对 SSPI 的调用失败,请参阅内部异常 - 无法联系本地安全机构
A call to SSPI failed, see inner exception - The Local Security Authority cannot be contacted
我有一个 WPF 应用程序,它使用 SSLStream 连接到服务器和 send/receive 一些消息。我的代码主要基于此示例 (SslTcpClient):https://msdn.microsoft.com/en-us/library/system.net.security.sslstream(v=vs.110).aspx.
几个月来效果很好。但是,在获得此 windows 更新后(Windows 10 版本 1511 和 Windows Server 2016 技术预览版 4 的累积更新:2016 年 6 月 14 日 - https://support.microsoft.com/en-us/kb/3163018)。我的应用程序开始报告此异常:
System.Security.Authentication.AuthenticationException: A call to SSPI failed, see inner exception. ---> System.ComponentModel.Win32Exception: The Local Security Authority cannot be contacted
--- End of inner exception stack trace ---
at System.Net.Security.SslState.StartSendAuthResetSignal(ProtocolToken message, AsyncProtocolRequest asyncRequest, Exception exception)
at System.Net.Security.SslState.CheckCompletionBeforeNextReceive(ProtocolToken message, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.ProcessReceivedBlob(Byte[] buffer, Int32 count, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.StartReadFrame(Byte[] buffer, Int32 readBytes, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.StartReceiveBlob(Byte[] buffer, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.CheckCompletionBeforeNextReceive(ProtocolToken message, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.ForceAuthentication(Boolean receiveFirst, Byte[] buffer, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.ProcessAuthentication(LazyAsyncResult lazyResult)
at System.Net.Security.SslStream.AuthenticateAsClient(String targetHost, X509CertificateCollection clientCertificates, SslProtocols enabledSslProtocols, Boolean checkCertificateRevocation)
at MyAPP.Core.Services.Network.Impl.SslTcpClient.ClientSideHandshake()
at MyAPP.Core.Services.Network.Impl.SslTcpClient.Connect()
at MyAPP.Core.Services.Impl.MessageService.SendMessage(String message)
我能做什么?
这是解决方案,在注册表中设置:
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\KeyExchangeAlgorithms\Diffie-Hellman]
"ClientMinKeyBitLength"=dword:00000200
如前所述here
这意味着对方正在使用另一个版本的 TLS 而你使用的是旧版本。
在建立连接之前将安全属性设置为 TLS12。
这是一个广为人知的问题,因为许多提供商开始使用 TLS12(例如 paypal、amazon 等)。
ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12;
如果您使用的是 SslStream,则需要在 AuthenticateAsClient 调用中明确设置 TLS 版本,例如:
ssl.AuthenticateAsClient(url, null, SslProtocols.Tls12, false);
尝试将 servicePrincipalName 添加到您的客户端 App.config 文件
<client>
<endpoint ............................
<identity>
<servicePrincipalName/>
</identity>
</endpoint>
</client>
我在使用 C# 使用 Oracle.ManagedDataAccess.dll、
连接到 Oracle 数据库时遇到了这个异常
"Oracle.ManagedDataAccess.Client.OracleException (0x80004005): Oracle Cannot connect to Server or cannot parse connection string ---> OracleInternal.Network.NetworkException (0x80004005): Oracle : Oracle Cannot connect to Server or cannot parse connection string ---> System.Security.Authentication.AuthenticationException: A call to SSPI failed, see inner exception. ---> System.ComponentModel.Win32Exception: No credentials are available in the security package\r\n --- End of inner exception stack trace ---\r\n at System.Net.Security.NegoState.StartSendAuthResetSignal(LazyAsyncResult lazyResult, Byte[] message, Exception exception)\r\n at System.Net.Security.NegoState.StartSendBlob(Byte[] message, LazyAsyncResult lazyResult)\r\n at ............
经过很长时间的查找和尝试,终于我发现 有效,添加 settings 部分并在 app.config 中设置 name="SQLNET.AUTHENTICATION_SERVICES" value="":
<oracle.manageddataaccess.client>
<version number="*">
<dataSources>
<dataSource alias="SampleDataSource" descriptor="(DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)(HOST=localhost)(PORT=1521))(CONNECT_DATA=(SERVICE_NAME=ORCL))) "/>
</dataSources>
<settings>
<setting name="SQLNET.AUTHENTICATION_SERVICES" value=""/>
</settings>
</version>
</oracle.manageddataaccess.client>
参考上面回答中的link,你可以更进一步,设置:
SQLNET.AUTHENTICATION_SERVICES= ()
在 sqlnet.ora 的 Oracle Client 文件夹中也可以。
我有一个 WPF 应用程序,它使用 SSLStream 连接到服务器和 send/receive 一些消息。我的代码主要基于此示例 (SslTcpClient):https://msdn.microsoft.com/en-us/library/system.net.security.sslstream(v=vs.110).aspx.
