问题
I have got wierd problem going on. I am trying to connect to Apple server via TCP/SSL. I am using a Client certificate provided by Apple for push notifications. I installed the certificate on my server (Win2k3) in both Local Trusted Root certificates and Local Personal Certificates folder.
Now I have a class library that deals with that connection, when i call this class library from a console application running from the server it works absolutely fine, but when i call that class library from an asp.net page or asmx web service I get the following exception.
A call to SSPI failed, see inner exception. The message received was unexpected or badly formatted.
This is my code:
X509Certificate cert = new X509Certificate(certificateLocation, certificatePassword);
X509CertificateCollection certCollection = new X509CertificateCollection(new X509Certificate[1] { cert });
// OPEN the new SSL Stream
SslStream ssl = new SslStream(client.GetStream(), false, new RemoteCertificateValidationCallback(ValidateServerCertificate), null);
ssl.AuthenticateAsClient(ipAddress, certCollection, SslProtocols.Default, false);
ssl.AuthenticateAsClient is where the error gets thrown.
This is driving me nuts. If the console application can connect fine, there must be some problem with asp.net network layer security that is failing the authentication... not sure, perhaps need to add something or some sort of security policy in the web.config. Also just to point out that i can connect fine on my local development machine both with console and website.
Anyone has got any ideas?
回答1:
Have you installed the certificate on your system? If you are running windows it should be in Local Computer/Personal or Trusted Folders under Management Console (Run -> mmc).
回答2:
The ASP.NET runs under a different account so you have to use WinHttpCertCfg.exe tool to allow the following account to access the certificate which you should install in Local Computer Personal/Trusted folders.
- ASPNET
- Network Service
- Authenticated Users
e.g.
winhttpcertcfg -g -c LOCAL_MACHINE\MY -s "CertificateName" -a "ASPNET"
where certificate name is the friendly name of your certificate. You can get the tool and information from here.
回答3:
I had this same problem - adding the ASP.NET DefaultAppPool/Network Service user didn't help me though.
I finally figured out that the ASP.NET webservice couldn't access the certificate when it was in the Trusted Root Certificates folder (even though the console app can). I dragged it back to the Personal Certificates folder and can now call the method from both console and web apps.
回答4:
change X509Certificate to X509Certificate2 and also X509CertificateCollection to X509Certificate2Collection
来源:https://stackoverflow.com/questions/1884959/exception-on-sslstream-authenticateasclient-the-message-was-badly-formatted