AuthenticationException:使用安全 Web 套接字调用 SSPI 失败
AuthenticationException: A call to SSPI failed with Secured Web Sockets
我有一个相当复杂的实时 Web 应用程序,它以 C# 服务器作为后端,还运行 Websocket 服务器。
我目前正在升级它以支持 HTTPS,
已经这样做了(使用 OWIN 自托管,.NET Framework 4.6.1)
我还需要为 Websockets 这样做(用于根据服务器的变化更新客户端)
Websocket 服务器是使用精彩的 websocket-sharp 库实现的
我面临的问题是:
无论我做什么,在调用 SslStream.AuthenticateAsServer 之后,我的服务器端似乎总是遇到这个令人沮丧的异常。
现在,我也尝试使用不同的 Websocket 服务器 (Fleck),但问题仍然存在,所以我很确定它与我的证书有关。
我使用的是自签名证书,我尝试以多种方式创建此证书,包括内置 windows 证书注册、PowerShell 'New-SelfSignedCertificate' 并且无论我使用什么证书,我总能得到这个例外:
AuthenticationException
HResult=0x80131501
Message=A call to SSPI failed, see inner exception.
Source=System
StackTrace:
at
System.Net.Security.SslState.StartSendAuthResetSignal(ProtocolToken
message, AsyncProtocolRequest asyncRequest, Exception exception)
at
System.Net.Security.SslState.CheckCompletionBeforeNextReceive(ProtocolToken
message, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.StartSendBlob(Byte[] incoming,
Int32 count, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.ProcessReceivedBlob(Byte[] buffer,
Int32 count, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.StartReadFrame(Byte[] buffer, Int32
readBytes, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.StartReceiveBlob(Byte[] buffer,
AsyncProtocolRequest asyncRequest)
at
System.Net.Security.SslState.CheckCompletionBeforeNextReceive(ProtocolToken
message, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.StartSendBlob(Byte[] incoming,
Int32 count, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.ProcessReceivedBlob(Byte[] buffer,
Int32 count, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.StartReadFrame(Byte[] buffer, Int32
readBytes, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.StartReceiveBlob(Byte[] buffer,
AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.ForceAuthentication(Boolean
receiveFirst, Byte[] buffer, AsyncProtocolRequest asyncRequest)
at
System.Net.Security.SslState.ProcessAuthentication(LazyAsyncResult
lazyResult)
at
System.Net.Security.SslStream.AuthenticateAsServer(X509Certificate
serverCertificate, Boolean clientCertificateRequired, SslProtocols
enabledSslProtocols, Boolean checkCertificateRevocation)
at
WebSocketSharp.Net.WebSockets.TcpListenerWebSocketContext..ctor(TcpClient
tcpClient, String protocol, Boolean secure, ServerSslConfiguration
sslConfig, Logger log) in
J:\Common\OpenSource\websocket-sharp\websocket-sharp\Net\WebSockets\TcpListenerWebSocketContext.cs:line
91
Inner Exception 1:
Win32Exception: An unknown error occurred while processing the
certificate
P.S 我发现有几个地方告诉我要将 EnabledSslProtocols 设置为 SslProtocols.Tls12,我这样做了,但没有用。
好的,所以我能够弄明白。
在这里发布答案以防其他人遇到此问题。
我需要将证书中的公用名设置为某个名称,然后将该名称添加到主机文件并在寻址服务器时使用该名称(在我使用我的计算机名称之前)
所以假设我用
创建证书
CN=webserver
然后在主机文件中添加
127.0.0.1 webserver
它奏效了。
我只是不明白为什么证书在服务器中被拒绝,而不是在客户端中。
我有一个相当复杂的实时 Web 应用程序,它以 C# 服务器作为后端,还运行 Websocket 服务器。
我目前正在升级它以支持 HTTPS, 已经这样做了(使用 OWIN 自托管,.NET Framework 4.6.1) 我还需要为 Websockets 这样做(用于根据服务器的变化更新客户端)
Websocket 服务器是使用精彩的 websocket-sharp 库实现的
我面临的问题是:
无论我做什么,在调用 SslStream.AuthenticateAsServer 之后,我的服务器端似乎总是遇到这个令人沮丧的异常。
现在,我也尝试使用不同的 Websocket 服务器 (Fleck),但问题仍然存在,所以我很确定它与我的证书有关。
我使用的是自签名证书,我尝试以多种方式创建此证书,包括内置 windows 证书注册、PowerShell 'New-SelfSignedCertificate' 并且无论我使用什么证书,我总能得到这个例外:
AuthenticationException
HResult=0x80131501
Message=A call to SSPI failed, see inner exception.
Source=System
StackTrace:
at
System.Net.Security.SslState.StartSendAuthResetSignal(ProtocolToken
message, AsyncProtocolRequest asyncRequest, Exception exception)
at
System.Net.Security.SslState.CheckCompletionBeforeNextReceive(ProtocolToken
message, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.StartSendBlob(Byte[] incoming,
Int32 count, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.ProcessReceivedBlob(Byte[] buffer,
Int32 count, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.StartReadFrame(Byte[] buffer, Int32
readBytes, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.StartReceiveBlob(Byte[] buffer,
AsyncProtocolRequest asyncRequest)
at
System.Net.Security.SslState.CheckCompletionBeforeNextReceive(ProtocolToken
message, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.StartSendBlob(Byte[] incoming,
Int32 count, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.ProcessReceivedBlob(Byte[] buffer,
Int32 count, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.StartReadFrame(Byte[] buffer, Int32
readBytes, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.StartReceiveBlob(Byte[] buffer,
AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.ForceAuthentication(Boolean
receiveFirst, Byte[] buffer, AsyncProtocolRequest asyncRequest)
at
System.Net.Security.SslState.ProcessAuthentication(LazyAsyncResult
lazyResult)
at
System.Net.Security.SslStream.AuthenticateAsServer(X509Certificate
serverCertificate, Boolean clientCertificateRequired, SslProtocols
enabledSslProtocols, Boolean checkCertificateRevocation)
at
WebSocketSharp.Net.WebSockets.TcpListenerWebSocketContext..ctor(TcpClient
tcpClient, String protocol, Boolean secure, ServerSslConfiguration
sslConfig, Logger log) in
J:\Common\OpenSource\websocket-sharp\websocket-sharp\Net\WebSockets\TcpListenerWebSocketContext.cs:line
91
Inner Exception 1:
Win32Exception: An unknown error occurred while processing the
certificate
P.S 我发现有几个地方告诉我要将 EnabledSslProtocols 设置为 SslProtocols.Tls12,我这样做了,但没有用。
好的,所以我能够弄明白。 在这里发布答案以防其他人遇到此问题。
我需要将证书中的公用名设置为某个名称,然后将该名称添加到主机文件并在寻址服务器时使用该名称(在我使用我的计算机名称之前) 所以假设我用
创建证书CN=webserver
然后在主机文件中添加
127.0.0.1 webserver
它奏效了。
我只是不明白为什么证书在服务器中被拒绝,而不是在客户端中。