3

我正在使用新的 Windows Server Service Bus 1.0 Beta 开始一个新项目的工作。我正在尝试在 AWS EC2 虚拟机上设置测试环境。

我已经在 AWS EC2 上运行的 Windows Server 2008 R2 实例上安装了服务总线,并根据 MSDN 文档中的示例设置了新的农场、容器和主机。我在服务器上打开了所有正确的端口(4443 和 9354)。我还按照 [this page][1] 中的说明将自行生成的证书导出到我的客户端计算机上。

我有一个非常简单的 C# 程序,它创建一个队列、对消息进行排队并接收它。当我将可执行文件复制到 VM 并在那里运行时,该程序运行良好,因此我相信我正确使用了 API。但是,当我从指向 AWS 服务器的本地开发框运行程序时,我会遇到安全异常。

我的代码如下所示: 

var servername = "X.X.X.X"; // <-- An IP Address, not FQDN
var sbNamespace = "MyNamespace";
var httpPort = 4446;
var tcpPort = 9354;

//create SB uris
var rootAddressManagement = ServiceBusEnvironment.CreatePathBasedServiceUri("sb", sbNamespace, string.Format("{0}:{1}", servername, httpPort));
var rootAddressRuntime = ServiceBusEnvironment.CreatePathBasedServiceUri("sb", sbNamespace, string.Format("{0}:{1}", servername, tcpPort));

var tokenProvider = TokenProvider.CreateWindowsTokenProvider(new List<Uri>() { rootAddressManagement });
var namespaceManager = new NamespaceManager(rootAddressManagement, 
    new NamespaceManagerSettings()
    {
        TokenProvider = tokenProvider
    });
var factory = MessagingFactory.Create(rootAddressRuntime,
    new MessagingFactorySettings()
    {
        TokenProvider = tokenProvider,
        //OperationTimeout = TimeSpan.FromMinutes(30)
    });

if (!namespaceManager.QueueExists("OrderQueue")) <-- EXCEPTION OCCURRS HERE
{
    // Code to create a queue that is never reached.
}

我的异常跟踪如下所示:

