无法使用证书通过 Windows 10 1809 中的 com-interop 登录网站
Unable to use a certificate to login to a website via com-interop in Windows 10 1809
下面的C#代码,登录网站,
- 从 Excel 2010 VBA 通过 com-interop 在计算机 A 上调用时工作
- 在计算机 B 上从 C# 控制台应用程序调用时工作,但是
- 从 Excel 2010 VBA 通过 com-interop 在计算机 B 上调用时失败
电脑A和电脑B的主要区别是电脑A有windows10版本1803,而电脑B有windows10版本1809。两台电脑都有Studio 2017,一共在目标 .Net Framework 为 4.6.2 的情况下。
using System;
using System.Runtime.InteropServices;
using System.IO;
[Guid("97E1D9DB-8478-4E56-9D6D-26D8EF13B100")]
[ComVisible(true)]
public interface IToExcel {
string Do();
}
[Guid("BBF87E31-77E2-46B6-8093-1689A144BFC6")]
[ClassInterface(ClassInterfaceType.None)]
[ComVisible(true)]
public class Main : IToExcel {
private const string XAPP_ID = "...";
private const string USERNAME = "...";
private const string PASSWORD = "...";
private const string CERT_FILE = @"...";
private const string CERT_PASSWORD = "...";
private const string WEBSITE = "https:// ...";
public string Do() {
System.Net.HttpWebRequest request = (System.Net.HttpWebRequest)System.Net.WebRequest.Create(new Uri(WEBSITE));
request.AutomaticDecompression = System.Net.DecompressionMethods.GZip | System.Net.DecompressionMethods.Deflate;
request.Method = "POST";
request.Accept = "application/json";
request.Timeout = request.ReadWriteTimeout = 20000;
request.ContentType = "application/x-www-form-urlencoded";
request.UseDefaultCredentials = true;
request.Proxy = null;
// setup headers
System.Net.WebHeaderCollection whc = new System.Net.WebHeaderCollection {
{ "X-Application", XAPP_ID },
{ System.Net.HttpRequestHeader.AcceptCharset, "utf-8" },
{ System.Net.HttpRequestHeader.AcceptEncoding, "gzip,deflate" }
};
request.Headers.Add(whc);
// setup certificate
System.Security.Cryptography.X509Certificates.X509Certificate2 m_x509certificate = new System.Security.Cryptography.X509Certificates.X509Certificate2(CERT_FILE, CERT_PASSWORD);
request.ClientCertificates.Add(m_x509certificate);
// do call
using (Stream stream = request.GetRequestStream()) {
using (StreamWriter writer = new StreamWriter(stream, System.Text.Encoding.Default)) {
writer.Write("username=" + USERNAME + "&password=" + PASSWORD);
}
}
string responseData = string.Empty;
using (System.Net.WebResponse response = request.GetResponse()) {
using (Stream responseStream = response.GetResponseStream()) {
using (StreamReader reader = new StreamReader(responseStream, System.Text.Encoding.UTF8)) {
responseData = reader.ReadToEnd();
}
}
}
return responseData;
}
}
在所有情况下都会返回一个 JSON 对象,其中 JSON 对象有一个名为 "loginStatus" 的字段。当它工作时,"loginStatus"="SUCCESS",但当它失败时"loginStatus"="CERT_AUTH_REQUIRED"。
我尝试查看 System.Net.ServicePointManager 中的所有设置,但在所有情况下设置都是相同的:
- 重用端口:错误
- ServerCertificateValidationCallback:
- DnsRefreshTimeout: 120000
- EnableDnsRoundRobin: 假
- Expect100Continue: True
- 使用 Nagle 算法:正确
- MaxServicePointIdleTime: 100000
- 默认连接限制:2
- 最大服务点:0
- 安全协议:Tls、Tls11、Tls12
- CheckCertificateRevocationList:错误
- 加密策略:需要加密
除此之外,我不知道还要检查什么。从.Net 4.6.2升级到4.7.1没有效果,结果一样。
我想知道这是否是 Windows 1809 中的错误,但由于在 .Net 控制台应用程序中直接调用它时它可以工作,我认为这是一些微妙的配置问题。任何人都可以帮助我从 Excel 2010 年开始在计算机 B 上运行吗?
