问题描述
我正在使用 ASP.NET Core.我有两个项目:
I am using ASP.NET Core. I have two projects:
- ASP.NET Core MVC 应用程序
- ASP.NET Core Web API 应用程序
如果我尝试使用 Postman 访问 Web API 端点之一,我没有任何问题;/api/values 端点按预期返回.(这是标准测试端点.)
If I attempt to access one of the Web API endpoints using Postman, I do not have any issues; the /api/values endpoint returns as expected. (This is the standard test endpoint.)
但是,如果我尝试使用 MVC 应用程序执行相同的操作,则会收到一个非常令人沮丧的错误:
If I attempt the same operation using the MVC application, however, I get a very frustrating error:
HttpsConnectionFilter[1]
Failed to authenticate HTTPS connection
我正在使用 Kestrel for ASP.NET Core 进行托管.
I am hosting using Kestrel for ASP.NET Core.
我有一个使用 PowerShell 创建的自签名 PFX 证书,这是引发异常的代码:
I have a self-signed PFX certificate I created using PowerShell, and this is the code throwing the exception:
var handler = new HttpClientHandler();
handler.ClientCertificateOptions = ClientCertificateOption.Manual;
handler.SslProtocols = SslProtocols.Tls12;
handler.ClientCertificates.Add(new X509Certificate2("localcert.pfx", "xxx"));
var client = new HttpClient(handler);
var content = await client.GetStringAsync("https://localhost:44301/api/values");
如果我要运行这个,我会得到同样的错误:
And I get the same error if I were to run this:
var client = new HttpClient();
var content = await client.GetStringAsync("https://localhost:44301/api/values");
我的 Kestrel 设置在我的 Program.cs 中是这样的:
My Kestrel setup is like so in my Program.cs:
var cert = new X509Certificate2("localcert.pfx", "xxx");
var host = new WebHostBuilder()
.UseKestrel(cfg => cfg.UseHttps(cert))
.UseUrls("https://localhost:44300")
.UseContentRoot(Directory.GetCurrentDirectory())
.UseIISIntegration()
.UseStartup<Startup>()
.Build();
host.Run();
我知道我为上面的 HttpClient 再次定义了证书,但我很绝望.
I know I defined the certificate again for the HttpClient above, but I am desperate.
谁能提供一些关于为什么会发生这种情况以及我可以如何修复它甚至调试它的见解?我目前正在逐步执行 KestrelHttpServer 代码,看看是否能提供一些见解.
Can anyone offer some insight as to why this is happening and how I can go about fixing it, or even debugging it? I am currently in the process of stepping through the KestrelHttpServer code to see if that will offer some insight.
这是我从 Kestrel 控制台窗口得到的完整错误:
This is the full error I get from the Kestrel console window:
信息:HttpsConnectionFilter1无法验证 HTTPS 连接.System.IO.IOException:身份验证失败,因为远程方已关闭传输流.在System.Net.Security.SslState.StartReadFrame(字节 [] 缓冲区,Int32readBytes,AsyncProtocolRequest asyncRequest)在System.Net.Security.SslState.PartialFrameCallback(AsyncProtocolRequest异步请求)--- 从先前抛出异常的位置结束堆栈跟踪 --- 在System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() 在System.Net.Security.SslState.InternalEndProcessAuthentication(LazyAsyncResult懒惰的结果)在System.Net.Security.SslState.EndProcessAuthentication(IAsyncResult结果)在System.Net.Security.SslStream.EndAuthenticateAsServer(IAsyncResultasyncResult) 在System.Threading.Tasks.TaskFactory1.FromAsyncCoreLogic(IAsyncResultiar, Func2 endFunction, Action1 endAction, Task1 promise, Boolean需要同步)--- 从先前抛出异常的位置结束堆栈跟踪 --- 在System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() 在System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(任务任务)在Microsoft.AspNetCore.Server.Kestrel.Https.HttpsConnectionFilter.d__6.MoveNext()
info: HttpsConnectionFilter1 Failed to authenticate HTTPS connection. System.IO.IOException: Authentication failed because the remote party has closed the transport stream. at System.Net.Security.SslState.StartReadFrame(Byte[] buffer, Int32 readBytes, AsyncProtocolRequest asyncRequest) at System.Net.Security.SslState.PartialFrameCallback(AsyncProtocolRequest asyncRequest) --- End of stack trace from previous location where exception was thrown --- at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() at System.Net.Security.SslState.InternalEndProcessAuthentication(LazyAsyncResult lazyResult) at System.Net.Security.SslState.EndProcessAuthentication(IAsyncResult result) at System.Net.Security.SslStream.EndAuthenticateAsServer(IAsyncResult asyncResult) at System.Threading.Tasks.TaskFactory
1.FromAsyncCoreLogic(IAsyncResult iar, Func2 endFunction, Action1 endAction, Task1 promise, Boolean requiresSynchronization) --- End of stack trace from previous location where exception was thrown --- at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) at Microsoft.AspNetCore.Server.Kestrel.Https.HttpsConnectionFilter.d__6.MoveNext()
推荐答案
我为这个问题找到的最直接的解决方案是删除证书并添加信任标志.
The most straight forward solution I found for this problem was to remove the cert and add it with the trust flag.
dotnet dev-certs https --clean
dotnet dev-certs https --trust
PS.我知道这已经过时了,但我只是将其留给可能会遇到此问题的人.
PS. I know this is old but I am just going to leave this here for someone that might stumble to this issue.
这篇关于尝试从 WebAPI 获取时无法验证 HTTPS 连接的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持编程学习网!