c# - 使用 LXD REST API,ClientWebSocket 在 .Net Core 上抛出“AuthenticationException”,但在 .Net Framework 上,它运行良好
问题描述
我正在将LXD.NET移植到 .Net Standard 2.0。通过 HTTPS 的 REST API 与 .Net Core 和 .Net Framework 配合得很好。
但是使用 WebSocket API(例如1.0/containers/<name>/exec),ClientWebSocket仅在 .Net Core 上引发 Authentication Exception。(在 .Net Framework 上,它不会抛出并且运行良好。)
LXD 在 Ubuntu 18.04 上运行。我在两个客户端上进行了测试,一个在 Windows 10 上运行,另一个在 Linux 上运行(运行 LXD 的同一台 linux 计算机)。
所有源代码都在这里(https://github.com/GnicoJP/lxd-dotnet-websocket-test)。
重现步骤(服务器端)
LXD 设置
$ sudo apt install lxc lxd
$ sudo lxd init
我将 LXD 配置为在网络上可用。
$ sudo lxc launch images:alpine/3.8 <container_name>
我启动了一个图像。
SSL 密钥/证书生成
$ openssl genrsa 2048 > client.key
$ openssl req -new -key client.key > client.csr
$ openssl x509 -days 3650 -req -signkey client.key < client.csr > client.crt
$ openssl pkcs12 -export -in client.crt -inkey client.key -out client.p12
将 client.p12 带到客户端 PC。
我注册了 SSL 证书
$ sudo lxc config trust add client.key
源代码
入口点在这里。我正在调用 exec API。(wait-for-websocket 为真)
解析 Exec API 的结果是Here。我认为 WebSocket 的 URI 没有错。
打开 ClientWebSocket 就在这里。在 .Net Framework 上,WebSocket 在有/没有证书的情况下都能很好地工作。
抛出的异常
System.AggregateException
HResult=0x80131500
Message=One or more errors occurred. (Unable to connect to the remote server)
Source=System.Private.CoreLib
Stack Trace:
at System.Threading.Tasks.Task.Wait(Int32 millisecondsTimeout, CancellationToken cancellationToken) in Task.cs:line 2840
at System.Threading.Tasks.Task.Wait() in Task.cs:line 2706
at lxd_dotnet_websocket_test.Program.Main(String[] args) in lxd-dotnet-websocket-test\Program.cs:line 20
Inner Exception 1:
System.Net.WebSockets.WebSocketException: Unable to connect to the remote server
HResult=-2147467259
Stack Trace:
at System.Net.WebSockets.WebSocketHandle.ConnectAsyncCore(Uri uri, CancellationToken cancellationToken, ClientWebSocketOptions options)
at System.Net.WebSockets.ClientWebSocket.ConnectAsyncCore(Uri uri, CancellationToken cancellationToken)
at LXD.ClientWebSocketExtensions.CreateAndConnectAsync(String url, API API) in .\libs\LXD\Util\ClientWebSocketExtensions.cs:line 19
at LXD.Domain.Container.ContainerExecResult.ContainerExecResultWithWebSockets.TestCreate(API API, ContainerExec exec, JToken response, String operationUrl) in .\libs\LXD\Domain\Container.cs:line 228
Inner Exception 2:
System.Net.Http.HttpRequestException: The SSL connection could not be established, see inner exception.
HResult=-2146233087
Stack Trace:
at System.Net.Http.ConnectHelper.EstablishSslConnectionAsyncCore(Stream stream, SslClientAuthenticationOptions sslOptions, CancellationToken cancellationToken)
at System.Threading.Tasks.ValueTask`1.get_Result()
at System.Net.Http.HttpConnectionPool.CreateConnectionAsync(HttpRequestMessage request, CancellationToken cancellationToken)
at System.Threading.Tasks.ValueTask`1.get_Result()
at System.Net.Http.HttpConnectionPool.WaitForCreatedConnectionAsync(ValueTask`1 creationTask)
at System.Threading.Tasks.ValueTask`1.get_Result()
at System.Net.Http.HttpConnectionPool.SendWithRetryAsync(HttpRequestMessage request, Boolean doRequestAuth, CancellationToken cancellationToken)
at System.Net.Http.RedirectHandler.SendAsync(HttpRequestMessage request, CancellationToken cancellationToken)
at System.Net.WebSockets.WebSocketHandle.ConnectAsyncCore(Uri uri, CancellationToken cancellationToken, ClientWebSocketOptions options)
Inner Exception 3:
AuthenticationException: The remote certificate is invalid according to the validation procedure.