2019 年 2 月 8 日更新
正如评论中所建议的那样,我使用 Fiddler 检查了对网站进行的 https 调用的结构。成功的两个看起来一模一样,失败的看起来略有不同:
通话正常
- TLS 扩展 ec_point_formats = 未压缩 [0x0]
- 未指定 TLS 扩展 encrypt_then_mac (RFC7366)
- TLS 扩展 renegotiation_info = 0
- 密码TLS_EMPTY_RENEGOTIATION_INFO_SCSV未指定
调用失败
- TLS 扩展 ec_point_formats = 未压缩 [0x0]、ansiX962_compressed_prime [0x1]、ansiX962_compressed_char2 [0x2]
- TLS 扩展 encrypt_then_mac (RFC7366) = 空
- 未指定 TLS 扩展 renegotiation_info
- 密码TLS_EMPTY_RENEGOTIATION_INFO_SCSV指定
但是现在我有了这些信息,我不确定它是否有帮助。也许有效的调用都是由相同的低级代码生成的(尽管它们在 Windows 10 的不同版本上),而失败的调用是由不同的低级代码生成的。
2019 年 2 月 10 日更新
当通过 com-interop 从 Excel 调用时,我让代码在新的 AppDomain 中执行 EXE,而不是直接调用登录代码。当我这样做时,EXE 无法工作并产生与我直接调用登录代码相同的输出。
下面是一些 Visual Studio 输出 window,它显示了当 EXE 文件 运行 时 DLL 的加载顺序,就在登录代码执行之前。成功的场景和失败的场景之间最大的区别是失败的场景从不加载 C:\Windows\System32\ncryptprov.dll。有谁知道是什么导致加载该 DLL?
…
(Win32):已加载 'C:\Windows\System32\msisip.dll'
(Win32):已加载 'C:\Windows\System32\coml2.dll' --- 从 EXCEL
之前加载
(Win32):已加载 'C:\Windows\System32\wshext.dll'
(Win32):已加载 'C:\Windows\System32\AppxSip.dll'
(Win32):已加载 'C:\Windows\System32\tdh.dll'
(Win32):已加载 'C:\Windows\System32\xmllite.dll'
(Win32):已加载 'C:\Windows\System32\OpcServices.dll'
(Win32):已加载 'C:\Windows\System32\mintdh.dll'
(Win32):已加载 'C:\Windows\System32\urlmon.dll' --- 从 EXCEL
之前加载
(Win32):已加载 'C:\Windows\System32\mintdh.dll'
(Win32):已卸载 'C:\Windows\System32\mintdh.dll'
(Win32):已加载 'C:\Windows\System32\iertutil.dll' --- 从 EXCEL
之前加载
(Win32):已加载 'C:\Windows\System32\WindowsPowerShell\v1.0\pwrshsip.dll'
(Win32):已加载 'C:\Windows\System32\EsdSip.dll'
(Win32):已加载 'C:\Windows\System32\userenv.dll' --- 从 EXCEL
之前加载
(Win32):已加载 'C:\Windows\System32\dpapi.dll'
(Win32):已加载 'C:\Windows\System32\dnsapi.dll'
(Win32):已加载 'C:\Windows\System32\rasadhlp.dll'
(Win32):已加载 'C:\Windows\System32\FWPUCLNT.DLL'
(Win32):已加载 'C:\Windows\System32\secur32.dll'
(Win32):已加载 'C:\Windows\System32\sspicli.dll' --- 从 EXCEL
开始加载
(Win32):已加载 'C:\Windows\System32\schannel.dll'
(Win32):已加载 'C:\Windows\System32\mskeyprotect.dll'
(Win32):已加载 'C:\Windows\System32\ncrypt.dll'
(Win32):已加载 'C:\Windows\System32\ntasn1.dll'
(Win32):已加载 'C:\Windows\System32\ncryptprov.dll' --- 从未从 EXCEL
加载
(Win32):已加载 'C:\Windows\System32\ncryptsslp.dll'
此时C#代码执行
2019 年 2 月 12 日更新
非常感谢 Simon Mourier 告诉我如何设置 System.Net 诊断。 运行 计算机 B 上的诊断,为这两种情况获得输出的 "System.Net information" 行开始时相同,但最终会有所不同。这是计算机 B 上控制台 EXE 文件的输出(即有效的情况):
System.Net Information: 0 : [35268] Current OS installation type is 'Client'.
