我有一个web服务功能,我已经使用了很多年。今天他们给我发了一个新证书,一个.cer文件,我插入了它而不是旧的,但我收到了这个错误:(谷歌翻译,抱歉(
MessageSecurityException
Failed to complete identity check for outgoing message.
The expected DNS identity of the remote endpoint was 'pddasl-coll.rmmg.rsr.rupar.puglia.it'
but the remote endpoint provided a DNS claim 'pdd-virtasl.rmmg.rsr.rupar.puglia.it'.
If this is a legitimate remote endpoint, you can fix the problem by specifying
explicitly the DNS identity 'pdd-virtasl.rmmg.rsr.rupar.puglia.it'
as the Identity property of EndpointAddress when creating the channel proxy.
我问了网络服务的所有者,他们告诉我必须确保忽略这个错误,但我不知道怎么做。我试图在app.config中插入:enableUnsecuredRespons="真";但没有奏效。
这是连接到web服务的方法:
public static CVPClient Connect()
{
CVPClient oConsist = null;
string cEndPoint = "https://pddasl-coll.rmmg.rsr.rupar.puglia.it:8181/aslba/CVPService";
ServicePointManager.ServerCertificateValidationCallback = Leo.CertificateHandler;
datiOperatore DataOp = Leo.OperatorData();//unimportant parameters
datiApplicativo DataApp = Leo.AppData();//unimportant parameters
var b = new CustomBinding();
var sec = new AsymmetricSecurityBindingElement(
new X509SecurityTokenParameters(X509KeyIdentifierClauseType.Any, SecurityTokenInclusionMode.Never),
new X509SecurityTokenParameters(X509KeyIdentifierClauseType.Any, SecurityTokenInclusionMode.AlwaysToRecipient));
sec.MessageSecurityVersion = MessageSecurityVersion.WSSecurity10WSTrust13WSSecureConversation13WSSecurityPolicy12BasicSecurityProfile10;
sec.SecurityHeaderLayout = SecurityHeaderLayout.Strict;
sec.IncludeTimestamp = true;
sec.SetKeyDerivation(false);
sec.KeyEntropyMode = System.ServiceModel.Security.SecurityKeyEntropyMode.ServerEntropy;
sec.EnableUnsecuredResponse = true;
b.Elements.Add(sec);
b.Elements.Add(new TextMessageEncodingBindingElement(MessageVersion.Soap11, Encoding.UTF8));
b.Elements.Add(new HttpsTransportBindingElement());
EndpointAddress ea = new EndpointAddress(cEndPoint);
oConsist = new CVPClient(b, ea);
X509Certificate2 certSigned = Leo.GetSignedCert();//this returns my private certificate, not the one they replaced me
string cPin = "123456";
System.Security.SecureString SecurePIN = new System.Security.SecureString();
foreach (char ch in cPin)
{ SecurePIN.AppendChar(ch); }
var rsa = (RSACryptoServiceProvider)certSigned.PrivateKey;
string ContinerName = rsa.CspKeyContainerInfo.KeyContainerName;
string CspName = rsa.CspKeyContainerInfo.ProviderName;
int CspType = rsa.CspKeyContainerInfo.ProviderType;
CspParameters csp = new CspParameters(CspType, CspName, ContinerName, new System.Security.AccessControl.CryptoKeySecurity(), SecurePIN);
RSACryptoServiceProvider CSP = new RSACryptoServiceProvider(csp);
X509Certificate2 certUnsigned = Leo.GetUnSignedCertificate();//Here I read the new certificate
oConsist.ClientCredentials.ClientCertificate.Certificate = certSigned;
oConsist.ClientCredentials.ServiceCertificate.DefaultCertificate = certUnsigned;
oConsist.Open();
return oConsist;
}
您也可以在这里看到,我插入了秒。EnableUnsecuredRespons=true;连接是成功的,但正如我之前所说,当我调用web服务时,我会收到错误。我该如何解决这个问题?
更新:由于错误告诉我显式分配DNS标识"pdd-virtasl.rmmg.rsr.rupar.puglia.it"作为EndpointAddress的Identity属性,我替换了以下行:
EndpointAddress ea = new EndpointAddress(cEndPoint);
这个:
DnsEndpointIdentity identity = new DnsEndpointIdentity(cEndPoint);
EndpointAddress ea = new EndpointAddress(new Uri(cEndPoint), identity, new AddressHeaderCollection());
但它不起作用,我得到了相同的错误
正确的解决方案是:
DnsEndpointIdentity identity = new DnsEndpointIdentity("pdd-virtasl.rmmg.rsr.rupar.puglia.it");
EndpointAddress ea = new EndpointAddress(new Uri(cEndPoint), identity, new AddressHeaderCollection());
您必须使用web服务端点,但必须在标识中指定证书中包含的内插件。