i made console application project host web service programmatically, when try create client proxy web service , call method on it, following error:
an error occurred while making http request https://localhost:8000/fileretrievalpoc. due fact server certificate not configured http.sys in https case. caused mismatch of security binding between client , server.
its inner exception:
the underlying connection closed: unexpected error occurred on send.
its inner exception:
unable read data transport connection: existing connection forcibly closed remote host.
its inner exception:
an existing connection forcibly closed remote host
program.cs:
class program { static void main(string[] args) { var address = "https://localhost:8000/fileretrievalpoc"; console.writeline("starting service @ {0}...", address); fileretrievalservice.start(address, storelocation.localmachine, storename.my, "localhost"); console.writeline("service started."); console.writeline("press enter create new proxy client , call method."); console.writeline("press escape end application."); while (true) { var key = console.readkey(); if (key.key == consolekey.enter) { var proxy = fileretrievalservice.connect(address, "localhost", "exampleusername", "examplepassword", storelocation.localmachine, storename.my, "localhost"); proxy.get(@"c:\users\user\desktop\document.txt"); ((iclientchannel)proxy).close(); } else if (key.key == consolekey.escape) break; } fileretrievalservice.stop(); } } ifileretrieval.cs:
[servicecontract] public interface ifileretrieval { [operationcontract] string get(string path); [operationcontract] void set(string path, string contents); } fileretrievalservice.cs:
class fileretrievalservice : ifileretrieval { private static basichttpsbinding _binding = new basichttpsbinding() { name = "fileretrievalpoc", hostnamecomparisonmode = hostnamecomparisonmode.exact, security = new basichttpssecurity() { message = new basichttpmessagesecurity() { algorithmsuite = securityalgorithmsuite.basic256sha256rsa15, clientcredentialtype = basichttpmessagecredentialtype.username }, mode = basichttpssecuritymode.transportwithmessagecredential, transport = new httptransportsecurity() { clientcredentialtype = httpclientcredentialtype.windows } }, sendtimeout = timespan.fromminutes(1), closetimeout = timespan.fromminutes(1), opentimeout = timespan.fromminutes(1), receivetimeout = timespan.fromminutes(1) }; private static channelfactory<ifileretrieval> _channelfactory; private static servicehost _host; public static void start(string address, storelocation location, storename name, string subject) { _host = new servicehost(typeof(fileretrievalservice)); _host.credentials.servicecertificate.setcertificate(location, name, x509findtype.findbysubjectname, subject); _host.addserviceendpoint(typeof(ifileretrieval), _binding, address); _host.open(); } public static void stop() { if (_host != null) _host.close(); if (_channelfactory != null) _channelfactory.close(); } public static ifileretrieval connect(string address, string domain, string username, string password, storelocation location, storename name, string subject) { if (_channelfactory == null) _channelfactory = new channelfactory<ifileretrieval>(_binding, address); _channelfactory.credentials.clientcertificate.setcertificate(location, name, x509findtype.findbysubjectname, subject); _channelfactory.credentials.username.username = username; _channelfactory.credentials.username.password = password; _channelfactory.credentials.windows.clientcredential = new networkcredential(username, password, domain); return _channelfactory.createchannel(); } public string get(string path) { throw new notimplementedexception(); } public void set(string path, string contents) { throw new notimplementedexception(); } } its done programmatically, , i've looked on stack overflow couldn't find reason why happening. know problem is? source code, can add new console application , run try out on local machine , see happen yourself. ssl certificate? if so, how can more verbosity error reason here? not helpful exception.
edit: think may have missed step here, such using netsh bind certificate machine's port.
my issue i did not use netsh bind certificate machine's port. open administrative command prompt , call:
netsh http add sslcert ipport=0.0.0.0:8000 appid=<a randomly generated guid application> certhash=<your localhost certificate's thumbprint default store, under local machine -> personal, can mmc certificates snap-in> the next step make sure under trusted people on client side. @ least, me case since using self-signed certificate generated testing purposes localhost. example, if certificate comodo or verisign or other ca, certificate may not need @ since root ca trusted, usually, default in windows, since root ca public certificate these shipped out of box inside of trusted root certification authorities section of certificates mmc snap-in.
then, need do, make sure machine credentials correct. using windows authentication tries assert credentials valid (these specified in code on call connect method).
as older, find tend answer own questions more , more often...
edit: need use trusted people store of this. if want this, use storename.trustedpeople in code above , in netsh command, specify certstorename=trustedpeople, otherwise defaults my, personal store in certificates mmc snap-in.
also, delete ssl certificate has been bound, use netsh http delete sslcert ipport=0.0.0.0:8000
also, code doesn't need client certificate set in order function, can removed connect method. needs more tightening if of plan use in production.
Comments
Post a Comment