System.Net Information: 0 : [35268] RAS supported: True
System.Net Information: 0 : [35268] Associating HttpWebRequest#21454193 with ServicePoint#34640832
System.Net Information: 0 : [35268] Associating Connection#43332040 with HttpWebRequest#21454193
System.Net Information: 0 : [35268] Connection#43332040 - Created connection from XXX.XXX.XXX.XXX:53002 to YYY.YYY.YYY.YYY:443.
System.Net Information: 0 : [35268] TlsStream#54444047::.ctor(host=<TargetWebSite>, #certs=1, checkCertificateRevocationList=False, sslProtocols=Tls12)
System.Net Information: 0 : [35268] Associating HttpWebRequest#21454193 with ConnectStream#20234383
System.Net Information: 0 : [35268] HttpWebRequest#21454193 - Request: POST /api/certlogin HTTP/1.1
System.Net Information: 0 : [35268] ConnectStream#20234383 - Sending headers
System.Net Information: 0 : [35268] SecureChannel#47891719::.ctor(hostname=<TargetWebSite>, #clientCertificates=1, encryptionPolicy=RequireEncryption)
System.Net Information: 0 : [35268] Enumerating security packages:
System.Net Information: 0 : [35268] Negotiate
System.Net Information: 0 : [35268] NegoExtender
System.Net Information: 0 : [35268] Kerberos
System.Net Information: 0 : [35268] NTLM
System.Net Information: 0 : [35268] TSSSP
System.Net Information: 0 : [35268] pku2u
System.Net Information: 0 : [35268] CloudAP
System.Net Information: 0 : [35268] WDigest
System.Net Information: 0 : [35268] Schannel
System.Net Information: 0 : [35268] Microsoft Unified Security Protocol Provider
System.Net Information: 0 : [35268] Default TLS SSP
System.Net Information: 0 : [35268] CREDSSP
System.Net Information: 0 : [35268] SecureChannel#47891719 - Attempting to restart the session using the user-provided certificate: [Version]
System.Net Information: 0 : [35268] SecureChannel#47891719 - Left with 1 client certificates to choose from.
System.Net Information: 0 : [35268] SecureChannel#47891719 - Trying to find a matching certificate in the certificate store.
System.Net Information: 0 : [35268] SecureChannel#47891719 - Locating the private key for the certificate: [Version]
System.Net Information: 0 : [35268] SecureChannel#47891719 - Certificate is of type X509Certificate2 and contains the private key.
System.Net Information: 0 : [35268] SecureChannel#47891719::.AcquireClientCredentials, new SecureCredential() (flags=(ValidateManual, NoDefaultCred, SendAuxRecord, UseStrongCrypto), m_ProtocolFlags=(Tls12Client), m_EncryptionPolicy=RequireEncryption)
System.Net Information: 0 : [35268] AcquireCredentialsHandle(package = Microsoft Unified Security Protocol Provider, intent = Outbound, scc = System.Net.SecureCredential)
System.Net Information: 0 : [35268] InitializeSecurityContext(credential = System.Net.SafeFreeCredential_SECURITY, context = (null), targetName = <TargetWebSite>, inFlags = ReplayDetect, SequenceDetect, Confidentiality, AllocateMemory, InitManualCredValidation)
System.Net Information: 0 : [35268] InitializeSecurityContext(In-Buffer length=0, Out-Buffer length=184, returned code=ContinueNeeded).
