是否实现通过SSL使用WebServices的C#客户端? [英] Implement a C# Client that uses WebServices over SSL?

问题描述

因此，我在C#控制台应用程序中添加了ServiceReference，该应用程序调用从Oracle公开的Web服务.

So I've got a ServiceReference added to a C# Console Application which calls a Web Service that is exposed from Oracle.

我已经进行了所有设置，并且在不使用SSL(http)时，它的工作方式类似于桃子.我现在尝试使用SSL进行设置，并且在将其添加到服务引用(甚至Web引用)时遇到了问题.例如，当我尝试将服务添加到Visual Studio时，该服务所公开的URL(https)没有返回适当的Web方法.

I've got everything setup and it works like peaches when it's not using SSL (http). I'm trying to set it up using SSL now, and I'm running into issues with adding it to the Service References (or even Web References). For example, the URL (https) that the service is being exposed on, isn't returning the appropriate web methods when I try to add it into Visual Studio.

基础连接已关闭:发送中发生意外错误. 从传输流接收到意外的EOF或0个字节. 元数据包含无法解析的引用:' https://srs204.mywebsite.ca:7776/SomeDirectory/MyWebService?WSDL '

The underlying connection was closed: An unexpected error occurred on a send. Received an unexpected EOF or 0 bytes from the transport stream. Metadata contains a reference that cannot be resolved: 'https://srs204.mywebsite.ca:7776/SomeDirectory/MyWebService?WSDL'

我遇到的另一个难题是关于证书管理和部署.我大约有1000个外部客户端站点，这些站点将需要使用此小实用程序，并且它们将需要在适当的证书存储区中安装证书才能连接到Web服务.不确定采用最佳方法来处理此问题.他们需要在根存储中吗?

Another quandary I've got is in regards to certificate management and deployment. I've got about 1000 external client sites that will need to use this little utility and they'll need the certificate installed in the appropriate cert store in order to connect to the Web Service. Not sure on the best approach to handling this. Do they need to be in the root store?

我已经在网上花了好几个小时来寻找各种选项，但是在任何地方都找不到一个好的答案.

I've spent quite a few hours on the web looking over various options but can't get a good clean answer anywhere.

总而言之，我在这里有几个问题:

To summarize, I've got a couple of questions here:

1)有人在使用SSL的Visual Studio中设置Web服务方面有一些很好的链接吗?

1) Anybody have some good links on setting up Web Services in Visual Studio that use SSL?

2)我应该如何注册证书?它应该在哪家商店中?我可以只使用CertMgr之类的东西进行注册吗?

2) How should I register the certificate? Which store should it exist in? Can I just use something like CertMgr to register it?

无论是什么，都有一本好书/教程/将向我展示在设置此类内容方面的常见良好做法.我似乎找不到了！

There's gotta be a good book/tutorial/whatever that will show me common good practices on setting something like this up. I just can't seem to find it!

推荐答案

好，我已经弄清楚了.我花的时间远远超过我在乎谈论的时间，但是我想分享我的解决方案，因为这是我看到的一个巨大的标准. 哦，我修好了！谢谢！"帖子让每个人都挂在实际发生的事情上.

Well, I've figured this out. It took me far longer than I care to talk about, but I wanted to share my solution since it's a HUGE pet peeve of mine to see the standard. "Oh I fixed it! Thanks!" posts that leave everyone hanging on what actually happened.

所以

根本问题是，默认情况下，Visual Studio 2008使用TLS进行SSL握手，而我尝试连接的基于Oracle/Java的Web服务则使用SSL3.

The root problem was that by default Visual Studio 2008 uses TLS for the SSL handshake and the Oracle/Java based Webservice that I was trying to connect to was using SSL3.

在Visual Studio 2008中使用添加服务引用..."时，您具有

When you use the "Add Service Reference..." in Visual Studio 2008, you have no way to specify that the security protocol for the service point manager should be SSL3.

除非.

您获取一个静态WSDL文档，并使用wsdl.exe生成代理类.

You take a static WSDL document and use wsdl.exe to generate a proxy class.

wsdl /l:CS /protocol:SOAP /namespace:MyNamespace MyWebService.wsdl

然后，您可以使用 C Sharp编译器将该代理类转换为库(.dll)，并将其添加到您的.Net项目参考"中.

Then you can use the C Sharp Compiler to turn that proxy class into a library (.dll) and add it to your .Net projects "References".

csc /t:library /r:System.Web.Services.dll /r:System.Xml.dll MyWebService.cs

这时，您还需要确保在参考"中也包含了System.Web.Services.

At this point you also need to make sure that you've included System.Web.Services in your "References" as well.

现在，您应该可以在代码中没有问题的情况下调用Web服务了.要使其有效，您将需要在实例化服务之前添加一行神奇的代码.

Now you should be able to call your web service without an issue in the code. To make it work you're going to need one magic line of code added before you instantiate the service.

// We're using SSL here and not TLS. Without this line, nothing workie.
ServicePointManager.SecurityProtocol = SecurityProtocolType.Ssl3;

好的，所以我对自己的印象非常深刻，因为在我的开发箱上进行的测试非常棒.然后，我部署到另一个客户端盒，由于权限/权限问题，它无法再次连接.对我来说，这闻起来像证书(无论它们闻起来如何).要解决此问题，我使用certmgr.exe 来将站点的证书注册到本地计算机上的受信任的根".

Okay, so I was feeling pretty impressed with myself as testing was great on my dev box. Then I deployed to another client box and it wouldn't connect again due to a permissions/authority issue. This smelled like certificates to me (whatever they smell like). To resolve this, I used certmgr.exe to register the certificate for the site to the Trusted Root on the Local Machine.

certmgr -add -c "c:\someDir\yourCert.cer" -s -r localMachine root

这使我可以将证书分发到我们的客户站点并为用户自动安装它.对于这样的自动证书注册，我仍然不确定不同版本的Windows将如何安全友好"，但到目前为止效果很好.

This allows me to distribute the certificate to our client sites and install it automatically for the users. I'm still not sure on how "security friendly" the different versions of windows will be in regards to automated certificate registrations like this one, but it's worked great so far.

希望此答案对某些人有所帮助.还要感谢blowdart在这方面的所有帮助，并提供一些见识.

Hope this answer helps some folks. Thanks to blowdart too for all of your help on this one and providing some insight.

这篇关于是否实现通过SSL使用WebServices的C#客户端?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！