我们在本地网络机器上部署了Web服务(asp.net core mvc)。我们正尝试使用部署在Azure上的App Service来调用这些WEB API。但是当我们尝试使用“HTTP”协议连接它时,它会给出超时错误或任务被取消错误。在“HTTPS”的情况下,它给出“发生安全错误错误”。
我们在Azure App Service上创建了Hybrid连接,以连接到onpremise web api服务,该服务在线显示80和443端口。我们也在本地网络机器上设置了Hybrid Connection Manager。
以下是用于调用代码的代码段,该代码段部署在Azure App Service上(例如https://xyz.azurewebsite.com)
try
{
var httpClient = new HttpClient();
httpClient.Timeout = TimeSpan.FromMinutes(60);
httpClient.BaseAddress = new Uri("https://onpremise");
httpClient.DefaultRequestHeaders.Accept.Clear();
httpClient.DefaultRequestHeaders.Accept.Add(new MediaTypeWithQualityHeaderValue("application/json"));
ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12 | SecurityProtocolType.Tls11 | SecurityProtocolType.Tls;
ServicePointManager.ServerCertificateValidationCallback += (sender, cert, chain, sslPolicyErrors) => true;
//Simple Get Request to test on-premise service
var response = await httpClient.GetStringAsync("api/OnPremiseData/GetData");
ViewBag.ResponseText = response;
}
如果我从localhost调试应用程序,上面的代码工作正常。所以我假设的代码没有问题。
以下是web api代码段:
[Route("api/[controller]/[action]")]
public class OnPremiseDataController : Controller
{
[HttpGet]
public string GetData()
{
return "Success";
}
}
以下是startup.cs文件
public void ConfigureServices(IServiceCollection services)
{
services.AddCors();
services.AddMvc();
}
// This method gets called by the runtime. Use this method to configure the HTTP request pipeline.
public void Configure(IApplicationBuilder app, IHostingEnvironment env)
{
app.UseCors(options => options.WithOrigins("https://xyz.azurewebsite.com", "https://localhost:44310").AllowAnyMethod().AllowAnyHeader());
if (env.IsDevelopment())
{
app.UseDeveloperExceptionPage();
}
app.UseMvc();
}
我们有类似的场景(WebApp和SQL内部部署),其技巧是在内部部署机器上的Hybrid Connection Manager中使用端点的完全限定域名。
以下是上述问题的解决方案。基本上我已经解决了2个问题。
首先是使用FQDN(完全合格的域名)我能够连接到本地服务。在Azure上的混合连接中配置端点时,请确保使用FQDN。
其次,使用下面的代码行,我可以向内部部署服务器发出安全的HTTPS请求:
HttpMessageHandler handler = new HttpClientHandler
{
SslProtocols = System.Security.Authentication.SslProtocols.Tls12 | System.Security.Authentication.SslProtocols.Tls11 | System.Security.Authentication.SslProtocols.Tls,
ServerCertificateCustomValidationCallback = (sender, cert, chain, sslPolicyErrors) => true
};
以下是上述问题的完整解决方案:
HttpMessageHandler handler = new HttpClientHandler
{
SslProtocols = System.Security.Authentication.SslProtocols.Tls12 | System.Security.Authentication.SslProtocols.Tls11 | System.Security.Authentication.SslProtocols.Tls,
ServerCertificateCustomValidationCallback = (sender, cert, chain, sslPolicyErrors) => true
};
var httpClient = new HttpClient(handler);
httpClient.Timeout = TimeSpan.FromMinutes(60);
httpClient.BaseAddress = new Uri("https://onpremise");
httpClient.DefaultRequestHeaders.Accept.Clear();
httpClient.DefaultRequestHeaders.Accept.Add(new MediaTypeWithQualityHeaderValue("application/json"));
//Simple Get Request to test on-premise service
var response = await httpClient.GetStringAsync("api/OnPremiseData/GetData");
ViewBag.ResponseText = response;