System.Net Information: 0 : [35268] InitializeSecurityContext(credential = System.Net.SafeFreeCredential_SECURITY, context = 227c85a89b0:2449d0deff0, targetName = <TargetWebSite>, inFlags = ReplayDetect, SequenceDetect, Confidentiality, AllocateMemory, InitManualCredValidation)
System.Net Information: 0 : [35268] InitializeSecurityContext(In-Buffers count=2, Out-Buffer length=0, returned code=CredentialsNeeded).
但是,当 运行从 Excel 2010 年通过 com-interop 时,不是最后 4 行 InitializeSecurityContext 行,而是 6 行 InitializeSecurityContext 行,如下所示:
System.Net Information: 0 : [39988] InitializeSecurityContext(credential = System.Net.SafeFreeCredential_SECURITY, context = (null), targetName = <TargetWebSite>, inFlags = ReplayDetect, SequenceDetect, Confidentiality, AllocateMemory, InitManualCredValidation)
System.Net Information: 0 : [39988] InitializeSecurityContext(In-Buffer length=0, Out-Buffer length=184, returned code=ContinueNeeded).
System.Net Information: 0 : [39988] InitializeSecurityContext(credential = System.Net.SafeFreeCredential_SECURITY, context = 8a8e2f0:2449d0def90, targetName = <TargetWebSite>, inFlags = ReplayDetect, SequenceDetect, Confidentiality, AllocateMemory, InitManualCredValidation)
System.Net Information: 0 : [39988] InitializeSecurityContext(In-Buffers count=2, Out-Buffer length=0, returned code=ContinueNeeded).
System.Net Information: 0 : [39988] InitializeSecurityContext(credential = System.Net.SafeFreeCredential_SECURITY, context = 8a8e2f0:2449d0def90, targetName = <TargetWebSite>, inFlags = ReplayDetect, SequenceDetect, Confidentiality, AllocateMemory, InitManualCredValidation)
System.Net Information: 0 : [39988] InitializeSecurityContext(In-Buffers count=2, Out-Buffer length=0, returned code=ContinueNeeded).
前两个 InitializeSecurityContext 行是相同的,因此大概关键的区别在于第三个 InitializeSecurityContext 行,其中控制台 EXE
上下文 = 227c85a89b0:2449d0deff0
但是失败的 运行 通过 com-interop executino
上下文 = 8a8e2f0:2449d0def90
在那之后,事情看起来并不像人们预期的那样。有谁知道这种差异意味着什么,以及如何消除这种差异,以便 com-interop 执行的行为方式与 com-interop 执行相同?
2019 年 2 月 13 日更新
我在 an MSDN forum 上发布了更多诊断输出。
关注 C# 控制台与 Excel 2010 年问题(同一台机器,运行 作为 64 位进程),已添加跟踪,如下所述:
Excel 和控制台的初始跟踪完全相同(有关详细信息,请参阅问题)。但最后的痕迹(发布到 MSDN)展示了这一点:
控制台:
System.Net Information: 0 : [35268] Remote certificate: [Version] V3
[ Lots of lines describing a certificate with [Subject]=<TargetWebSite>, [Issuer]=HydrantID SSL ICA G2, etc]
System.Net Information: 0 : [35268] SecureChannel#47891719 - Remote certificate was verified as valid by the user.
Excel:
System.Net Information: 0 : [39988] Remote certificate: [Version] V3
[ Lots of lines describing a certificate with [Subject]=<TargetWebSite>, [Issuer]=Kaspersky, etc]
System.Net Information: 0 : [39988] SecureChannel#2383799 - Remote certificate was verified as valid by the user.
