I have a WCF service application that is supposed to connect to another server X to retrieve data. When server X is configured with one-way SSL, the WCF service application is able to connect to it without problem. But when server X is configured with two-way SSL, the WCF service application will have problem connecting to it.
The WCF service application uses a self-signed certificate. This certificate was exported without private key into a .cer file, and imported into server X's trust store. The same exported certificate was used in the WCF service application's codes:
string URL = "https://11.205.112.49:5311/Ping";
HttpWebRequest Request = (HttpWebRequest)WebRequest.Create(URL);
X509Certificate2 Certificate = new X509Certificate2("F:\\cert.cer");
Request.ClientCertificates.Add(Certificate);
Request.Method = "GET";
HttpWebResponse Response = (HttpWebResponse)Request.GetResponse();
The last line of the codes above will throw WebException with the following message:
The request was aborted: Could not create SSL/TLS secure channel.
The above error does not provide much details.
Help is appreciate.
Thanks in advance.
EDIT:
This is my entire program:
using System.Net;
using System.Security.Cryptography.X509Certificates;
using System.IO;
namespace TestTwoWaySSL
{
class Program
{
static void Main(string[] args)
{
HttpWebResponse Response = null;
try
{
string URL = "https://11.205.112.49:5311/Ping";
Console.WriteLine("URL: [{0}].", URL);
HttpWebRequest Request = (HttpWebRequest)WebRequest.Create(URL);
X509Certificate2 Certificate = new X509Certificate2("F:\\cert.pfx", "password");
Request.ClientCertificates.Add(Certificate);
Request.Method = "GET";
Console.WriteLine("Sending request.");
Response = (HttpWebResponse)Request.GetResponse();
Console.WriteLine("Request sent.");
}
catch (WebException webException)
{
Console.WriteLine("Web exception occurred: [{0}].", webException.Message);
Console.WriteLine(webException.StackTrace);
Response = webException.Response as HttpWebResponse;
}
catch (Exception exception)
{
Console.WriteLine("Exception occurred: [{0}].", exception.Message);
Console.WriteLine(exception.StackTrace);
}
Console.WriteLine("Response status code: [{0}].", Response.StatusCode);
Console.WriteLine("Response \"Content-Type\" header value: [{0}].", Response.ContentType);
Console.WriteLine("Response \"Content-Length\" header value: [{0}].", Response.ContentLength);
String ResponseMessageBody = new StreamReader(Response.GetResponseStream()).ReadToEnd();
Console.WriteLine("Response message body: [{0}].", ResponseMessageBody);
}
}
}
When it reaches the line Request.GetResponse(), an AccessVioationException is thrown:
Unhandled Exception: System.AccessViolationException: Attempted to read or write
protected memory. This is often an indication that other memory is corrupt.
at System.Net.UnsafeNclNativeMethods.SafeNetHandles_SECURITY.AcquireCredentialsHandleW(String principal, String moduleName, Int32 usage, Void* logonID, SecureCredential& authData, Void* keyCallback, Void* keyArgument, SSPIHandle& handlePtr, Int64& timeStamp)
at System.Net.SafeFreeCredentials.AcquireCredentialsHandle(SecurDll dll, String package, CredentialUse intent, SecureCredential& authdata, SafeFreeCredentials& outCredential)
at System.Net.SSPISecureChannelType.AcquireCredentialsHandle(String moduleName, CredentialUse usage, SecureCredential& authdata, SafeFreeCredentials& outCredential)
at System.Net.SSPIWrapper.AcquireCredentialsHandle(SSPIInterface SecModule, String package, CredentialUse intent, SecureCredential scc)
at System.Net.Security.SecureChannel.AcquireCredentialsHandle(CredentialUse credUsage, SecureCredential& secureCredential)
at System.Net.Security.SecureChannel.AcquireClientCredentials(Byte[]& thumbPrint)