几个月来效果很好。但是,在获得此 windows 更新后(Windows 10 版本 1511 和 Windows Server 2016 技术预览版 4 的累积更新:2016 年 6 月 14 日 - https://support.microsoft.com/en-us/kb/3163018)。我的应用程序开始报告此异常:
System.Security.Authentication.AuthenticationException: A call to SSPI failed, see inner exception. ---> System.ComponentModel.Win32Exception: The Local Security Authority cannot be contacted
--- End of inner exception stack trace ---
at System.Net.Security.SslState.StartSendAuthResetSignal(ProtocolToken message, AsyncProtocolRequest asyncRequest, Exception exception)
at System.Net.Security.SslState.CheckCompletionBeforeNextReceive(ProtocolToken message, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.ProcessReceivedBlob(Byte[] buffer, Int32 count, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.StartReadFrame(Byte[] buffer, Int32 readBytes, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.StartReceiveBlob(Byte[] buffer, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.CheckCompletionBeforeNextReceive(ProtocolToken message, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.ForceAuthentication(Boolean receiveFirst, Byte[] buffer, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.ProcessAuthentication(LazyAsyncResult lazyResult)
at System.Net.Security.SslStream.AuthenticateAsClient(String targetHost, X509CertificateCollection clientCertificates, SslProtocols enabledSslProtocols, Boolean checkCertificateRevocation)
at MyAPP.Core.Services.Network.Impl.SslTcpClient.ClientSideHandshake()
at MyAPP.Core.Services.Network.Impl.SslTcpClient.Connect()
at MyAPP.Core.Services.Impl.MessageService.SendMessage(String message)
我能做什么?
这是解决方案,在注册表中设置:
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\KeyExchangeAlgorithms\Diffie-Hellman]
"ClientMinKeyBitLength"=dword:00000200
如前所述here
这意味着对方正在使用另一个版本的 TLS 而你使用的是旧版本。
在建立连接之前将安全属性设置为 TLS12。
这是一个广为人知的问题,因为许多提供商开始使用 TLS12(例如 paypal、amazon 等)。
ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12;
如果您使用的是 SslStream,则需要在 AuthenticateAsClient 调用中明确设置 TLS 版本,例如:
ssl.AuthenticateAsClient(url, null, SslProtocols.Tls12, false);
尝试将 servicePrincipalName 添加到您的客户端 App.config 文件
<client>
<endpoint ............................
<identity>
<servicePrincipalName/>
</identity>
</endpoint>
</client>
我在使用 C# 使用 Oracle.ManagedDataAccess.dll、
Oracle 数据库时遇到了这个异常
"Oracle.ManagedDataAccess.Client.OracleException (0x80004005): Oracle Cannot connect to Server or cannot parse connection string ---> OracleInternal.Network.NetworkException (0x80004005): Oracle : Oracle Cannot connect to Server or cannot parse connection string ---> System.Security.Authentication.AuthenticationException: A call to SSPI failed, see inner exception. ---> System.ComponentModel.Win32Exception: No credentials are available in the security package\r\n --- End of inner exception stack trace ---\r\n at System.Net.Security.NegoState.StartSendAuthResetSignal(LazyAsyncResult lazyResult, Byte[] message, Exception exception)\r\n at System.Net.Security.NegoState.StartSendBlob(Byte[] message, LazyAsyncResult lazyResult)\r\n at ............
经过很长时间的查找和尝试,终于我发现 settings 部分并在 app.config 中设置 name="SQLNET.AUTHENTICATION_SERVICES" value="":
<oracle.manageddataaccess.client>
<version number="*">
<dataSources>
<dataSource alias="SampleDataSource" descriptor="(DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)(HOST=localhost)(PORT=1521))(CONNECT_DATA=(SERVICE_NAME=ORCL))) "/>
</dataSources>
<settings>
<setting name="SQLNET.AUTHENTICATION_SERVICES" value=""/>
</settings>
</version>
</oracle.manageddataaccess.client>
参考上面回答中的link,你可以更进一步,设置:
SQLNET.AUTHENTICATION_SERVICES= ()
在 sqlnet.ora 的 Oracle Client 文件夹中也可以。