问题
I have uploaded a client certificate to Azure and are trying to make a post to a api method with this certificate. My code works when I am debugging on my local computer but it fails when I run it on Azure as a App Service.
System.Net.Http.HttpRequestException: An error occurred while sending the request. ---> System.Net.Http.WinHttpException: A security error occurred at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task) at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) at System.Runtime.CompilerServices.ConfiguredTaskAwaitable
1.ConfiguredTaskAwaiter.GetResult() at System.Net.Http.WinHttpHandler.<StartRequest>d__105.MoveNext() --- End of inner exception stack trace --- at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task) at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) at System.Runtime.CompilerServices.ConfiguredTaskAwaitable1.ConfiguredTaskAwaiter.GetResult() at System.Net.Http.HttpClient.d__58.MoveNext() --- End of stack trace from previous location where exception was thrown --- at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task) at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) at System.Runtime.CompilerServices.TaskAwaiter.ValidateEnd(Task task) at Bandytabeller.Controllers.swishController.d__3.MoveNext() in D:\ASP-hemsidor\NetCoreApplications\Bandytabeller\Bandytabeller\Api\swishController.cs:line 102
[HttpGet("{id}")]
public async Task pay(string id = "", string amount = "")
{
// Get the user agent
string userAgent = Request.Headers["User-Agent"].ToString();
// Create the payment request
SwishPaymentRequest post = new SwishPaymentRequest();
post.payeePaymentReference = id.ToString();
post.callbackUrl = "https://www.quiz-walk.se/";
post.payeeAlias = "1231181189";
post.amount = amount;
post.currency = "SEK";
post.message = "Faktura " + id.ToString();
// Create the http content
HttpContent data = new StringContent(JsonConvert.SerializeObject(post), Encoding.UTF8, "application/json");
// Create variables
X509Store certStore = null;
HttpClientHandler handler = null;
HttpClient client = null;
string token = "";
try
{
// Create a request handler
handler = new HttpClientHandler();
handler.ClientCertificateOptions = ClientCertificateOption.Manual;
handler.SslProtocols = SslProtocols.Tls12 | SslProtocols.Tls11 | SslProtocols.Tls;
handler.AutomaticDecompression = DecompressionMethods.Deflate | DecompressionMethods.GZip;
// Open certificate from certificate store
certStore = new X509Store(StoreName.My, StoreLocation.CurrentUser);
certStore.Open(OpenFlags.OpenExistingOnly | OpenFlags.ReadOnly);
X509Certificate2Collection certCollection = certStore.Certificates.Find(X509FindType.FindByThumbprint, "800CDE7BC219D53812FC164DFF0FE73DF8A8D7B6", false);
if (certCollection.Count > 0)
{
handler.ClientCertificates.Add(certCollection[0]);
}
// Disable ssl validation
handler.ServerCertificateCustomValidationCallback += (message, xcert, chain, errors) => true;
//handler.ClientCertificates.Add(cert);
// Create the http client
client = new HttpClient(handler, false);
// Post the payment request
//Task task = Task.Run(() => client.PostAsync("https://mss.swicpc.bankgirot.se/swish-cpcapi/api/v1/paymentrequests/", data));
HttpResponseMessage task = await client.PostAsync("https://mss.swicpc.bankgirot.se/swish-cpcapi/api/v1/paymentrequests/", data);
// Wait for the task to finish
//task.Wait();
// Make sure that the response is successful
if (task.StatusCode == System.Net.HttpStatusCode.Created)
{
// Get all header values
IEnumerable headers = task.Headers.GetValues("PaymentRequestToken");
// Get the token
foreach (string value in headers)
{
token += value;
}
}
}
catch (Exception ex)
{
token += ex.ToString();
logger.LogWarning(ex.ToString());
}
finally
{
// Dispose of the handler and the client
if(certStore != null)
{
certStore.Dispose();
}
if (handler != null)
{
handler.Dispose();
}
if (client != null)
{
client.Dispose();
}
}
// Create the url
string url = "http://www.bokforingstips.se";
if (userAgent.Contains("Windows Phone") == true)
{
url = "swish://paymentrequest?token=" + token;
}
else if (userAgent.Contains("iPhone") == true || userAgent.Contains("iPad") == true)
{
url = "swish://paymentrequest?token=" + token;
}
else if (userAgent.Contains("Android") == true)
{
url = "intent://paymentrequest?token=" + token + "/#Intent;scheme=swish;package=se.bankgirot.swish;end;";
}
else
{
return Content(handler.ClientCertificates[0].Issuer + " " + token);
}
// Redirect the user to url
return Redirect(url);
} // End of the pay method
I am testing the Swish API and I use ServerCertificateCustomValidationCallback to do my on validation. I works on my local computer but not on Azure. The certificate is loaded, the error occurs on the PostAsync call.