at System.Net.Security.SecureChannel.GenerateToken(Byte[] input, Int32 offset, Int32 count, Byte[]& output)
at System.Net.Security.SecureChannel.NextMessage(Byte[] incoming, Int32 offset, Int32 count)
at System.Net.Security.SslState.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.ProcessReceivedBlob(Byte[] buffer, Int32 count, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.StartReadFrame(Byte[] buffer, Int32 readBytes, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.StartReceiveBlob(Byte[] buffer, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.CheckCompletionBeforeNextReceive(ProtocolToken message, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.ForceAuthentication(Boolean receiveFirst, Byte[] buffer, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.ProcessAuthentication(LazyAsyncResult lazyResult)
at System.Net.TlsStream.CallProcessAuthentication(Object state)
at System.Threading.ExecutionContext.RunInternal(ExecutionContext executionContext, ContextCallback callback, Object state, Boolean preserveSyncCtx)
at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state, Boolean preserveSyncCtx)
at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state)
at System.Net.TlsStream.ProcessAuthentication(LazyAsyncResult result)
at System.Net.TlsStream.Write(Byte[] buffer, Int32 offset, Int32 size)
at System.Net.PooledStream.Write(Byte[] buffer, Int32 offset, Int32 size)
at System.Net.ConnectStream.WriteHeaders(Boolean async)
at System.Net.HttpWebRequest.EndSubmitRequest()
at System.Net.HttpWebRequest.SetRequestSubmitDone(ConnectStream submitStream)
at System.Net.Connection.CompleteConnection(Boolean async, HttpWebRequest request)
at System.Net.Connection.CompleteStartConnection(Boolean async, HttpWebRequest httpWebRequest)
at System.Net.Connection.CompleteStartRequest(Boolean onSubmitThread, HttpWebRequest request, TriState needReConnect)
at System.Net.Connection.SubmitRequest(HttpWebRequest request, Boolean forcedsubmit)
at System.Net.ServicePoint.SubmitRequest(HttpWebRequest request, String connName)
at System.Net.HttpWebRequest.SubmitRequest(ServicePoint servicePoint)
at System.Net.HttpWebRequest.GetResponse()
at TestTwoWaySSL.Program.Main(String[] args)
The problem is that you are missing private key. You are using only the certificate.
Either use pkcs#12 when loading certificate into X509Certificate2 class
X509Certificate2 Certificate = new X509Certificate2("F:\\cert.p12", "p12 password");
or load certificate from store
X509Store store = new X509Store("MY",StoreLocation.CurrentUser);
store.Open(OpenFlags.ReadOnly | OpenFlags.OpenExistingOnly);
X509Certificate2Collection collection = (X509Certificate2Collection)store.Certificates;
X509Certificate2 certificate = collection.Find(...)[0];
store.Close();
Related
I am using asp.net-core-webapi and I am also using iTextSharp to create pdf in memory steam.
[Route("preview/{Id}")]
[System.Web.Http.HttpGet]
public async Task<IActionResult> PreviewSpecSheet(int Id)
{
FileStreamResult fsr;
Document document = new Document(PageSize.A4, 25, 25, 30, 30);
using (MemoryStream ms = new MemoryStream())
{
using (PdfWriter writer = PdfWriter.GetInstance(document, ms))
{
//PdfWriter writer = PdfWriter.GetInstance(document, ms);
document.Open();
//header Image
iTextSharp.text.Image headerImg = iTextSharp.text.Image.GetInstance("D:\\go2\\Pixelle\\specsheet\\pixservice\\assets\\header.jpg");
headerImg.SetAbsolutePosition(0, 750);
headerImg.ScaleAbsolute(500f, 100.00f);
document.Add(headerImg);
fsr = File(ms, "application/pdf", "test.pdf");
return fsr;
}
}
}
I am getting following error :
System.ObjectDisposedException: Cannot access a disposed object.
Object name: 'Cannot access a closed file.'.
