c# - Could not establish secure channel for SSL/TLS -


i have wcf service setup use server , client certificate :

     servicehostfactory.createservice<myappclientservice>($"https://localhost:{serversettings.smartcardsslport}/myapp5service/sll")                         .useprotobuf()                         .addservicebehavior(new customservicebehavior_clientservice())                         .addauthorizationpolicy(new customauthorizationpolicy_clientservice())                         .usesecureconnection(environmentsettings.secureconnection)                         .usethrottling()                         .start(endpointservice.createnethttpsbinding(true));                     await servicehandler.registerclientservicetoconsul(myappservices.clientserver_smartcard, serversettings.smartcardsslport);  public servicehostbuilder<t> usesecureconnection(secureconnectionsettings settings)         {             if (settings != null && settings.enabled)             {                 console.writeline("setting certificates");                 x509store store = new x509store(settings.certificatestore, settings.certificatelocation);                 store.open(openflags.readonly);                 x509certificate2collection certs = store.certificates.find(x509findtype.findbythumbprint, settings.thumbprint, true);                 store.close();                  if (certs.count > 0)                 {                     _servicehost.credentials.servicecertificate.setcertificate(settings.certificatelocation,                     settings.certificatestore, x509findtype.findbythumbprint, settings.thumbprint);                 }                 else                     throw new exception("could not find certificate thumbprint " + settings.thumbprint);             }             return this;         }  public static nethttpsbinding createnethttpsbinding(bool requiredclientcertificate = false)         {             var binding = new nethttpsbinding();             setbindingsettings(binding);             binding.security = new basichttpssecurity();             binding.security.mode = basichttpssecuritymode.transport;             binding.security.transport = new httptransportsecurity();              if (requiredclientcertificate)                 binding.security.transport.clientcredentialtype = httpclientcredentialtype.certificate;             else                 binding.security.transport.clientcredentialtype = httpclientcredentialtype.none;              return binding;         } 

the client creates channel :

private async task<channelfactory<t>> createchannelfactory(logintypebase logintype, orbittoken token)         {             var service = await _consulservice.getserviceblocking(logintype.orbitservicestouse, forcerefresh: true, token: new cancellationtokensource(timespan.fromseconds(30)).token);              if (service == null)                 throw new orbitservicecommunicationexception();              var cert = logintype.clientcertificate;             var uri = logintype.getorbitclientserviceurl(service.address, service.port);              var header = addressheader.createaddressheader(nameof(orbittoken), nameof(orbittoken), token);             var endpointaddress = new endpointaddress(uri, header);              serviceendpoint serviceendpoint = null;             if (logintype.logintype == logintype.smartcard || logintype.logintype == logintype.usernamepasswordsll)             {                 var binding = new nethttpsbinding("nethttpsbinding");                 binding.security.mode = basichttpssecuritymode.transport;                 if (logintype.logintype == logintype.smartcard)                     binding.security.transport.clientcredentialtype = httpclientcredentialtype.certificate;                 else                     binding.security.transport.clientcredentialtype = httpclientcredentialtype.none;                  serviceendpoint = new serviceendpoint(contractdescription.getcontract(typeof(t)), binding, endpointaddress);             }             else             {                 var binding = new nethttpbinding("nethttpbinding");                 serviceendpoint = new serviceendpoint(contractdescription.getcontract(typeof(t)), binding, endpointaddress);             }              serviceendpoint.endpointbehaviors.add(new protoendpointbehavior());             serviceendpoint.endpointbehaviors.add(new custommessageinspectorbehavior());               var v = new channelfactory<t>(serviceendpoint);             if (logintype.logintype == logintype.smartcard)             {                 v.credentials.clientcertificate.certificate = cert;                 //v.credentials.clientcertificate.setcertificate(storelocation.currentuser, storename.my, x509findtype.findbythumbprint, cert.thumbprint);             }             return v;         } 

when smartcard inserted reader thirdparty program copy certificates card in local store.

my application catch change , use 1 of these certificate client certificate.

the above code works fine first time. when client makes first call service thirdpary program ask pin of user , if valid communication continues.

the problem if remove smartcard , put in ssl/tls when next call service done? have @ point not created new channel uese same channel before removed card.

is there going on here in .net or thirdparty software blocks me? maybe have create new channel after certificate have ben removed , put in again?

this example of exception :