Asp.Net Core 1.1.1
Tested with .Net Framework 4.6.2 on Azure. It does not work, have enabled system.net tracing.
`System.Net Information: 0 : [12712] SecureChannel#3644764 - Certificate is of type X509Certificate2 and contains the private key.
System.Net Information: 0 : [12712] AcquireCredentialsHandle(package = Microsoft Unified Security Protocol Provider, intent = Outbound, scc = System.Net.SecureCredential)
System.Net Information: 0 : [12712] InitializeSecurityContext(credential = System.Net.SafeFreeCredential_SECURITY, context = 6801dc65d0:db724b14d0, targetName = mss.swicpc.bankgirot.se, inFlags = ReplayDetect, SequenceDetect, Confidentiality, AllocateMemory, InitManualCredValidation)
System.Net Information: 0 : [12712] InitializeSecurityContext(In-Buffers count=2, Out-Buffer length=1638, returned code=ContinueNeeded).
System.Net.Sockets Verbose: 0 : [12712] Socket#66404974::BeginSend()
System.Net.Sockets Verbose: 0 : [23872] Data from Socket#66404974::PostCompletion
System.Net.Sockets Verbose: 0 : [23872] (printing 1024 out of 1638)
System.Net.Sockets Verbose: 0 : [12712] Exiting Socket#66404974::BeginSend() -> OverlappedAsyncResult#29753716
System.Net.Sockets Verbose: 0 : [23872] 00000000 : 16 03 03 06 2E 0B 00 04-9C 00 04 99 00 04 96 30 : ...............0
System.Net.Sockets Verbose: 0 : [23872] 00000010 : 82 04 92 30 82 02 7A A0-03 02 01 02 02 08 1B 46 : ...0..z........F
System.Net.Sockets Verbose: 0 : [23872] 00000020 : F2 54 AE 99 F3 1C 30 0D-06 09 2A 86 48 86 F7 0D : .T....0...*.H...
System.Net.Sockets Verbose: 0 : [23872] 00000030 : 01 01 0B 05 00 30 73 31-0B 30 09 06 03 55 04 06 : .....0s1.0...U..
System.Net.Sockets Verbose: 0 : [23872] 00000040 : 13 02 53 45 31 1D 30 1B-06 03 55 04 0A 0C 14 54 : ..SE1.0...U....T
System.Net.Sockets Verbose: 0 : [23872] 00000050 : 65 73 74 62 61 6E 6B 20-32 20 41 42 20 28 70 75 : estbank 2 AB (pu
System.Net.Sockets Verbose: 0 : [23872] 00000060 : 62 6C 29 31 11 30 0F 06-03 55 04 05 13 08 54 45 : bl)1.0...U....TE
System.Net.Sockets Verbose: 0 : [23872] 00000070 : 53 54 53 45 54 32 31 32-30 30 06 03 55 04 03 0C : STSET21200..U...