at System.IO.FileStream.BeginRead(Byte[] array, Int32 offset, Int32 numBytes, AsyncCallback callback, Object state)
at System.IO.Stream.<>c.<BeginEndReadAsync>b__48_0(Stream stream, ReadWriteParameters args, AsyncCallback callback, Object state)
at System.Threading.Tasks.TaskFactory`1.FromAsyncTrim[TInstance,TArgs](TInstance thisRef, TArgs args, Func`5 beginMethod, Func`3 endMethod)
at System.IO.Stream.BeginEndReadAsync(Byte[] buffer, Int32 offset, Int32 count)
at System.IO.FileStream.ReadAsync(Byte[] buffer, Int32 offset, Int32 count, CancellationToken cancellationToken)
at Microsoft.AspNetCore.Http.StreamCopyOperationInternal.CopyToAsync(Stream source, Stream destination, Nullable`1 count, Int32 bufferSize, CancellationToken cancel)
at Microsoft.AspNetCore.Mvc.Infrastructure.FileResultExecutorBase.WriteFileAsync(HttpContext context, Stream fileStream, RangeItemHeaderValue range, Int64 rangeLength)
at Microsoft.AspNetCore.Mvc.Infrastructure.FileStreamResultExecutor.ExecuteAsync(ActionContext context, FileStreamResult result)
at Microsoft.AspNetCore.Mvc.Infrastructure.ResourceInvoker.<InvokeResultAsync>g__Logged|21_0(ResourceInvoker invoker, IActionResult result)
at Microsoft.AspNetCore.Mvc.Infrastructure.ResourceInvoker.<InvokeNextResultFilterAsync>g__Awaited|29_0[TFilter,TFilterAsync](ResourceInvoker invoker, Task lastTask, State next, Scope scope, Object state, Boolean isCompleted)
at Microsoft.AspNetCore.Mvc.Infrastructure.ResourceInvoker.Rethrow(ResultExecutedContextSealed context)
at Microsoft.AspNetCore.Mvc.Infrastructure.ResourceInvoker.ResultNext[TFilter,TFilterAsync](State& next, Scope& scope, Object& state, Boolean& isCompleted)
at Microsoft.AspNetCore.Mvc.Infrastructure.ResourceInvoker.InvokeResultFilters()
--- End of stack trace from previous location where exception was thrown ---
at Microsoft.AspNetCore.Mvc.Infrastructure.ResourceInvoker.<InvokeFilterPipelineAsync>g__Awaited|19_0(ResourceInvoker invoker, Task lastTask, State next, Scope scope, Object state, Boolean isCompleted)
at Microsoft.AspNetCore.Mvc.Infrastructure.ResourceInvoker.<InvokeAsync>g__Logged|17_1(ResourceInvoker invoker)
at Microsoft.AspNetCore.Routing.EndpointMiddleware.<Invoke>g__AwaitRequestTask|6_0(Endpoint endpoint, Task requestTask, ILogger logger)
at Microsoft.AspNetCore.Authorization.AuthorizationMiddleware.Invoke(HttpContext context)
at Microsoft.AspNetCore.Diagnostics.DeveloperExceptionPageMiddleware.Invoke(HttpContext context)
Edited after apply comment solution :
If I remove using its working fine but when I am using
document.Close();
writer.Close();
before fsr = File(ms, "application/pdf", "test.pdf"); its again same error and if I dont close the document and writer , downloaded pdf is in corrupt format , not able to open.
Okay, So I am able to figure this out what was the issue.
In original code issue was using block , as already mentioned in comments section.
But when I removed using still facing issue of stream closing when I close document and writer .
and the reason is The PdfWriter class may be closing your stream. Make sure to set the CloseStream property to false.
so I set writer CloseStream property to false , just after declare.
PdfWriter writer = PdfWriter.GetInstance(document, ms);
writer.CloseStream = false;
and its worked.
[Route("preview/{Id}")]
[System.Web.Http.HttpGet]
public async Task<IActionResult> PreviewSpecSheet(int Id)
{
FileStreamResult fsr;
Document document = new Document(PageSize.A4, 25, 25, 30, 30);
MemoryStream ms = new MemoryStream();
PdfWriter writer = PdfWriter.GetInstance(document, ms);
writer.CloseStream = false;
document.Open();
//header Image
iTextSharp.text.Image headerImg = iTextSharp.text.Image.GetInstance("D:\\go2\\Pixelle\\specsheet\\pixservice\\assets\\header.jpg");
headerImg.SetAbsolutePosition(0, 750);
headerImg.ScaleAbsolute(500f, 100.00f);
document.Add(headerImg);
document.Close();
writer.Close();
ms.Position = 0;
fsr = File(ms, "application/pdf", "test.pdf");
return fsr;
}
I am trying to send a large file using FileStreamResult -
return new UnbufferedFileStreamResult(new FileStream(apiResponse.url, FileMode.Open, FileAccess.Read), "text/csv") { FileDownloadName = new FileInfo(apiResponse.url).Name };
The UnbufferedFileStreamResult is:
public class UnbufferedFileStreamResult : FileStreamResult {
public UnbufferedFileStreamResult(Stream fileStream, string contentType) : base(fileStream, contentType) {
}
public override void ExecuteResult(ActionContext context) {
context.HttpContext.DisableOutputBuffering();
base.ExecuteResult(context);
}
}
This seems to work for files up to a certain size, but if they get too big I get the following exception:
System.IO.IOException: Stream was too long.