[Microsoft.ServiceBus.Messaging.ServiceBusResourceOperations+GetAsyncResult`1[[Microsoft.ServiceBus.Messaging.QueueDescription, Microsoft.ServiceBus, Version=1.6.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35]]] IteratorAsyncResult failed to move to the next step due to an exception; System.UnauthorizedAccessException: The token provider was unable to provide a security token while accessing 'https://107.23.15.5:4446/APIHealthcare/$STS/Windows/'. Token provider returned message: 'The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel.'. ---> System.IdentityModel.Tokens.SecurityTokenException: The token provider was unable to provide a security token while accessing 'https://107.23.15.5:4446/APIHealthcare/$STS/Windows/'. Token provider returned message: 'The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel.'. ---> System.Net.WebException: The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel. ---> System.Security.Authentication.AuthenticationException: The remote certificate is invalid according to the validation procedure.
   at System.Net.Security.SslState.StartSendAuthResetSignal(ProtocolToken message, AsyncProtocolRequest asyncRequest, Exception exception)
   at System.Net.Security.SslState.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslState.ProcessReceivedBlob(Byte[] buffer, Int32 count, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslState.StartReceiveBlob(Byte[] buffer, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslState.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslState.ProcessReceivedBlob(Byte[] buffer, Int32 count, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslState.StartReceiveBlob(Byte[] buffer, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslState.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslState.ProcessReceivedBlob(Byte[] buffer, Int32 count, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslState.StartReceiveBlob(Byte[] buffer, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslState.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslState.ForceAuthentication(Boolean receiveFirst, Byte[] buffer, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslState.ProcessAuthentication(LazyAsyncResult lazyResult)
   at System.Threading.ExecutionContext.RunInternal(ExecutionContext executionContext, ContextCallback callback, Object state, Boolean preserveSyncCtx)
   at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state, Boolean preserveSyncCtx)
   at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state)
   at System.Net.TlsStream.ProcessAuthentication(LazyAsyncResult result)
   at System.Net.TlsStream.Write(Byte[] buffer, Int32 offset, Int32 size)
   at System.Net.PooledStream.Write(Byte[] buffer, Int32 offset, Int32 size)
   at System.Net.ConnectStream.WriteHeaders(Boolean async)
   --- End of inner exception stack trace ---
   at System.Net.HttpWebRequest.GetRequestStream(TransportContext& context)
   at System.Net.HttpWebRequest.GetRequestStream()
   at Microsoft.ServiceBus.TokenProviderHelper.GetWindowsAccessTokenCore(IEnumerator`1 stsUris, Func`2 uriBuilder, String requestToken, TimeSpan timeout, DateTime& expiresIn)
   --- End of inner exception stack trace ---
   at Microsoft.ServiceBus.TokenProviderHelper.ThrowException(Uri requestUri, WebException exception)
   at Microsoft.ServiceBus.TokenProviderHelper.GetWindowsAccessTokenCore(IEnumerator`1 stsUris, Func`2 uriBuilder, String requestToken, TimeSpan timeout, DateTime& expiresIn)
   at Microsoft.ServiceBus.WindowsTokenProvider.OnBeginGetWebToken(String appliesTo, String action, TimeSpan timeout, AsyncCallback callback, Object state)
   at Microsoft.ServiceBus.TokenProvider.GetWebTokenAsyncResult..ctor(TokenProvider tokenProvider, String appliesTo, String action, Boolean bypassCache, TimeSpan timeout, AsyncCallback callback, Object state)
   at Microsoft.ServiceBus.TokenProvider.BeginGetWebToken(String appliesTo, String action, Boolean bypassCache, TimeSpan timeout, AsyncCallback callback, Object state)
   at Microsoft.ServiceBus.TokenProviderUtility.GetMessagingWebToken(ITokenProvider tokenProvider, String appliesTo, String action, Boolean bypassCache, TimeSpan timeout)
   --- End of inner exception stack trace ---
   at Microsoft.ServiceBus.TokenProviderUtility.GetMessagingWebToken(ITokenProvider tokenProvider, String appliesTo, String action, Boolean bypassCache, TimeSpan timeout)