System.Net.Sockets Verbose: 0 : [23872] 00000080 : 29 54 65 73 74 62 61 6E-6B 20 32 20 43 75 73 74 : )Testbank 2 Cust
System.Net.Sockets Verbose: 0 : [23872] 00000090 : 6F 6D 65 72 20 43 41 31-20 76 31 20 66 6F 72 20 : omer CA1 v1 for
System.Net.Sockets Verbose: 0 : [23872] 000000A0 : 53 77 69 73 68 20 54 65-73 74 30 1E 17 0D 31 35 : Swish Test0...15
System.Net.Sockets Verbose: 0 : [23872] 000000B0 : 31 30 32 36 32 33 30 30-30 30 5A 17 0D 31 37 31 : 1026230000Z..171
System.Net.Sockets Verbose: 0 : [23872] 000000C0 : 30 32 36 32 31 35 39 35-39 5A 30 37 31 0B 30 09 : 026215959Z071.0.
System.Net.Sockets Verbose: 0 : [23872] 000000D0 : 06 03 55 04 06 13 02 53-45 31 13 30 11 06 03 55 : ..U....SE1.0...U
System.Net.Sockets Verbose: 0 : [23872] 000000E0 : 04 0A 0C 0A 35 35 36 39-31 33 37 33 38 32 31 13 : ....55691373821.
System.Net.Sockets Verbose: 0 : [23872] 000000F0 : 30 11 06 03 55 04 03 0C-0A 31 32 33 31 31 38 31 : 0...U....1231181
System.Net.Sockets Verbose: 0 : [23872] 00000100 : 31 38 39 30 82 01 22 30-0D 06 09 2A 86 48 86 F7 : 1890.."0...*.H..
System.Net.Sockets Verbose: 0 : [23872] 00000110 : 0D 01 01 01 05 00 03 82-01 0F 00 30 82 01 0A 02 : ...........0....
System.Net.Sockets Verbose: 0 : [23872] 00000120 : 82 01 01 00 BC CF F1 F1-62 AB 84 50 EC 91 13 A9 : ........b..P....
System.Net.Sockets Verbose: 0 : [23872] 00000130 : 6B FE 20 78 32 01 54 E9-84 8F FD 4C 77 61 EB B5 : k. x2.T....Lwa..
System.Net.Sockets Verbose: 0 : [23872] 00000140 : 1F 86 66 E8 C9 17 35 37-DB F3 7B 07 72 AA 80 D5 : ..f...57..{.r...
System.Net.Sockets Verbose: 0 : [23872] 00000150 : 79 C5 AB AD C7 92 E0 55-4C 03 3C ED D7 49 4E D6 : y......UL.Mj.0{N.....
System.Net.Sockets Verbose: 0 : [23872] 00000220 : 9E 39 36 3F 02 03 01 00-01 A3 66 30 64 30 12 06 : .96?......f0d0..
System.Net.Sockets Verbose: 0 : [23872] 00000230 : 03 55 1D 20 04 0B 30 09-30 07 06 05 2A 03 04 05 : .U. ..0.0...*...
System.Net.Sockets Verbose: 0 : [23872] 00000240 : 01 30 0E 06 03 55 1D 0F-01 01 FF 04 04 03 02 07 : .0...U..........
System.Net.Sockets Verbose: 0 : [23872] 00000250 : 80 30 1D 06 03 55 1D 0E-04 16 04 14 60 78 11 F2 : .0...U......`x..
System.Net.Sockets Verbose: 0 : [23872] 00000260 : 80 61 20 15 74 29 36 9E-F8 96 1E 7D 33 6C 7F F8 : .a .t)6....}3l..
System.Net.Sockets Verbose: 0 : [23872] 00000270 : 30 1F 06 03 55 1D 23 04-18 30 16 80 14 26 CD F1 : 0...U.#..0...&..
System.Net.Sockets Verbose: 0 : [23872] 00000280 : 34 AD 9D 0F 17 DC 90 6D-AE B2 BB DF BE A0 0C F5 : 4......m........
System.Net.Sockets Verbose: 0 : [23872] 00000290 : 40 30 0D 06 09 2A 86 48-86 F7 0D 01 01 0B 05 00 : @0...*.H........