显示Excel中使用的证书现在是卡巴斯基颁发的,原来是PC端的杀毒产品运行。事实上,它是卡巴斯基产品的安全功能,例如 intercept communications, and this causes numerous issues, like KIS Interfering with Git。
删除此防病毒软件后,一切正常。
下面的C#代码,登录网站,
- 从 Excel 2010 VBA 通过 com-interop 在计算机 A 上调用时工作
- 在计算机 B 上从 C# 控制台应用程序调用时工作,但是
- 从 Excel 2010 VBA 通过 com-interop 在计算机 B 上调用时失败
电脑A和电脑B的主要区别是电脑A有windows10版本1803,而电脑B有windows10版本1809。两台电脑都有Studio 2017,一共在目标 .Net Framework 为 4.6.2 的情况下。
using System;
using System.Runtime.InteropServices;
using System.IO;
[Guid("97E1D9DB-8478-4E56-9D6D-26D8EF13B100")]
[ComVisible(true)]
public interface IToExcel {
string Do();
}
[Guid("BBF87E31-77E2-46B6-8093-1689A144BFC6")]
[ClassInterface(ClassInterfaceType.None)]
[ComVisible(true)]
public class Main : IToExcel {
private const string XAPP_ID = "...";
private const string USERNAME = "...";
private const string PASSWORD = "...";
private const string CERT_FILE = @"...";
private const string CERT_PASSWORD = "...";
private const string WEBSITE = "https:// ...";
public string Do() {
System.Net.HttpWebRequest request = (System.Net.HttpWebRequest)System.Net.WebRequest.Create(new Uri(WEBSITE));
request.AutomaticDecompression = System.Net.DecompressionMethods.GZip | System.Net.DecompressionMethods.Deflate;
request.Method = "POST";
request.Accept = "application/json";
request.Timeout = request.ReadWriteTimeout = 20000;
request.ContentType = "application/x-www-form-urlencoded";
request.UseDefaultCredentials = true;
request.Proxy = null;
// setup headers
System.Net.WebHeaderCollection whc = new System.Net.WebHeaderCollection {
{ "X-Application", XAPP_ID },
{ System.Net.HttpRequestHeader.AcceptCharset, "utf-8" },
{ System.Net.HttpRequestHeader.AcceptEncoding, "gzip,deflate" }
};
request.Headers.Add(whc);
// setup certificate
System.Security.Cryptography.X509Certificates.X509Certificate2 m_x509certificate = new System.Security.Cryptography.X509Certificates.X509Certificate2(CERT_FILE, CERT_PASSWORD);
request.ClientCertificates.Add(m_x509certificate);
// do call
using (Stream stream = request.GetRequestStream()) {
using (StreamWriter writer = new StreamWriter(stream, System.Text.Encoding.Default)) {
writer.Write("username=" + USERNAME + "&password=" + PASSWORD);
}
}
string responseData = string.Empty;
using (System.Net.WebResponse response = request.GetResponse()) {
using (Stream responseStream = response.GetResponseStream()) {
using (StreamReader reader = new StreamReader(responseStream, System.Text.Encoding.UTF8)) {
responseData = reader.ReadToEnd();
}
}
}
return responseData;
}
}
在所有情况下都会返回一个 JSON 对象,其中 JSON 对象有一个名为 "loginStatus" 的字段。当它工作时,"loginStatus"="SUCCESS",但当它失败时"loginStatus"="CERT_AUTH_REQUIRED"。
我尝试查看 System.Net.ServicePointManager 中的所有设置,但在所有情况下设置都是相同的:
- 重用端口:错误
- ServerCertificateValidationCallback:
- DnsRefreshTimeout: 120000
- EnableDnsRoundRobin: 假
- Expect100Continue: True
- 使用 Nagle 算法:正确
- MaxServicePointIdleTime: 100000
- 默认连接限制:2
- 最大服务点:0
- 安全协议:Tls、Tls11、Tls12
- CheckCertificateRevocationList:错误
- 加密策略:需要加密
除此之外,我不知道还要检查什么。从.Net 4.6.2升级到4.7.1没有效果,结果一样。
我想知道这是否是 Windows 1809 中的错误,但由于在 .Net 控制台应用程序中直接调用它时它可以工作,我认为这是一些微妙的配置问题。任何人都可以帮助我从 Excel 2010 年开始在计算机 B 上运行吗?