at System.IO.MemoryStream.Write(Byte[] buffer, Int32 offset, Int32 count)
at System.IO.MemoryStream.WriteAsync(Byte[] buffer, Int32 offset, Int32 count, CancellationToken cancellationToken)
--- End of stack trace from previous location where exception was thrown ---
at Microsoft.AspNetCore.Http.Extensions.StreamCopyOperation.CopyToAsync(Stream source, Stream destination, Nullable`1 count, Int32 bufferSize, CancellationToken cancel)
at Microsoft.AspNetCore.Mvc.Infrastructure.FileResultExecutorBase.WriteFileAsync(HttpContext context, Stream fileStream, RangeItemHeaderValue range, Int64 rangeLength)
at Microsoft.AspNetCore.Mvc.Infrastructure.FileStreamResultExecutor.ExecuteAsync(ActionContext context, FileStreamResult result)
at Microsoft.AspNetCore.Mvc.Internal.ResourceInvoker.InvokeResultAsync(IActionResult result)
at Microsoft.AspNetCore.Mvc.Internal.ResourceInvoker.InvokeNextResultFilterAsync[TFilter,TFilterAsync]()
at Microsoft.AspNetCore.Mvc.Internal.ResourceInvoker.Rethrow(ResultExecutedContext context)
at Microsoft.AspNetCore.Mvc.Internal.ResourceInvoker.ResultNext[TFilter,TFilterAsync](State& next, Scope& scope, O
So it appears that FileStreamResultExecutorBase is copying my file stream into a memory stream before it goes to the http output stream. My questions are 1) why is it doing this, 2) how can I prevent this behavior, and 3) are there implementations of results like FileStreamResult that can read directly from the input stream to the output stream without copying to memory first?
I have problem sending jwt token too a wcf service.
Have followed this and it almost works.
Delivering a JWT SecurityToken to a WCF client
So i send a GenericXmlSecurityToken as in the link above.
And have created the following handler:
public class CustomJwtSecurityTokenHandler : JwtSecurityTokenHandler
{
public override ReadOnlyCollection<ClaimsIdentity> ValidateToken(SecurityToken token)
{
var jwtToken = (JwtSecurityToken)(token);
SecurityToken securityToken;
var principal = ValidateToken(jwtToken.RawData, new TokenValidationParameters(), out securityToken);
var collection = new ReadOnlyCollection<ClaimsIdentity>(principal.Identities.ToList());
return collection;
}
public override ClaimsPrincipal ValidateToken(string jwt, TokenValidationParameters validationParameters, out SecurityToken token)
{
validationParameters.ValidateAudience = false;
validationParameters.ValidateIssuer = false;
var certificateBytes = Convert.FromBase64String("long text...");
validationParameters.IssuerSigningKey = new X509SecurityKey(new X509Certificate2(certificateBytes));
return base.ValidateToken(jwt, validationParameters, out token);
}
}
So far everything works the token validates, but after this something happens.
The server throws
System.ServiceModel.Security.MessageSecurityException : Message security verification failed. System.IndexOutOfRangeException: The index was outside the bounds of the array.
StackTrace of innerexception
<StackTrace>
at System.Xml.XmlBufferReader.GetChars(Int32 offset, Int32 length, Char[] chars)
at System.Xml.XmlBufferReader.GetString(Int32 offset, Int32 length)
at System.Xml.StringHandle.GetString()
at System.Xml.XmlBaseReader.ReadEndElement()
at System.ServiceModel.Security.ReceiveSecurityHeader.ExecuteFullPass(XmlDictionaryReader reader)
at System.ServiceModel.Security.ReceiveSecurityHeader.Process(TimeSpan timeout, ChannelBinding channelBinding, ExtendedProtectionPolicy extendedProtectionPolicy)
at System.ServiceModel.Security.TransportSecurityProtocol.VerifyIncomingMessageCore(Message& message, TimeSpan timeout)
at System.ServiceModel.Security.TransportSecurityProtocol.VerifyIncomingMessage(Message& message, TimeSpan timeout)
</StackTrace>
This might be an issue in WCF.
See: How to use JWT tokens with WCF and WIF?
A potential workaround might be to transport the JWT as a claim in a GenericXmlSecurityToken, as proposed by http://leastprivilege.com/2015/07/02/give-your-wcf-security-architecture-a-makeover-with-identityserver3/
I am calling this from a silverlight app:
// docs at: http://developers.facebook.com/docs/reference/api/post
var client = new FacebookClient(_token);
dynamic parameters = new ExpandoObject();
parameters.message = title;
parameters.link = linkUrl;
parameters.picture = imageUrl;
parameters.name = name;
parameters.caption = promptTitle;
parameters.description = description;
parameters.privacy = new
{
value = "ALL_FRIENDS",
};
client.PostAsync("me/feed", parameters);
This generates the following error:
Attempt by security transparent method 'SimpleJson.Reflection.CacheResolver.CreateDynamicMethod(System.String, System.Type, System.Type[], System.Type)' to access security critical method 'System.Reflection.Emit.DynamicMethod..ctor(System.String, System.Type, System.Type[], System.Type, Boolean)' failed.