   at Microsoft.ServiceBus.Messaging.HttpWebRequestExtensions.AddAuthorizationHeader(HttpWebRequest request, ITokenProvider tokenProvider, Uri baseAddress, String action)
   at Microsoft.ServiceBus.Messaging.ServiceBusResourceOperations.GetAsyncResult`1.<GetAsyncSteps>d__c.MoveNext()
   at Microsoft.ServiceBus.Messaging.IteratorAsyncResult`1.MoveNextStep()
A first chance exception of type 'System.UnauthorizedAccessException' occurred in Microsoft.ServiceBus.dll
System.UnauthorizedAccessException: The token provider was unable to provide a security token while accessing 'https://107.23.15.5:4446/APIHealthcare/$STS/Windows/'. Token provider returned message: 'The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel.'. ---> System.IdentityModel.Tokens.SecurityTokenException: The token provider was unable to provide a security token while accessing 'https://107.23.15.5:4446/APIHealthcare/$STS/Windows/'. Token provider returned message: 'The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel.'. ---> System.Net.WebException: The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel. ---> System.Security.Authentication.AuthenticationException: The remote certificate is invalid according to the validation procedure.
   at System.Net.Security.SslState.StartSendAuthResetSignal(ProtocolToken message, AsyncProtocolRequest asyncRequest, Exception exception)
   at System.Net.Security.SslState.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslState.ProcessReceivedBlob(Byte[] buffer, Int32 count, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslState.StartReceiveBlob(Byte[] buffer, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslState.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslState.ProcessReceivedBlob(Byte[] buffer, Int32 count, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslState.StartReceiveBlob(Byte[] buffer, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslState.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslState.ProcessReceivedBlob(Byte[] buffer, Int32 count, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslState.StartReceiveBlob(Byte[] buffer, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslState.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslState.ForceAuthentication(Boolean receiveFirst, Byte[] buffer, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslState.ProcessAuthentication(LazyAsyncResult lazyResult)
   at System.Threading.ExecutionContext.RunInternal(ExecutionContext executionContext, ContextCallback callback, Object state, Boolean preserveSyncCtx)
   at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state, Boolean preserveSyncCtx)
   at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state)
   at System.Net.TlsStream.ProcessAuthentication(LazyAsyncResult result)
   at System.Net.TlsStream.Write(Byte[] buffer, Int32 offset, Int32 size)
   at System.Net.PooledStream.Write(Byte[] buffer, Int32 offset, Int32 size)
   at System.Net.ConnectStream.WriteHeaders(Boolean async)
   --- End of inner exception stack trace ---
   at System.Net.HttpWebRequest.GetRequestStream(TransportContext& context)
   at System.Net.HttpWebRequest.GetRequestStream()
   at Microsoft.ServiceBus.TokenProviderHelper.GetWindowsAccessTokenCore(IEnumerator`1 stsUris, Func`2 uriBuilder, String requestToken, TimeSpan timeout, DateTime& expiresIn)
   --- End of inner exception stack trace ---
   at Microsoft.ServiceBus.TokenProviderHelper.ThrowException(Uri requestUri, WebException exception)
   at Microsoft.ServiceBus.TokenProviderHelper.GetWindowsAccessTokenCore(IEnumerator`1 stsUris, Func`2 uriBuilder, String requestToken, TimeSpan timeout, DateTime& expiresIn)
   at Microsoft.ServiceBus.WindowsTokenProvider.OnBeginGetWebToken(String appliesTo, String action, TimeSpan timeout, AsyncCallback callback, Object state)
   at Microsoft.ServiceBus.TokenProvider.GetWebTokenAsyncResult..ctor(TokenProvider tokenProvider, String appliesTo, String action, Boolean bypassCache, TimeSpan timeout, AsyncCallback callback, Object state)
   at Microsoft.ServiceBus.TokenProvider.BeginGetWebToken(String appliesTo, String action, Boolean bypassCache, TimeSpan timeout, AsyncCallback callback, Object state)
   at Microsoft.ServiceBus.TokenProviderUtility.GetMessagingWebToken(ITokenProvider tokenProvider, String appliesTo, String action, Boolean bypassCache, TimeSpan timeout)
   --- End of inner exception stack trace ---

