如何添加SSL到使用.NET应用程序的HttpListener

本文介绍了如何添加SSL到使用.NET应用程序的HttpListener - 它将*不*被运行在IIS的处理方法，对大家解决问题具有一定的参考价值，需要的朋友们下面随着小编来一起学习吧！ 问题描述

最近编辑在粗体 我现在用的是.NET 的HttpListener 类，但我不会在IIS上运行，而不是使用ASP我。这网站介绍了code实际使用来实现SSL与asp和本网站描述了如何设置证书（虽然我不知道，如果它仅适用于IIS与否）。

Most recent edits in bold I am using the HttpListener class, but I'm won't be running on IIS and am not using ASP. This web site describes what code to actual use to implement SSL with asp and this site describes how to set up the certificates (although I'm not sure if it works only for IIS or not).

类文档描述了不同类型的身份验证（基本，消化，Windows等）---没有人指SSL。它说，如果使用HTTPS，您将需要设置一个服务器证书的。难道这将是一个行属性设置和的HttpListener 计算出的休息吗？

The class documentation describes various types of authentication (basic, digest, Windows, etc.) --- none of them refer to SSL. It does say that if HTTPS is used, you will need to set a server certificate. Is this going to be a one line property setting and HttpListener figures out the rest?

总之，我需要知道如何设置的证书，以及如何修改code实现SSL。

In short, I need to know how to set up the certificates and how to modify the code to implement SSL.

尽管当我试图访问HTTPS不会发生，我也注意到在我的系统事件日志中的错误 - 源是Schannel中的消息的内容是：

Although it doesn't occur when I'm trying to access HTTPS, I did notice an error in my System Event log - the source is "Schannel" and the content of the message is:

尝试时出现了严重错误   访问SSL服务器证书   私钥。错误code返回   从加密模块是   0x80090016。

A fatal error occurred when attempting to access the SSL server credential private key. The error code returned from the cryptographic module is 0x80090016.

编辑： 步骤迄今所采取

• 创建一个在C＃中的作品，对HTTP连接工作的HttpListener（如的http：//本地主机：8089 /文件夹名/
• 在创建使用makecert.exe证书
• 添加到使用certmgr.exe被信任的证书
• 二手Httpcfg.exe监听测试端口（例如8090）
在SSL连接
• 新增通过监听器prefixes.Add端口8080到的HttpListener（的https：//本地主机：8090 /文件夹名/ ）;
• 在测试HTTP客户端连接，例如（的http：//本地主机：8089 /文件夹名/ ）在浏览器和接收正确的返回
• 在测试的HTTPS客户端连接，例如（的http：//本地主机：8090 /文件夹名/ ）在浏览器和接收数据传输中断（在Firefox）
• 调试在Visual Studio中显示，接收请求从未监听回调被击中的HTTPS连接启动的时候 - 我不明白，我可以设置一个断点赶上别的较早任何地方
。
• netstat的显示，监听端口是开放的HTTPS和HTTP。 HTTPS端口并进入TIME_WAIT尝试建立连接后。
• 提琴手和的 HTTPAnalyzer 没有发现任何的流量，我想这没有得到足够在此过程中展现出来的这些HTTP分析工具

• Created a working HTTPListener in C# that works for HTTP connections (e.g. "localhost:8089/foldername/"
• Created a certificate using makecert.exe
• Added the certificate to be trusted using certmgr.exe
• Used Httpcfg.exe to listen for SSL connections on a test port (e.g. 8090)
• Added port 8080 to the HTTPListener via listener.Prefixes.Add(localhost:8090/foldername/");
• tested an HTTP client connection, e.g. (localhost:8089/foldername/") in a browser and receive correct return
• tested an HTTPS client connection, e.g. (localhost:8090/foldername/") in a browser and receive "Data Transfer Interrupted" (in Firefox)
• debugging in visual studio shows that the listener callback that receives the requests never gets hit when the HTTPS connection starts - I don't see any place that I could set a breakpoint to catch anything else earlier.
• netstat shows that listening ports are open for both HTTPS and HTTP. the HTTPS port does go to TIME_WAIT after a connection is attempted.
• Fiddler and HTTPAnalyzer don't catch any of the traffic, I guess it doesn't get far enough in the process to show up in those HTTP analysis tools

问题

• 还有什么问题呢？
• 有一块净code我很想念（这意味着我必须做更多的在C＃以外只需添加一个preFIX为指向HTTPS监听器，这是我做了什么）
• 在有未接配置步骤的地方？
• 还有什么可能我做的分析问题？
• 是系统事件的错误信息记录问题的一个标志？如果是的话会是怎样修复？

推荐答案

我有一个类似的问题，而且似乎有可能是一个问题，证书本身。

I have a similar problem, and it seems that there could be a problem with certificate itself.