System.Net.Sockets Verbose: 0 : [23872] 000002A0 : 03 82 02 01 00 16 18 A4-67 4E 78 3C B7 1F 91 F5 : ........gNx|....
System.Net.Sockets Verbose: 0 : [23872] 000002D0 : F1 DD 3E DE 05 F1 7A FC-5A D1 E4 78 33 80 8C 84 : ..>...z.Z..x3...
System.Net.Sockets Verbose: 0 : [23872] 000002E0 : EF 68 FD 90 13 E7 77 35-B9 8E B4 3C 0F 2C DE 55 : .h....w5...uM..V..F...
System.Net.Sockets Verbose: 0 : [23872] 00000370 : DE DB 8D 63 2A 46 C2 3E-31 1E 01 DA B1 57 EE FD : ...c*F.>1....W..
System.Net.Sockets Verbose: 0 : [23872] 00000380 : A6 0C A1 09 8F 03 41 2D-4D 77 19 A9 61 22 50 01 : ......A-Mw..a"P.
System.Net.Sockets Verbose: 0 : [23872] 00000390 : F9 72 46 A7 42 20 03 16-91 F4 37 00 78 73 5D 8E : .rF.B ....7.xs].
System.Net.Sockets Verbose: 0 : [23872] 000003A0 : 05 21 01 FB C7 5D D4 AD-39 41 F4 3C 07 BC 9C 03 : .!...]..9A. Int32#1638
System.Net.Sockets Verbose: 0 : [23872] Socket#66404974::BeginReceive()
System.Net.Sockets Verbose: 0 : [12712] Data from Socket#66404974::PostCompletion
System.Net.Sockets Verbose: 0 : [12712] 00000000 : 15 03 03 00 02 : .....
System.Net.Sockets Verbose: 0 : [12712] Socket#66404974::EndReceive(OverlappedAsyncResult#64760428)
System.Net.Sockets Verbose: 0 : [12712] Exiting Socket#66404974::EndReceive() -> Int32#5
System.Net.Sockets Verbose: 0 : [23872] Exiting Socket#66404974::BeginReceive() -> OverlappedAsyncResult#64760428
System.Net.Sockets Verbose: 0 : [23872] Socket#66404974::BeginReceive()
System.Net.Sockets Verbose: 0 : [12712] Data from Socket#66404974::PostCompletion
System.Net.Sockets Verbose: 0 : [12712] 00000000 : 02 28 : .(
System.Net.Sockets Verbose: 0 : [12712] Socket#66404974::EndReceive(OverlappedAsyncResult#27335310)
System.Net.Sockets Verbose: 0 : [12712] Exiting Socket#66404974::EndReceive() -> Int32#2
System.Net.Sockets Verbose: 0 : [23872] Exiting Socket#66404974::BeginReceive() -> OverlappedAsyncResult#27335310
System.Net Information: 0 : [23872] InitializeSecurityContext(credential = System.Net.SafeFreeCredential_SECURITY, context = 6801dc65d0:db724b14d0, targetName = mss.swicpc.bankgirot.se, inFlags = ReplayDetect, SequenceDetect, Confidentiality, AllocateMemory, InitManualCredValidation)
System.Net Information: 0 : [23872] InitializeSecurityContext(In-Buffers count=2, Out-Buffer length=0, returned code=IllegalMessage).
System.Net.Sockets Verbose: 0 : [23872] Socket#66404974::Dispose()
System.Net Error: 0 : [23872] Exception in HttpWebRequest#15120020:: - The request was aborted: Could not create SSL/TLS secure channel..
System.Net Verbose: 0 : [23872] HttpWebRequest#15120020::EndGetRequestStream()
System.Net Error: 0 : [23872] Exception in HttpWebRequest#15120020::EndGetRequestStream - The request was aborted: Could not create SSL/TLS secure channel..`
回答1:
The ServerCertificateCustomValidationCallback is never called and I guess that Azure don´t allow this callback. The root certificate must be trusted.
来源:https://stackoverflow.com/questions/43844088/security-error-post-with-client-certificate-self-signed-root-on-azure-asp-ne