.NET客户端连接到SSL的Web API [英] .NET client connecting to ssl Web API

问题描述

我有一个ASP.NET的Web API，我想使用SSL要使用的。目前，该服务器使用自签名的证书，并在这一刻HTTP和HTTPS是允许的。我有一个非常基本的测试客户端，它工作正常的HTTP，但HTTPS不起作用。我想知道如何修改下面，这样它会与https使用客户端code。目前IE，火狐和Chrome都可以连接到Web API使用HTTP和HTTPS（带证书警告），所以这让我相信，我不应该修改任​​何服务器上，只需在客户端code 。这里的客户端code：

I have a ASP.NET Web API which I'd like to use with ssl. Currently the server is using a self-signed cert, and at this moment both http and https are allowed. I have a very basic test client which works fine for http, but does not work for https. I'd like to know how to modify the client code below so that it will work with https. Currently IE, Firefox, and Chrome can all connect to the Web API using both http and https (with cert warnings), so this makes me believe that I should not have to modify anything on the server, just in the client code. Here's the client code:

static void Main(string[] args)
{
    try
    {
        if (args.Length != 1)
        {
            Console.WriteLine("Please provide a url, and only a url.");
            return;
        }

        var url = new Uri(args[0]);
        var urlAuthority = url.GetLeftPart(UriPartial.Authority);
        var urlPathQuery = args[0].Substring(urlAuthority.Length);
        HttpClient client = new HttpClient();
        client.BaseAddress = new Uri(urlAuthority);
        HttpResponseMessage response = client.GetAsync(urlPathQuery).Result;
        if (response.IsSuccessStatusCode)
            Console.WriteLine(response.Content.ReadAsAsync<string>().Result); // expecting scalar results only
        else
            Console.WriteLine("{0} ({1})", (int)response.StatusCode, response.ReasonPhrase);
    }
    catch (Exception ex)
    {
        Exception tempEx = ex;
        while (tempEx != null)
        {
            Console.WriteLine(tempEx.Message);
            tempEx = tempEx.InnerException;
        }
    }
}

当我与我的HTTP URL运行上面的code，它工作正常。当我更改URL为https以下错误打印：

When I run the above code with my http url, it works fine. When I change the url to https the following errors are printed:

One or more errors occurred.
An error occurred while sending the request.
The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel.
The remote certificate is invalid according to the validation procedure.

我有一个问题是，如果客户端必须手动发送公钥到服务器，这样它知道如何发送回一个加密的响应，或者如果这是自动发生在幕后？第二，现在看到的最后一个错误我想知道如果以后我也要做客户端内的别的东西忽略证书警告，只是相信这个证书是确定与继续？

One question I have is if the client must manually send a public key to the server so it knows how to send back an encrypted response, or if this happens automatically behind the scenes? And second, now after seeing the last error I'm wondering if I also have to do something else within the client to ignore cert warnings and just trust that this cert is OK to proceed with?

推荐答案

看一看的 C＃忽略证书错误 SO问题。我相信你可以使用ServicePointManager绕过证书验证添加证书验证处理程序。或许，这将是您的生产环境中使用签名的证书，虽然是个好主意。

Take a look at the C# Ignore certificate errors SO question. I believe you can add a certificate validation handler using ServicePointManager to circumvent certificate validation. It would probably be a good idea to use a signed certificate within your production environment though.

ServicePointManager
    .ServerCertificateValidationCallback += 
    (sender, cert, chain, sslPolicyErrors) => true;

这篇关于.NET客户端连接到SSL的Web API的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！