下面是为我工作的路径：

Here's the path that worked for me:

makecert.exe -r -a sha1 -n CN=localhost -sky exchange -pe -b 01/01/2000 -e 01/01/2050 -ss my -sr localmachine

再看看证书指纹，将其复制到剪贴板，删除空格。 -h在下一命令后，这将是一个参数：

then look up certificate thumbprint, copy it to the clipboard and remove spaces. This will be a parameter after -h in the next command:

HttpCfg.exe set ssl -i 0.0.0.0:801 -h 35c65fd4853f49552471d2226e03dd10b7a11755

然后在HTTPS运行服务的主机：//本地主机：801 /和它完美的作品

then run a service host on localhost:801/ and it works perfectly.

我不能让工作是HTTPS对自我生成的证书运行。这里的code我运行生成一个（错误处理取出来的清晰度）：

what I cannot make work is for https to run on self-generated certificate. Here's the code I run to generate one (error handling taken out for clarity):

LPCTSTR pszX500 = subject; DWORD cbEncoded = 0; CertStrToName(X509_ASN_ENCODING, pszX500, CERT_X500_NAME_STR, NULL, pbEncoded, &cbEncoded, NULL); pbEncoded = (BYTE *)malloc(cbEncoded); CertStrToName(X509_ASN_ENCODING, pszX500, CERT_X500_NAME_STR, NULL, pbEncoded, &cbEncoded, NULL); // Prepare certificate Subject for self-signed certificate CERT_NAME_BLOB SubjectIssuerBlob; memset(&SubjectIssuerBlob, 0, sizeof(SubjectIssuerBlob)); SubjectIssuerBlob.cbData = cbEncoded; SubjectIssuerBlob.pbData = pbEncoded; // Prepare key provider structure for self-signed certificate CRYPT_KEY_PROV_INFO KeyProvInfo; memset(&KeyProvInfo, 0, sizeof(KeyProvInfo)); KeyProvInfo.pwszContainerName = _T("my-container"); KeyProvInfo.pwszProvName = NULL; KeyProvInfo.dwProvType = PROV_RSA_FULL; KeyProvInfo.dwFlags = CRYPT_MACHINE_KEYSET; KeyProvInfo.cProvParam = 0; KeyProvInfo.rgProvParam = NULL; KeyProvInfo.dwKeySpec = AT_SIGNATURE; // Prepare algorithm structure for self-signed certificate CRYPT_ALGORITHM_IDENTIFIER SignatureAlgorithm; memset(&SignatureAlgorithm, 0, sizeof(SignatureAlgorithm)); SignatureAlgorithm.pszObjId = szOID_RSA_SHA1RSA; // Prepare Expiration date for self-signed certificate SYSTEMTIME EndTime; GetSystemTime(&EndTime); EndTime.wYear += 5; // Create self-signed certificate pCertContext = CertCreateSelfSignCertificate(NULL, &SubjectIssuerBlob, 0, &KeyProvInfo, &SignatureAlgorithm, 0, &EndTime, 0); hStore = CertOpenStore(CERT_STORE_PROV_SYSTEM, 0, 0, CERT_SYSTEM_STORE_LOCAL_MACHINE, L"MY"); CertAddCertificateContextToStore(hStore, pCertContext, CERT_STORE_ADD_REPLACE_EXISTING, 0);

证书显示精细，它有一个工作私钥，但HTTPS会超时，如果指纹从来没有登记。如果有谁知道这是为什么 - 嘿评论

Certificate shows fine and it has a working private key, but https will timeout as if thumbprint was never registered. If anyone knows why - plz comment

EDIT1 ：经过一番摆弄，我已经找到了初始化CertCreateSelfSignCertificate产生正确的证书：

EDIT1: After some playing around, I have found the initialization for CertCreateSelfSignCertificate which generates proper certificate:

CRYPT_KEY_PROV_INFO KeyProvInfo; memset(&KeyProvInfo, 0, sizeof(KeyProvInfo)); KeyProvInfo.pwszContainerName = _T("my-container"); KeyProvInfo.pwszProvName = _T("Microsoft RSA SChannel Cryptographic Provider"); KeyProvInfo.dwProvType = PROV_RSA_SCHANNEL; KeyProvInfo.dwFlags = CRYPT_MACHINE_KEYSET; KeyProvInfo.cProvParam = 0; KeyProvInfo.rgProvParam = NULL; KeyProvInfo.dwKeySpec = AT_KEYEXCHANGE;