两次调用WebService将导致403 Forbidden异常 [英] Call WebService twice will result in a 403 Forbidden exception

问题描述

大家好

我想通过WCF(2waySSL)使用Apache WebService.第一次呼叫运行没有问题.然后，第二呼叫导致通信异常"403禁止".

I want to consume an Apache WebService over WCF (2waySSL). The first call runs without a problem. Then the second call result in a communication exception "403 Forbidden".

这是我的代码:

ParcelServicePortTypeClient.CacheSetting = CacheSetting.AlwaysOff;
ParcelServicePortTypeClient client = new ParcelServicePortTypeClient();

// turn off KeepAlive
var customBinding = new CustomBinding(client.Endpoint.Binding);
var transportElement = customBinding.Elements.Find<HttpTransportBindingElement>();
transportElement.KeepAliveEnabled = false;
client.Endpoint.Binding = customBinding;
try
{
var getParcelIndexType = new GetParcelIndexType();
//... prepare request
client.Open();
var response = client.GetParcelIndex(getParcelIndexType);
client.Close();
}
catch (CommunicationException ex)
{
client.Abort();
}
catch (TimeoutException ex)
{
client.Abort();
}
catch (Exception exp)
{
client.Abort();
}

这是app.config:

This is the app.config:

    <?xml version="1.0" encoding="utf-8" ?>
    <configuration>
        <system.serviceModel>
            <behaviors>
                <endpointBehaviors>
                    <behavior name="ClientCredentialsBehavior">
                       <clientCredentials>
                            <clientCertificate findValue="4573381d56666103962fb3cc64db8786af2b2cb2"
                                storeLocation="LocalMachine" storeName="My" x509FindType="FindByThumbprint" />
                        </clientCredentials>
                    </behavior>
                </endpointBehaviors>
            </behaviors>
            <bindings>
                <basicHttpBinding>
                    <binding name="Servicename WebserviceSoap" closeTimeout="00:50:00" openTimeout="10:50:00"
                        receiveTimeout="10:50:00" sendTimeout="20:50:00" allowCookies="true"
                        bypassProxyOnLocal="false" hostNameComparisonMode="StrongWildcard"
                        maxBufferSize="2147483647" maxReceivedMessageSize="2147483647" maxBufferPoolSize="524288"
                        messageEncoding="Text" textEncoding="utf-8" transferMode="Buffered"
                        useDefaultWebProxy="true">
          <readerQuotas maxDepth="2147483647" maxStringContentLength="2147483647"
                            maxArrayLength="2147483647" maxBytesPerRead="2147483647" maxNameTableCharCount="2147483647" />
                        <security mode="Transport">
                            <transport clientCredentialType="Certificate" proxyCredentialType="None" realm="" />
                            <message clientCredentialType="Certificate" algorithmSuite="Default" />
                        </security>
                    </binding>
                </basicHttpBinding>  
            </bindings>
            <client>
                <endpoint address="https://test.Servicename.ch/GbixService/"
                    behaviorConfiguration="ClientCredentialsBehavior" binding="basicHttpBinding"
                    bindingConfiguration="Servicename WebserviceSoap" contract="ServicenameWs.ParcelServicePortType"
                    name="Servicename WebserviceSoap">
                </endpoint>
            </client> 
        </system.serviceModel>
    </configuration>

在跟踪文件中，我可以看到以下有趣的行:

In the trace file I can see following interesting rows:

          [3036] Decrypt hat SEC_I_RENEGOTIATE zurückgegeben
          ...
          First call to service
          [0896] AcquireCredentialsHandle(package = Microsoft Unified Security Protocol Provider, intent  = Outbound, scc     = System.Net.SecureCredential)
          ...
          Second call to Service
          [3036] Using the cached credential handle.
          ...
          On the end I get this error
          [3036] Ausnahme in HttpWebRequest#35214224::GetResponse - Der Remoteserver hat einen Fehler zurückgegeben: (403) Forbidden..

当我使用Fiddler检查呼叫时，我可以看到第二个请求具有会话ID

When I inspect the call with Fiddler I can see that the second request has a session id

          Version: 3.1 (TLS/1.0)
          Random: 53 2B 0C 22 C8 7C 57 41 CC 6B A2 D3 F8 CE 0C 46 7E 71 9F EF AE 4D CD 2B AB 81 19 E2 8F A6 C6 C9
          SessionID: 77 B8 18 29 36 A0 DD 40 0A 04 C5 2F BF 35 CF 5E 18 A6 30 4B 67 DE BC 74 8A 28 36 9E 7F 50 ED 7E
          Extensions: 
              renegotiation_info 00
              server_name test.Servicename.ch
              elliptic_curves secp256r1 [0x17], secp384r1 [0x18]
              ec_point_formats uncompressed [0x0]
              SessionTicket empty

当我将KeepAlive属性设置为true时，问题发生在20次调用之后(最大)或超时之后.如果我重新启动应用程序，它将重新从头开始...

When I set the KeepAlive property to true then the problem occurs after 20 calls (max) or after the timeout. If I restart my application, it starts again from the beginning...

我认为缓存会话存在问题，该会话未正确关闭并且在服务器上不再有效.但是我找不到会话被缓存的位置.如何打开一个全新的会话?

I think I have a problem with a cached session which is not properly closed and no longer valid on the server. But I can't find the place in which the session is cached. How can I open a completely new session?

感谢您的帮助...
马丁

Thanks for you help...
Martin

推荐答案

我发现当我设置"ClientCacheTime"时，在"HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SecurityProviders \ SCHANNEL"下的注册表中；在该时间之后会话将关闭，并且第二个呼叫现在可以正常运行.

->但是如何设置此"ClientCacheTime"?在C#(代码/配置)中?

这篇关于两次调用WebService将导致403 Forbidden异常的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！