2019 年 2 月 8 日更新
正如评论中所建议的那样,我使用 Fiddler 检查了对网站进行的 https 调用的结构。成功的两个看起来一模一样,失败的看起来略有不同:
通话正常
- TLS 扩展 ec_point_formats = 未压缩 [0x0]
- 未指定 TLS 扩展 encrypt_then_mac (RFC7366)
- TLS 扩展 renegotiation_info = 0
- 密码TLS_EMPTY_RENEGOTIATION_INFO_SCSV未指定
调用失败
- TLS 扩展 ec_point_formats = 未压缩 [0x0]、ansiX962_compressed_prime [0x1]、ansiX962_compressed_char2 [0x2]
- TLS 扩展 encrypt_then_mac (RFC7366) = 空
- 未指定 TLS 扩展 renegotiation_info
- 密码TLS_EMPTY_RENEGOTIATION_INFO_SCSV指定
但是现在我有了这些信息,我不确定它是否有帮助。也许有效的调用都是由相同的低级代码生成的(尽管它们在 Windows 10 的不同版本上),而失败的调用是由不同的低级代码生成的。
2019 年 2 月 10 日更新
当通过 com-interop 从 Excel 调用时,我让代码在新的 AppDomain 中执行 EXE,而不是直接调用登录代码。当我这样做时,EXE 无法工作并产生与我直接调用登录代码相同的输出。
下面是一些 Visual Studio 输出 window,它显示了当 EXE 文件 运行 时 DLL 的加载顺序,就在登录代码执行之前。成功的场景和失败的场景之间最大的区别是失败的场景从不加载 C:\Windows\System32\ncryptprov.dll。有谁知道是什么导致加载该 DLL?
…
(Win32):已加载 'C:\Windows\System32\msisip.dll'
(Win32):已加载 'C:\Windows\System32\coml2.dll' --- 从 EXCEL
之前加载(Win32):已加载 'C:\Windows\System32\wshext.dll'
(Win32):已加载 'C:\Windows\System32\AppxSip.dll'
(Win32):已加载 'C:\Windows\System32\tdh.dll'
(Win32):已加载 'C:\Windows\System32\xmllite.dll'
(Win32):已加载 'C:\Windows\System32\OpcServices.dll'
(Win32):已加载 'C:\Windows\System32\mintdh.dll'
(Win32):已加载 'C:\Windows\System32\urlmon.dll' --- 从 EXCEL
之前加载(Win32):已加载 'C:\Windows\System32\mintdh.dll'
(Win32):已卸载 'C:\Windows\System32\mintdh.dll'
(Win32):已加载 'C:\Windows\System32\iertutil.dll' --- 从 EXCEL
之前加载(Win32):已加载 'C:\Windows\System32\WindowsPowerShell\v1.0\pwrshsip.dll'
(Win32):已加载 'C:\Windows\System32\EsdSip.dll'
(Win32):已加载 'C:\Windows\System32\userenv.dll' --- 从 EXCEL
之前加载(Win32):已加载 'C:\Windows\System32\dpapi.dll'
(Win32):已加载 'C:\Windows\System32\dnsapi.dll'
(Win32):已加载 'C:\Windows\System32\rasadhlp.dll'
(Win32):已加载 'C:\Windows\System32\FWPUCLNT.DLL'
(Win32):已加载 'C:\Windows\System32\secur32.dll'
(Win32):已加载 'C:\Windows\System32\sspicli.dll' --- 从 EXCEL
开始加载(Win32):已加载 'C:\Windows\System32\schannel.dll'
(Win32):已加载 'C:\Windows\System32\mskeyprotect.dll'
(Win32):已加载 'C:\Windows\System32\ncrypt.dll'
(Win32):已加载 'C:\Windows\System32\ntasn1.dll'
(Win32):已加载 'C:\Windows\System32\ncryptprov.dll' --- 从未从 EXCEL
加载(Win32):已加载 'C:\Windows\System32\ncryptsslp.dll'
此时C#代码执行
2019 年 2 月 12 日更新
非常感谢 Simon Mourier 告诉我如何设置 System.Net 诊断。 运行 计算机 B 上的诊断,为这两种情况获得输出的 "System.Net information" 行开始时相同,但最终会有所不同。这是计算机 B 上控制台 EXE 文件的输出(即有效的情况):
System.Net Information: 0 : [35268] Current OS installation type is 'Client'.
