WCF in asp.net core 2.0 - Could not establish trust relationship for the SSL/TLS secure channel with authority

问题

Previously I had an application targeting framework 4.5.1 and used Web Reference to add a WCF service. This works perfectly and was able to authenticate successfully with the server.

old code:

ServicePointManager.Expect100Continue = false;
ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12;

IService orderService = new Service();

// private method to load certificate
var cert = LoadCertificate(@"....\00050._.1.p12", "pwd");

oIPGApiOrderService.ClientCertificates.Add(cert);

oIPGApiOrderService.Url = @"service_url";

NetworkCredential nc = new NetworkCredential("username", "pwd");
oIPGApiOrderService.Credentials = nc;

Now I'm upgrading to .net core 2.0 and is targeting .net standard 2.0. I've added the service is using service reference (connected service). The generated code has changed which used channel factory etc...

New code:

ServicePointManager.Expect100Continue = false;
ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12;

System.ServiceModel.BasicHttpBinding result = new System.ServiceModel.BasicHttpBinding();
result.MaxBufferSize = int.MaxValue;
result.ReaderQuotas = System.Xml.XmlDictionaryReaderQuotas.Max;
result.MaxReceivedMessageSize = int.MaxValue;
result.AllowCookies = true;
result.Security.Mode = System.ServiceModel.BasicHttpSecurityMode.Transport;

IService client = new Service(result, new EndpointAddress("service_url"));

client.ClientCredentials.ClientCertificate.Certificate = new X509Certificate2(@"....\00050._.1.p12", "pwd");

client.ClientCredentials.UserName.UserName = "username";
client.ClientCredentials.UserName.Password = "pwd";

But new code is not working although certificates loaded successfully. I'm getting an exception:

{System.ServiceModel.Security.SecurityNegotiationException: Could not establish trust relationship for the SSL/TLS secure channel with authority 'xxxxxxx-online.com'. ---> System.Net.Http.HttpRequestException: An error occurred while sending the request. ---> System.Net.Http.WinHttpException: A security error occurred

Any help from you guys will be really appreciated. Am I missing something?

回答1:

If you use untrust server certificate (selfsigned for instance) you should use this:

client.ClientCredentials.ServiceCertificate.SslCertificateAuthentication =
        new X509ServiceCertificateAuthentication()
        {
            CertificateValidationMode = X509CertificateValidationMode.None,
            RevocationMode = System.Security.Cryptography.X509Certificates.X509RevocationMode.NoCheck
        };

回答2:

try the following

BasicHttpBinding httpBindingbinding = new  BasicHttpBinding{MaxReceivedMessageSixe=999999};
httpBindingbinding.Security.Mode = BasicHttpSecurityMode.Transport;
httpBindingbinding.Security.Transport = new HttpTransportSecurity{ClientCredentialType=HttpClientCredentialType.Certificate};

above Http setting is equivalent to "System.serviceModel" xml generated in webconfig in .netframework when connecting to WCF

`  <bindings>  
<basicHttpBinding>  
 <binding name="myBindingConfiguration1" maxReceivedMessageSize="999999">
 <security mode="Transport">
<transport clientCredentialType ="Certificate"/>
 </security>
</basicHttpBinding> 
 </binding>`

来源：https://stackoverflow.com/questions/52908503/wcf-in-asp-net-core-2-0-could-not-establish-trust-relationship-for-the-ssl-tls