
* SSLv3, TLS handshake, CERT (11):
* SSLv3, TLS handshake, Request CERT (13):
* SSLv3, TLS handshake, Server finished (14):
* SSLv3, TLS handshake, CERT (11):
* SSLv3, TLS handshake, Client key exchange (16):
* SSLv3, TLS handshake, CERT verify (15):
* SSLv3, TLS change cipher, Client hello (1):
* SSLv3, TLS handshake, Finished (20):
* SSLv3, TLS change cipher, Client hello (1):
* SSLv3, TLS handshake, Finished (20):
< HTTP/1.1 403 Forbidden
* Server Microsoft-IIS/8.0 is not blacklisted
< Server: Microsoft-IIS/8.0
< Date: Thu, 22 May 2014 09:38:38 GMT
< Content-Length: 0
<
* Connection #0 to host s.notify.live.net left intact
提前谢谢
推荐答案
该IIS 8服务器似乎存在问题给你403(注意另一个标题是说IIS 7.5。
It appears to be an issue with that IIS 8 server that is giving you the 403 (note the other header says IIS 7.5.
你需要创建一个支持事件来进一步调查。 从你的开发人员仪表板打开一个技术支持事件并确保包括您的地区等......
You would need to create a support incident to look into this further. From your Developer Dashboard open a Technical Support incident and be sure to include your region etc...
这篇关于经过身份验证的推送通知随机失败(403禁止)的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