Server stack trace: 
   at Microsoft.ServiceBus.TokenProviderUtility.GetMessagingWebToken(ITokenProvider tokenProvider, String appliesTo, String action, Boolean bypassCache, TimeSpan timeout)
   at Microsoft.ServiceBus.Messaging.HttpWebRequestExtensions.AddAuthorizationHeader(HttpWebRequest request, ITokenProvider tokenProvider, Uri baseAddress, String action)
   at Microsoft.ServiceBus.Messaging.ServiceBusResourceOperations.GetAsyncResult`1.<GetAsyncSteps>d__c.MoveNext()
   at Microsoft.ServiceBus.Messaging.IteratorAsyncResult`1.MoveNextStep()
   at Microsoft.ServiceBus.Messaging.IteratorAsyncResult`1.EnumerateSteps(CurrentThreadType state)
   at Microsoft.ServiceBus.Messaging.IteratorAsyncResult`1.Start()

Exception rethrown at [0]: 
   at Microsoft.ServiceBus.Common.AsyncResult.End[TAsyncResult](IAsyncResult result)
   at Microsoft.ServiceBus.Messaging.IteratorAsyncResult`1.End(IAsyncResult asyncResult)
   at Microsoft.ServiceBus.Messaging.ServiceBusResourceOperations.EndGet[TEntityDescription](IAsyncResult asyncResult)
   at Microsoft.ServiceBus.NamespaceManager.OnEndQueueExists(IAsyncResult result)
   at Microsoft.ServiceBus.NamespaceManager.EndQueueExists(IAsyncResult result)
   at Microsoft.ServiceBus.NamespaceManager.QueueExists(String path)
   at ServiceBusSandbox.ServiceBusSampleApp.CreateAQueue(NamespaceManager namespaceManager) in c:\Users\cent049\Documents\Visual Studio 2012\Projects\ServiceBusSandbox\ServiceBusSandbox\ServiceBusSampleApp.cs:line 15
   at ServiceBusSandbox.ServiceBusSampleApp.Main(String[] args) in c:\Users\cent049\DocumentThe thread 'vshost.RunParkingWindow' (0x2608) has exited with code 0 (0x0).

我有一种预感,问题是我使用虚拟机的 IP 地址而不是 FQDN 进行连接,但是我不知道如何确认,也不知道如何为我的 AWS 服务器获取域名。服务器有一个机器名称,但只是在工作组“WORKGROUP”上,而不是在域上。

任何和所有的帮助将不胜感激。

4

4 回答 4

8

使用 CreateOAuthTokenProvider 而不是 CreateWindowsTokenProvider。

  1. 首先,您需要在机器中创建一个帐户:rootAddressManagement。
  2. 将新创建的帐户添加为命名空间的管理用户。Set-SBNamespace -Name "YourNamespace" -Manage YourUser
  3. 由于您使用的是 IP 地址,因此请在调用 SB 之前添加证书验证代码。ServicePointManager.ServerCertificateValidationCallback = new RemoteCertificateValidationCallback((s, cert, chain, ssl) => {return true; });
  4. 三、使用 TokenProvider.CreateOAuthTokenProvider(new List() { rootAddressManagement }, new NetworkCredential("YouUser", "YouPassword"));

注意:不要将机器名称指定为 YourUser 的一部分

于 2012-09-18T16:33:38.087 回答
2

我得到了坏消息和好消息。坏消息是无法使用 microsoft.servicebus.dll 方法发送消息。对我来说,我无法使用 microsoft windows.servicebus.dll 连接 Windows 服务总线。当我尝试发送消息时,我卡在了 sendmessage 操作上,无法继续进行。我怀疑问题是 通过代理后面的 http 发布到 Azure 服务总线, 这是当前版本中的一个错误。

好消息是我设法使用 rest api 完成所有服务总线操作。

首先是使用 microsft 提供的以下代码示例获取身份验证令牌。

http://msdn.microsoft.com/en-us/library/windowsazure/jj193003%28v=azure.10%29.aspx

一旦您获得令牌,其余操作(创建队列、发送消息、接收消息)与 Windows azure 服务总线相同。请参阅有关服务总线操作的 microsoft 文档的详细信息。

http://msdn.microsoft.com/en-us/library/windowsazure/hh690927.aspx 希望这有帮助。谢谢。

于 2012-10-17T22:56:00.300 回答
0

是的,你的预感是正确的。您遇到了该问题,因为服务器使用的证书颁发给机器的 FQDN,并且使用 IP 将导致证书名称不匹配。

短期内,您可以通过使用 CertificateValidation 回调忽略错误来解决此问题:http: //msdn.microsoft.com/en-us/library/system.net.servicepointmanager.servercertificatevalidationcallback.aspx

从长远来看,您可能想要检查如何获取 VM 的外部名称,并使用与之匹配的证书。

于 2012-09-18T16:36:22.127 回答
0

我陷入了同样的错误。我按照第二篇文章中描述的步骤进行操作。但最终以“这让我更进一步。我的应用程序确实连接并创建了队列,但在尝试将消息放入队列时失败了。我现在收到的消息是:System.IdentityModel.Tokens。 SecurityTokenValidationException: X.509 证书 CN= MACHINE_NAME不在受信任的人员存储中。X.509 证书 CN= MACHINE_NAME链构建失败。使用的证书具有无法验证的信任链。更换证书或更改certificateValidationMode。吊销功能无法检查证书的吊销。

于 2012-10-15T23:23:03.560 回答