System.Net Information: 0 : [35268] RAS supported: True
System.Net Information: 0 : [35268] Associating HttpWebRequest#21454193 with ServicePoint#34640832
System.Net Information: 0 : [35268] Associating Connection#43332040 with HttpWebRequest#21454193
System.Net Information: 0 : [35268] Connection#43332040 - Created connection from XXX.XXX.XXX.XXX:53002 to YYY.YYY.YYY.YYY:443.
System.Net Information: 0 : [35268] TlsStream#54444047::.ctor(host=<TargetWebSite>, #certs=1, checkCertificateRevocationList=False, sslProtocols=Tls12)
System.Net Information: 0 : [35268] Associating HttpWebRequest#21454193 with ConnectStream#20234383
System.Net Information: 0 : [35268] HttpWebRequest#21454193 - Request: POST /api/certlogin HTTP/1.1
System.Net Information: 0 : [35268] ConnectStream#20234383 - Sending headers
System.Net Information: 0 : [35268] SecureChannel#47891719::.ctor(hostname=<TargetWebSite>, #clientCertificates=1, encryptionPolicy=RequireEncryption)
System.Net Information: 0 : [35268] Enumerating security packages:
System.Net Information: 0 : [35268] Negotiate
System.Net Information: 0 : [35268] NegoExtender
System.Net Information: 0 : [35268] Kerberos
System.Net Information: 0 : [35268] NTLM
System.Net Information: 0 : [35268] TSSSP
System.Net Information: 0 : [35268] pku2u
System.Net Information: 0 : [35268] CloudAP
System.Net Information: 0 : [35268] WDigest
System.Net Information: 0 : [35268] Schannel
System.Net Information: 0 : [35268] Microsoft Unified Security Protocol Provider
System.Net Information: 0 : [35268] Default TLS SSP
System.Net Information: 0 : [35268] CREDSSP
System.Net Information: 0 : [35268] SecureChannel#47891719 - Attempting to restart the session using the user-provided certificate: [Version]
System.Net Information: 0 : [35268] SecureChannel#47891719 - Left with 1 client certificates to choose from.
System.Net Information: 0 : [35268] SecureChannel#47891719 - Trying to find a matching certificate in the certificate store.
System.Net Information: 0 : [35268] SecureChannel#47891719 - Locating the private key for the certificate: [Version]
System.Net Information: 0 : [35268] SecureChannel#47891719 - Certificate is of type X509Certificate2 and contains the private key.
System.Net Information: 0 : [35268] SecureChannel#47891719::.AcquireClientCredentials, new SecureCredential() (flags=(ValidateManual, NoDefaultCred, SendAuxRecord, UseStrongCrypto), m_ProtocolFlags=(Tls12Client), m_EncryptionPolicy=RequireEncryption)
System.Net Information: 0 : [35268] AcquireCredentialsHandle(package = Microsoft Unified Security Protocol Provider, intent = Outbound, scc = System.Net.SecureCredential)
System.Net Information: 0 : [35268] InitializeSecurityContext(credential = System.Net.SafeFreeCredential_SECURITY, context = (null), targetName = <TargetWebSite>, inFlags = ReplayDetect, SequenceDetect, Confidentiality, AllocateMemory, InitManualCredValidation)
System.Net Information: 0 : [35268] InitializeSecurityContext(In-Buffer length=0, Out-Buffer length=184, returned code=ContinueNeeded).