-- more: --
{System.MethodAccessException: Attempt by security transparent method 'SimpleJson.Reflection.CacheResolver.CreateDynamicMethod(System.String, System.Type, System.Type[], System.Type)' to access security critical method 'System.Reflection.Emit.DynamicMethod..ctor(System.String, System.Type, System.Type[], System.Type, Boolean)' failed.
at SimpleJson.Reflection.CacheResolver.CreateDynamicMethod(String name, Type returnType, Type[] parameterTypes, Type owner)
at SimpleJson.Reflection.CacheResolver.CreateGetHandler(PropertyInfo propertyInfo)
at SimpleJson.Reflection.CacheResolver.MemberMap..ctor(PropertyInfo propertyInfo)
at SimpleJson.PocoJsonSerializerStrategy.BuildMap(Type type, SafeDictionary2 memberMaps)
at SimpleJson.DataContractJsonSerializerStrategy.BuildMap(Type type, SafeDictionary2 map)
at SimpleJson.Reflection.CacheResolver.LoadMaps(Type type)
at SimpleJson.PocoJsonSerializerStrategy.TrySerializeUnknownTypes(Object input, Object& output)
at SimpleJson.PocoJsonSerializerStrategy.SerializeNonPrimitiveObject(Object input, Object& output)
at SimpleJson.SimpleJson.SerializeValue(IJsonSerializerStrategy jsonSerializerStrategy, Object value, StringBuilder builder)
at SimpleJson.SimpleJson.SerializeObject(Object json, IJsonSerializerStrategy jsonSerializerStrategy)
at SimpleJson.SimpleJson.SerializeObject(Object json)
at Facebook.JsonSerializer.SimpleJsonSerializer.SerializeObject(Object obj)
at Facebook.FacebookUtils.ToJsonQueryString(IDictionary2 dictionary)
at Facebook.FacebookClient.BuildRequestData(Uri uri, IDictionary2 parameters, HttpMethod httpMethod, Uri& requestUrl, String& contentType)
at Facebook.FacebookClient.BuildRequestData(String path, IDictionary2 parameters, HttpMethod method, Uri& requestUrl, String& contentType)
at Facebook.FacebookClient.ApiAsync(String path, IDictionary2 parameters, HttpMethod httpMethod, Object userToken)
at Facebook.FacebookClient.PostAsync(String path, IDictionary2 parameters, Object userToken)
at Facebook.FacebookClient.PostAsync(String path, IDictionary2 parameters)
at CallSite.Target(Closure , CallSite , FacebookClient , String , Object )
at System.Dynamic.UpdateDelegates.UpdateAndExecuteVoid3[T0,T1,T2](CallSite site, T0 arg0, T1 arg1, T2 arg2)
was a bug with the sdk at that time. has been fixed since.
I have occasional exception when reading / storing objects with Amazon S3 from asp.net application.
Exception says:
Unable to read data from the transport connection: A blocking operation was interrupted by a call to WSACancelBlockingCall. A blocking operation was interrupted by a call to WSACancelBlockingCall
at System.Net.Sockets.Socket.Receive(Byte[] buffer, Int32 offset, Int32 size, SocketFlags socketFlags)
at System.Net.Sockets.NetworkStream.Read(Byte[] buffer, Int32 offset, Int32 size)
Any ideas about how I can locate what is reason of this error?
here is my read function:
public Image GetImage(string fullKey, out string errorMessage)
{
errorMessage = null;
try
{
GetObjectResponse response = s3Client.GetObject(new GetObjectRequest()
{
BucketName = BucketName,
Key = fullKey,
Timeout = ImportTimeout
});
return Image.FromStream(response.ResponseStream);
}
catch (Exception e)
{
errorMessage = e.Message;
Log.Current.WriteError(e);
}
return null;
}
s3Client is initialised in constructor of this class:
s3Client = AWSClientFactory.CreateAmazonS3Client(AWSAccessKey, AWSSecretKey);
According to aws documentation it is correct to wrap call to GetObject with using:
http://docs.amazonwebservices.com/sdkfornet/latest/apidocs/html/M_Amazon_S3_AmazonS3_GetObject.htm
This eliminates all exceptions related to GetObject method