system.servicemodel.security.securitynegotiationexception: not establish secure channel ssl/tls authority '139.107.245.141:44310'. ---> system.net.webexception: request aborted: not create ssl/tls secure channel. @ system.net.httpwebrequest.endgetresponse(iasyncresult asyncresult)
@ system.servicemodel.channels.httpchannelfactory1.httprequestchannel.httpchannelasyncrequest.completegetresponse(iasyncresult result) --- end of inner exception stack trace --- @ myapp.client.main.classes.controllers.errorhandler.unwrapagentexception(exception exception) in c:\myapp\produkter\myapp utveckling\solution\myapp.client.main\classes\controllers\errorhandler.cs:line 35 @ myapp.client.main.servicemanagement.serviceagents.akutlistanagent.getakutlistan(list1 orgenhetlist, list1 tooltipkeys, list1 useritems) in c:\myapp\produkter\myapp utveckling\solution\myapp.client.main\classes\service management\service agents\akutlistanagent.cs:line 88 @ myapp.client.main.gui.akutlista.ucakutlista.buildgrid() in c:\myapp\produkter\myapp utveckling\solution\myapp.client.main\gui\akutlista\ucakutlista.cs:line 550 @ myapp.client.main.gui.akutlista.ucakutlista.setarbetsstalle(list1 orgenhetlist) in c:\myapp\produkter\myapp utveckling\solution\myapp.client.main\gui\akutlista\ucakutlista.cs:line 1742 @ myapp.client.main.gui.akutlista.ucakutlista.orgenhetlist_editvaluechanged(object sender, eventargs e) in c:\myapp\produkter\myapp utveckling\solution\myapp.client.main\gui\akutlista\ucakutlista.cs:line 1828 @ system.eventhandler.invoke(object sender, eventargs e)
@ devexpress.xtraeditors.repository.repositoryitem.raiseeditvaluechangedcore(eventargs e) @ devexpress.xtraeditors.repository.repositoryitem.raiseeditvaluechanged(eventargs e) @ devexpress.xtraeditors.baseedit.raiseeditvaluechanged() @ devexpress.xtraeditors.baseedit.oneditvaluechanged() @ devexpress.xtraeditors.textedit.oneditvaluechanged() @ devexpress.xtraeditors.baseedit.oneditvaluechanging(changingeventargs e) @ devexpress.xtraeditors.textedit.oneditvaluechanging(changingeventargs e) @ devexpress.xtraeditors.baseedit.set_editvalue(object value)
@ myapp.client.main.gui.akutlista.ucakutlista.setactiveorganisationenhet(list
1 organisationsenhetlist, list`1 prioriteringsgrupplist) in c:\myapp\produkter\myapp utveckling\solution\myapp.client.main\gui\akutlista\ucakutlista.cs:line 1731 @ myapp.client.main.gui.akutlista.ucakutlista.loadcontrol() in c:\myapp\produkter\myapp utveckling\solution\myapp.client.main\gui\akutlista\ucakutlista.cs:line 395 @ myapp.client.main.gui.planering.ucoversiktstabcontrol.loadpage() in c:\myapp\produkter\myapp utveckling\solution\myapp.client.main\gui\planering\ucoversiktstabcontrol.cs:line 703 @ myapp.client.main.gui.planering.ucoversiktstabcontrol..ctor() in c:\myapp\produkter\myapp utveckling\solution\myapp.client.main\gui\planering\ucoversiktstabcontrol.cs:line 68 @ myapp.client.main.gui.planering.frmplaneringsoversikt.initializecomponent() in c:\myapp\produkter\myapp utveckling\solution\myapp.client.main\gui\planering\frmplaneringsoversikt.designer.cs:line 180 @ myapp.client.main.gui.planering.frmplaneringsoversikt..ctor() in c:\myapp\produkter\myapp utveckling\solution\myapp.client.main\gui\planering\frmplaneringsoversikt.cs:line 147 @ myapp.client.main.gui.planering.frmplaneringsoversikt.openform() in c:\myapp\produkter\myapp utveckling\solution\myapp.client.main\gui\planering\frmplaneringsoversikt.cs:line 112 @ myapp.client.main.gui.frmmainmyapp.openplaningoverview() in c:\myapp\produkter\myapp utveckling\solution\myapp.client.main\gui\frmmainmyapp.cs:line 2265
@ myapp.client.main.gui.frmmainmyapp.navbaritemplanering_linkclicked(object sender, navbarlinkeventargs e) in c:\myapp\produkter\myapp utveckling\solution\myapp.client.main\gui\frmmainmyapp.cs:line 619
@ devexpress.xtranavbar.navbaritem.raiselinkevent(object linkevent, navbaritemlink link) @ devexpress.xtranavbar.navbaritem.raiselinkclicked(navbaritemlink link) @ devexpress.xtranavbar.navbaritem.raiselinkclickedcore(navbaritemlink link) @ devexpress.xtranavbar.navbarcontrol.raiselinkclicked(navbaritemlink link) @ devexpress.xtranavbar.viewinfo.navbarviewinfo.dolinkclick(navbarhitinfo hitinfo) @ devexpress.xtranavbar.viewinfo.navbarviewinfo.doclick(navbarhitinfo hitinfo) @ devexpress.xtranavbar.viewinfo.navigationpaneviewinfo.doclick(navbarhitinfo hitinfo) @ devexpress.xtranavbar.viewinfo.navbarviewinfo.onmouseup(mouseeventargs e) @ devexpress.xtranavbar.navbarcontrol.onmouseup(mouseeventargs ev) @ system.windows.forms.control.wmmouseup(message& m, mousebuttons button, int32 clicks) @ system.windows.forms.control.wndproc(message& m) @ devexpress.xtranavbar.navbarcontrol.wndproc(message& m) @ system.windows.forms.control.controlnativewindow.onmessage(message& m) @ system.windows.forms.control.controlnativewindow.wndproc(message& m) @ system.windows.forms.nativewindow.callback(intptr hwnd, int32 msg, intptr wparam, intptr lparam)

edit : have tips ms wininet might problem, overcome need restart application or in way reset ms wininet?

have checked firewall settings? if it's worth checking right port being opened communications.


Comments

Popular posts from this blog

javascript - Clear button on addentry page doesn't work -

c# - Selenium Authentication Popup preventing driver close or quit -

tensorflow when input_data MNIST_data , zlib.error: Error -3 while decompressing: invalid block type -