System.Net Information: 0 : [35268] InitializeSecurityContext(credential = System.Net.SafeFreeCredential_SECURITY, context = 227c85a89b0:2449d0deff0, targetName = <TargetWebSite>, inFlags = ReplayDetect, SequenceDetect, Confidentiality, AllocateMemory, InitManualCredValidation)
System.Net Information: 0 : [35268] InitializeSecurityContext(In-Buffers count=2, Out-Buffer length=0, returned code=CredentialsNeeded).
但是,当 运行从 Excel 2010 年通过 com-interop 时,不是最后 4 行 InitializeSecurityContext 行,而是 6 行 InitializeSecurityContext 行,如下所示:
System.Net Information: 0 : [39988] InitializeSecurityContext(credential = System.Net.SafeFreeCredential_SECURITY, context = (null), targetName = <TargetWebSite>, inFlags = ReplayDetect, SequenceDetect, Confidentiality, AllocateMemory, InitManualCredValidation)
System.Net Information: 0 : [39988] InitializeSecurityContext(In-Buffer length=0, Out-Buffer length=184, returned code=ContinueNeeded).
System.Net Information: 0 : [39988] InitializeSecurityContext(credential = System.Net.SafeFreeCredential_SECURITY, context = 8a8e2f0:2449d0def90, targetName = <TargetWebSite>, inFlags = ReplayDetect, SequenceDetect, Confidentiality, AllocateMemory, InitManualCredValidation)
System.Net Information: 0 : [39988] InitializeSecurityContext(In-Buffers count=2, Out-Buffer length=0, returned code=ContinueNeeded).
System.Net Information: 0 : [39988] InitializeSecurityContext(credential = System.Net.SafeFreeCredential_SECURITY, context = 8a8e2f0:2449d0def90, targetName = <TargetWebSite>, inFlags = ReplayDetect, SequenceDetect, Confidentiality, AllocateMemory, InitManualCredValidation)
System.Net Information: 0 : [39988] InitializeSecurityContext(In-Buffers count=2, Out-Buffer length=0, returned code=ContinueNeeded).
前两个 InitializeSecurityContext 行是相同的,因此大概关键的区别在于第三个 InitializeSecurityContext 行,其中控制台 EXE
上下文 = 227c85a89b0:2449d0deff0
但是失败的 运行 通过 com-interop executino
上下文 = 8a8e2f0:2449d0def90
在那之后,事情看起来并不像人们预期的那样。有谁知道这种差异意味着什么,以及如何消除这种差异,以便 com-interop 执行的行为方式与 com-interop 执行相同?
2019 年 2 月 13 日更新
我在 an MSDN forum 上发布了更多诊断输出。
关注 C# 控制台与 Excel 2010 年问题(同一台机器,运行 作为 64 位进程),已添加跟踪,如下所述:
Excel 和控制台的初始跟踪完全相同(有关详细信息,请参阅问题)。但最后的痕迹(发布到 MSDN)展示了这一点:
控制台:
System.Net Information: 0 : [35268] Remote certificate: [Version] V3
[ Lots of lines describing a certificate with [Subject]=<TargetWebSite>, [Issuer]=HydrantID SSL ICA G2, etc]
System.Net Information: 0 : [35268] SecureChannel#47891719 - Remote certificate was verified as valid by the user.
Excel:
System.Net Information: 0 : [39988] Remote certificate: [Version] V3
[ Lots of lines describing a certificate with [Subject]=<TargetWebSite>, [Issuer]=Kaspersky, etc]
System.Net Information: 0 : [39988] SecureChannel#2383799 - Remote certificate was verified as valid by the user.
显示Excel中使用的证书现在是卡巴斯基颁发的,原来是PC端的杀毒产品运行。事实上,它是卡巴斯基产品的安全功能,例如 intercept communications, and this causes numerous issues, like KIS Interfering with Git。
删除此防病毒软件后,一切正常。