1. 技术文章
  2. A call to SSPI failed, see inner exception when running the call a second time?

A call to SSPI failed, see inner exception when running the call a second time?

五迷三道 提交于 2021-02-18 17:10:30

问题


I have the following code : 

public GetUserDataResponse GetUserDataFromService(X509Certificate2 certificate)
{
    ChannelFactory<MyApp4SITHSService.IMyApp4SITHSServiceContract> factory = new ChannelFactory<MyApp4SITHSService.IMyApp4SITHSServiceContract>("NetTcpBinding_IMyApp4SITHSServiceContract_Certificate");
    MyApp4SITHSService.IMyApp4SITHSServiceContract service;
    GetUserDataResponse response;

    factory.Credentials.ClientCertificate.Certificate = certificate;
    //factory.Credentials.UserName.UserName = "me";
    //factory.Credentials.UserName.Password = "password";

    service = factory.CreateChannel();

    LogHandler.WriteLine("Connecting to service");
    response = service.GetUserData(new GetUserDataRequest());
    LogHandler.WriteLine("Data received");

    factory.Abort();
    return response;
}

The first time I run this it workes just great, the second time I get the following exception on service.GetUserData :

A first chance exception of type 'System.ServiceModel.Security.SecurityNegotiationException' occurred in mscorlib.dll

A call to SSPI failed, see inner exception.

The Local Security Authority cannot be contacted

Im using the following configurations : 

<system.serviceModel>
  <behaviors>
    <endpointBehaviors>
      <behavior name="CertificateEndpointBehavior">
        <clientCredentials>
          <!--<clientCertificate findValue="MyAppClient" x509FindType="FindBySubjectName" storeLocation="CurrentUser" storeName="TrustedPeople"/>-->
          <!--<clientCertificate findValue="MyAppClient" x509FindType="FindBySubjectName" storeLocation="LocalMachine" storeName="My"/>-->
          <serviceCertificate>
            <authentication certificateValidationMode="ChainTrust" revocationMode="NoCheck"/>
          </serviceCertificate>
        </clientCredentials>
      </behavior>
    </endpointBehaviors>
  </behaviors>
    <bindings>
        <netTcpBinding>
            <binding name="netTcpCertificate" closeTimeout="00:01:00" openTimeout="00:01:00"
                receiveTimeout="Infinite" sendTimeout="01:00:00" transactionFlow="false"
                transferMode="Buffered" transactionProtocol="OleTransactions"
                hostNameComparisonMode="StrongWildcard" listenBacklog="1000"
                maxBufferPoolSize="2147483647" maxBufferSize="2147483647"
                maxConnections="200" maxReceivedMessageSize="2147483647">
                <readerQuotas maxDepth="2147483647" maxStringContentLength="2147483647"
                    maxArrayLength="2147483647" maxBytesPerRead="2147483647" maxNameTableCharCount="2147483647" />
                <reliableSession ordered="true" inactivityTimeout="Infinite"
                    enabled="false" />
                <security mode="Transport">
                    <transport clientCredentialType="Certificate" />
                    <message clientCredentialType="Certificate" />
                </security>
            </binding>
        </netTcpBinding>
    </bindings>
    <client>
        <endpoint address="net.tcp://localhost:8135/MyApp4SITHSService/Client/sll"
            behaviorConfiguration="CertificateEndpointBehavior" binding="netTcpBinding"
            bindingConfiguration="netTcpCertificate" contract="MyApp4SITHSService.IMyApp4SITHSServiceContract"
            name="NetTcpBinding_IMyApp4SITHSServiceContract_Certificate">
            <identity>
                <dns value="MyAppServer" />
            </identity>
        </endpoint>
    </client>
</system.serviceModel>

Any idea why I get this problem and how to solve it?


回答1:


The server does not have permissions to contact the local machine certificate store to validate the trust of the passed in certificate




回答2:


The reason is that the certificate may not be validated as trusted, here is some links, try to see if anything is off. also post your entire error stack. link one link two

code example 

  <endpointBehaviors>

    <behavior name="ClientCertificateBehavior">

      <clientCredentials>

        <clientCertificate findValue="www.testclient.eu"

              storeLocation="CurrentUser" storeName="My"                              x509FindType="FindBySubjectName" />

        <serviceCertificate>

          <authentication

              trustedStoreLocation="CurrentUser"

              certificateValidationMode="PeerTrust"/>



          <defaultCertificate

             findValue='www.testsvc.eu'

             storeLocation='CurrentUser'

             storeName='My'

             x509FindType='FindBySubjectName' />

        </serviceCertificate>



      </clientCredentials>

    </behavior>

  </endpointBehaviors>

</behaviors>



回答3:


Please check the "identity" element in web.config or App.config file. If the "identity" element present then comment or delete it. Your problem will be solve.



来源:https://stackoverflow.com/questions/21336378/a-call-to-sspi-failed-see-inner-exception-when-running-the-call-a-second-time

标签
c#
.net
wcf
ssl
certificate
易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!