c# - 带有 SSL 证书的 .Net Core 连接服务

Question

我正在尝试向使用 SSL 证书进行通信的 Web 服务端点发出请求。我花了几个小时在谷歌上搜索一个例子，但到目前为止还没有找到什么。

我确实通过直接导航到 wsdl 和 xsd 文件，手动保存它们并将 WCF Web 服务引用提供程序指向基于 this 的包含目录，设法将连接的服务连接到脚手架。解决方案。我还尝试使用 winhttpcertcfg.exe 安装证书，但无法获得成功打开 channel 以直接从 WSDL 生成客户端的工具。

现在我已经生成了客户端，但我不知道如何正确添加证书。这是我目前的代码

 // Get the certificate
                var testCert = new X509Certificate2(System.IO.File.ReadAllBytes("C://SecureCert.PFX"), "##########");

                //Create instance of SOAP client
                HostedCollectionPaymentService.OnlineService_v2_2Client soapClient = new OnlineService_v2_2Client(new BasicHttpsBinding(BasicHttpsSecurityMode.Transport), new EndpointAddress("https://secure.service.endpoint.com/2.2/"));

                // Add the certificate to the client
                soapClient.ClientCredentials.ClientCertificate.Certificate = testCert;

                using (new OperationContextScope(soapClient.InnerChannel))
                {
                    try
                    {
                        var result = await soapClient.startOnlineCollectionAsync(new StartOnlineCollectionRequest
                        {
                            app_id = "12344",
                            tracking_id = "fdsa43531",
                            transaction_amount = 5.00m,
                            transaction_type = TransactionType.Sale
                        });

                        Console.WriteLine(result.startOnlineCollectionResponse.token);
                    }
                    catch (Exception ex)
                    {
                        var f = ex;
                        throw;
                    }
                }

当我尝试连接时，我收到响应“消息 =“无法为具有权限“secure.service.endpoint.com”的 SSL/TLS 安全通道建立信任关系。

我已验证证书有效并且我能够使用 SoapUI 工具集连接到该服务。

我假设我缺少配置或错误地附加了 SSL 证书。如果有人可以提供建议或向我指出适当的文档，我将不胜感激。

Answer 1

想通了。我需要这个额外的配置行。

binding.Security.Transport.ClientCredentialType = HttpClientCredentialType.Certificate;

这是一个示例，供那些询问它包含在何处的人使用。在我的例子中，它用于支付网关服务。

// Get the cert
var myCertificate = await GetMyCertificate(); //X509Cert

// Create a new binding to specify certificate security
var binding = new BasicHttpsBinding()
{
    Name = "basic_ssl_cert"
};

// Specify the credential type
binding.Security.Transport.ClientCredentialType = HttpClientCredentialType.Certificate;


//Create instance of SOAP client
QaPaymentService.PaymentOnlineService_v2_Client soapClient = new QaPaymentService.PaymentOnlineService_v2_Client(binding, new EndpointAddress(onlinePaymentServiceEndpoint));

// Add the certificate to the client
soapClient.ClientCredentials.ClientCertificate.Certificate = myCertificate;


using (new OperationContextScope(soapClient.InnerChannel))
{
    try
    {
        var result = soapClient.completeOnlineCollectionAsync(new QaPaymentService.CompleteOnlineCollectionRequest
        {
            app_id = appId,
            token = token           
        }).GetAwaiter().GetResult();

        return (result.completeOnlineCollectionResponse.tracking_id);
    }
    catch (FaultException<QaPaymentService.PaymentServiceFault> ex)
    {
        // Extract the actuall error from the service fault
        throw new myServiceException(ex.Detail.return_detail, ex)
        {
            ErrorDetail = ex.Detail.return_detail,
            ErrorCode = ex.Detail.return_code
        };                       
    }
    catch (Exception ex)
    {
        logger.LogError($"Error completing transaction from QA my service: {ex.Message}", ex);
        throw ex;
    }
}