security - .NET 4.0 client certificate validation error -

-

I have the following code 

  on factory = new ChannelFactory & LT; InewsClient & gt; (); Factory Credential Client Certificate Certificate = GetCertificate (); Factory Endpoint Address = new endpoint ("https://blabla.com/myservice/"); Var Binding = New Basic HTBiding (Basic HTPCEERMD.transport); Binding. Security. Transportation Client Credential Type = HTTP Client Credential Type certificate; Factory.indpoint Binding = bond; Var channel = factory. Cutlet (); Channel.GetNews ();   
 It works in .NET 3.5, but not in .NET4.0. Bizarre huh? The certificate I'm using is not valid on the local machine (no series). In 3.5, the validity of the client certificate is irrelevant to SSL installation, but when migrating to 4.0, the certificate is valid before using it for SSL (I can see the errors in the CAPI2 event log). Resulting in an ugly SecurityNegotiationException ...  
 Stack trace:  
 System.ServiceModel.Security.SecurityNegotiationException: Safe with rights' pep.uat.dialectpayments SSL / TLS The channel could not be installed .com '. --- & gt; System.Net.WebException: The request was canceled: SSL / TLS secure channel can not be made System.ServiceModel.Channels.HttpChannelFactory.HttpRequestChannel.HttpChannelRequest.WaitForReply timed System.Net.HttpWebRequest.GetResponse () (TimeSpan on ) --- at the inner exception stack trace --- end server stack trace: at System.ServiceModel.Channels.RequestChannel.Request on System.ServiceModel.Channels (message, Taimspen timeout). System Processor Module Channel. HttpChannelFactory.HttpRequestChannel.HttpChannelRequest.WaitForReply (Taimspen timeout) .HttpChannelUtilities.ProcessGetResponseWebException (WebException webException, HttpWebRequest request, HttpAbortReason abortReason) finished System.ServiceModel.Dispatcher.RequestChannelBinder.Request (message, time TimeSpan on) System.ServiceModel.Channels .ServiceChannel.Call on (String Action, Boolean Oneway, ProxyOperationRuntime Operation, Object [] These, [] Exclusions, TimeSpan Timeout Object System). ServiceModel.Channel. ServiceCranel Proxy Invoksewa (Aimut column message Vidhicol, Proksiopreshnrentimenn operation) restore .ServiceModel.Channels.ServiceChannelProxy.Invoke (IMessage message) exception [0] on the system: the system. time. Remoting. Proxies Real Proxy Handle on ReutersNews Message System (IMs ReConz, IMess's RatMG) From time to time. Approval. Proxies Real Proxy Private Invok (in MessageData & amp; msgData, Int32 type) at ConsoleApplication2kProgramkINewsClientkGet () on ConsoleApplication2.Program.Main (String [] args) D: \ Dev \ ConsoleApplication2 \ Program.cs: line 44  
 In our security architecture, certs are valid against a LDAP directory on the server, so there is no need to know the whole range of the client.  
 The question is, how can I disable this new behavior?   
 
 
 OK, I will provide my own answer here ...  
 In essence: It seems that you can not use a non-permanent CSP with .NET 4 for X509. To wit. . (Ie non-consecutive)  
  var certificate = new X509Certificate2 (: its CSP a KeyContainerName it must be to work  
 I GetCertificate (was the) method @ "C: \ public.cer"); Var rsa = RSA.Create (); Rsa.FromXmlString ("& lt; RSakeyValue & gt; ...... & lt; / RSakeyValue & gt;"); certificate. Privatized = RSA; Return certificate;   
 Changing it takes my sample work to 3.5 and 4.0: (Setting KeyContainerName will create a physical entry in your crypto folders)  
  var Certificate = new X509Certificate2 (@ "C: \ public.cer"); CSPParameters parameter = new CSPParameters {KeyContainerName = "KeyContainer"}; Var RSA = New RSACRPPS service provider (parameter); Rsa.FromXmlString ("& lt; RSakeyValue & gt; ...... & lt; / RSakeyValue & gt;"); certificate. Privatized = RSA; Return certificate; For simplicity, I was trying to export the private key in .pfx file, but could not use the first approach in .NET 4.0, but could use .NET 3.5. Somwhow, private key is not exportable in .NET 4.0. It helped me fix it.  
 However, it would be good to know what has changed between 3.5 and 4.0.

Comments

Post a Comment

Popular posts from this blog

mysql - BLOB/TEXT column 'value' used in key specification without a key length -

-
I have developed an extension which works up to 1.6 on Magren (I'm trying Enterprise Edition, And I think the community is the same problem, because it is the same code). In my install script, I see the $ installer-> gt; CreateEntityTables ($ this- & gt; getTable ('alphanum / info')); The installation is done until it is not in the _text unit table. It crashed there! It turns out that when I log in to SQL and run it via PHPmyadmin, then this error is: Blob / Text column 'value' is used without the key 'key' . I saw the code there, and this is what is trying to create an index on the value column: -> addIndex ($ this- & gt; getIdxName ($ eavTableName, array ( 'attribute_id array (' attribute_id ',' value ')) - & gt; addIndex ($ this- & gt; getIdxName ($ eavTableName, array (' entity_type_id ' , 'Value')), array ('entity_type_id', 'value')) If there is no if statement is n...
Read more

c# - Using Vici cool Storage with monodroid -

-
Oh, for the moment I am not sure how it is officially supported, but for the success of the people Using Monodroid Vic Cool Storage I am able to leave and compile assemblies in my project, but while trying to use some classes, the errors of time have to be gathered. Especially when trying to connect like the example for Mono Touch string dbName = path. Cobain (environment. Gatefolder path (environment specialfolder personal), "mydb.db3"); // The following line will be called coolestation, where is the database, // to make it if it does not exist, and call a delegate that creates the necessary tables (only when the database file was newly created //) CSConfig.SetDB (DbName, true, () => {CSDatabase.ExecuteNonQuery ("Subscriber Integer Primary Key Attribute, Name Text (50) No, Number, Date First Text (30)");); There is no difference when I try to use the methods of CSConfig and when I cscfif If I try to pass 3 aggregates to STDB (3) then I get the invalid ...
Read more

python - referencing a variable in another function? -

-
I am an experienced TCL developer and write my own processes to help myself. I call it a proc i callVar, print out the value of the variable in a certain format, so I know that it is variable and what is the value "set foo 1; putVar foo" result 'foo = "1" I want to do the same thing in Python, but I can not find the answer :( In TCL I use the up command because when I pass the name of the variable, then I can see the value at the top. . I understand that an advanced light in the dragon There is no mechanism of r, but with its introspection capability, I would think that this is something trivial, but I am not getting the answer anywhere. It seems that this should work: and expanded: def foo (): y = "Hello World" printwor ("y") foo () y = "Hello World " You can, but you should not do so if your code is correct If is needed , then there is something wrong with your design, and you should probably use the dictionar...
Read more