D365 FO第三方访问https证书问题
D365FO采用https,第三方通过API调用的时候,客户端不见得信任D365FO的证书,调用时候会报
基础连接已关闭,发送时发生错误,调用堆栈如下:
1 at System.Net.Sockets.NetworkStream.Read(Byte[] buffer, Int32 offset, Int32 size) 2 at System.Net.FixedSizeReader.ReadPacket(Byte[] buffer, Int32 offset, Int32 count) 3 at System.Net.Security.SslState.StartReceiveBlob(Byte[] buffer, AsyncProtocolRequest asyncRequest) 4 at System.Net.Security.SslState.CheckCompletionBeforeNextReceive(ProtocolToken message, AsyncProtocolRequest asyncRequest) 5 at System.Net.Security.SslState.ForceAuthentication(Boolean receiveFirst, Byte[] buffer, AsyncProtocolRequest asyncRequest) 6 at System.Net.Security.SslState.ProcessAuthentication(LazyAsyncResult lazyResult) 7 at System.Threading.ExecutionContext.RunInternal(ExecutionContext executionContext, ContextCallback callback, Object state, Boolean preserveSyncCtx) 8 at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state, Boolean preserveSyncCtx) 9 at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state) 10 at System.Net.TlsStream.ProcessAuthentication(LazyAsyncResult result) 11 at System.Net.TlsStream.Write(Byte[] buffer, Int32 offset, Int32 size) 12 at System.Net.PooledStream.Write(Byte[] buffer, Int32 offset, Int32 size) 13 at System.Net.ConnectStream.WriteHeaders(Boolean async)
从调用堆栈看,应该是跟SSL验证有关系。
当然有时候还会直接报
基础连接已经关闭: 未能为 SSL/TLS 安全通道建立信任关系
这个就更直接了。
网上有很多解决办法,目的是让https请求跳过客户端对SSL证书的验证。
1 ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12; 2 ServicePointManager.ServerCertificateValidationCallback = new RemoteCertificateValidationCallback( 3 (object caller, 4 X509Certificate certifacate, 5 X509Chain chain, 6 SslPolicyErrors erros) => { return true; }); 7 var request = HttpWebRequest.Create(url);
这段代码一定要放到HttpWebRequest之前,要不然回调的时候调不到方法。
ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12;
这一句也是必须的,D365的协议版本是Tls12,指定别的版本也不会跳过检查。