HResult=-2146233087
Stack Trace:
at System.Net.Security.SslState.StartSendAuthResetSignal(ProtocolToken message, AsyncProtocolRequest asyncRequest, ExceptionDispatchInfo exception)
at System.Net.Security.SslState.CheckCompletionBeforeNextReceive(ProtocolToken message, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.ProcessReceivedBlob(Byte[] buffer, Int32 count, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.StartReadFrame(Byte[] buffer, Int32 readBytes, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.StartReceiveBlob(Byte[] buffer, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.CheckCompletionBeforeNextReceive(ProtocolToken message, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.ProcessReceivedBlob(Byte[] buffer, Int32 count, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.StartReadFrame(Byte[] buffer, Int32 readBytes, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.StartReceiveBlob(Byte[] buffer, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.CheckCompletionBeforeNextReceive(ProtocolToken message, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.ProcessReceivedBlob(Byte[] buffer, Int32 count, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.StartReadFrame(Byte[] buffer, Int32 readBytes, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.PartialFrameCallback(AsyncProtocolRequest asyncRequest)
--- End of stack trace from previous location where exception was thrown ---
at System.Net.Security.SslState.ThrowIfExceptional()
at System.Net.Security.SslState.InternalEndProcessAuthentication(LazyAsyncResult lazyResult)
at System.Net.Security.SslState.EndProcessAuthentication(IAsyncResult result)
at System.Net.Security.SslStream.EndAuthenticateAsClient(IAsyncResult asyncResult)
at System.Net.Security.SslStream.<>c.<AuthenticateAsClientAsync>b__47_1(IAsyncResult iar)
at System.Threading.Tasks.TaskFactory`1.FromAsyncCoreLogic(IAsyncResult iar, Func`2 endFunction, Action`1 endAction, Task`1 promise, Boolean requiresSynchronization)
--- End of stack trace from previous location where exception was thrown ---
at System.Net.Http.ConnectHelper.EstablishSslConnectionAsyncCore(Stream stream, SslClientAuthenticationOptions sslOptions, CancellationToken cancellationToken)
我是 StackOverflow 的初学者。如果我的问题或我的英语不好,请告诉我。
解决方案
.Net Framework 不会检查 WebSocket 中使用的证书是否可信,但 .Net Core 会。我无法从 Exception 中获得解决方法,因此我使用 PerfView进行了调查。
怎么解决
我安装了 LXD 的服务器证书。将 server.crt 文件 (/var/lxd/server.crt) 带到客户端 PC,然后作为受信任的根证书安装。
请阅读如何安装:Windows、Linux
推荐阅读
- c - 为什么输出显示 3 1 3 任何人都可以在 C 中帮助我
- python-3.x - 初始响应不包含 CustomField Django 的值
- git - 尝试提交文件时如何提供某个 git commit Id?
- c# - Http隧道不适用于某些网站
- flutter - 如何解决flutter中的api响应数据类型aiisgning问题?
- angular - Angular上的Keycloak - 加载时没有得到正确的状态
- ruby-on-rails - 使用旧数据库连接信息的 Rails 登台服务器
- mysql - 如何编写 where 子句以动态获取上个月某个日期和当前月份某个日期之间的日期?
- etl - 根据 pentaho 中的日期插入新记录
- javascript - (Vuejs)添加喜欢和删除喜欢不起作用