问题:
在AWS上连接到Windows Server服务总线
艾正浩
我正在使用新的Windows Server Service Bus 1.0测试版开始一个新项目的工作。我正在尝试在AWS EC2虚拟机上设置测试环境。
我已经在AWS EC2上运行的Windows Server 2008 R2html" target="_blank">实例上安装了服务总线,并根据MSDN文档中的示例设置了新的服务器场、容器和主机。我在服务器上打开了所有正确的端口(4443和9354)。我还按照[本页][1]中的说明将自行生成的证书导出到我的客户机上。
我有一个非常简单的C#程序,它可以创建队列、排队消息并接收它。当我把可执行文件复制到虚拟机并在那里运行时,这个程序运行得很好,所以我相信我正确地使用了API。但是,当我从指向AWS服务器的本地开发框运行程序时,会出现安全异常。
我的代码如下所示:
var servername = "X.X.X.X"; // <-- An IP Address, not FQDN
var sbNamespace = "MyNamespace";
var httpPort = 4446;
var tcpPort = 9354;
//create SB uris
var rootAddressManagement = ServiceBusEnvironment.CreatePathBasedServiceUri("sb", sbNamespace, string.Format("{0}:{1}", servername, httpPort));
var rootAddressRuntime = ServiceBusEnvironment.CreatePathBasedServiceUri("sb", sbNamespace, string.Format("{0}:{1}", servername, tcpPort));
var tokenProvider = TokenProvider.CreateWindowsTokenProvider(new List<Uri>() { rootAddressManagement });
var namespaceManager = new NamespaceManager(rootAddressManagement,
new NamespaceManagerSettings()
{
TokenProvider = tokenProvider
});
var factory = MessagingFactory.Create(rootAddressRuntime,
new MessagingFactorySettings()
{
TokenProvider = tokenProvider,
//OperationTimeout = TimeSpan.FromMinutes(30)
});
if (!namespaceManager.QueueExists("OrderQueue")) <-- EXCEPTION OCCURRS HERE
{
// Code to create a queue that is never reached.
}
我的异常跟踪如下所示:
[Microsoft.ServiceBus.Messaging.ServiceBusResourceOperations+GetAsyncResult`1[[Microsoft.ServiceBus.Messaging.QueueDescription, Microsoft.ServiceBus, Version=1.6.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35]]] IteratorAsyncResult failed to move to the next step due to an exception; System.UnauthorizedAccessException: The token provider was unable to provide a security token while accessing 'https://107.23.15.5:4446/APIHealthcare/$STS/Windows/'. Token provider returned message: 'The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel.'. ---> System.IdentityModel.Tokens.SecurityTokenException: The token provider was unable to provide a security token while accessing 'https://107.23.15.5:4446/APIHealthcare/$STS/Windows/'. Token provider returned message: 'The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel.'. ---> System.Net.WebException: The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel. ---> System.Security.Authentication.AuthenticationException: The remote certificate is invalid according to the validation procedure.
at System.Net.Security.SslState.StartSendAuthResetSignal(ProtocolToken message, AsyncProtocolRequest asyncRequest, Exception exception)
at System.Net.Security.SslState.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.ProcessReceivedBlob(Byte[] buffer, Int32 count, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.StartReceiveBlob(Byte[] buffer, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.ProcessReceivedBlob(Byte[] buffer, Int32 count, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.StartReceiveBlob(Byte[] buffer, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.ProcessReceivedBlob(Byte[] buffer, Int32 count, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.StartReceiveBlob(Byte[] buffer, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.ForceAuthentication(Boolean receiveFirst, Byte[] buffer, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.ProcessAuthentication(LazyAsyncResult lazyResult)
at System.Threading.ExecutionContext.RunInternal(ExecutionContext executionContext, ContextCallback callback, Object state, Boolean preserveSyncCtx)
at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state, Boolean preserveSyncCtx)
at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state)
at System.Net.TlsStream.ProcessAuthentication(LazyAsyncResult result)
at System.Net.TlsStream.Write(Byte[] buffer, Int32 offset, Int32 size)
at System.Net.PooledStream.Write(Byte[] buffer, Int32 offset, Int32 size)
at System.Net.ConnectStream.WriteHeaders(Boolean async)
--- End of inner exception stack trace ---
at System.Net.HttpWebRequest.GetRequestStream(TransportContext& context)
at System.Net.HttpWebRequest.GetRequestStream()
at Microsoft.ServiceBus.TokenProviderHelper.GetWindowsAccessTokenCore(IEnumerator`1 stsUris, Func`2 uriBuilder, String requestToken, TimeSpan timeout, DateTime& expiresIn)
--- End of inner exception stack trace ---
at Microsoft.ServiceBus.TokenProviderHelper.ThrowException(Uri requestUri, WebException exception)
at Microsoft.ServiceBus.TokenProviderHelper.GetWindowsAccessTokenCore(IEnumerator`1 stsUris, Func`2 uriBuilder, String requestToken, TimeSpan timeout, DateTime& expiresIn)
at Microsoft.ServiceBus.WindowsTokenProvider.OnBeginGetWebToken(String appliesTo, String action, TimeSpan timeout, AsyncCallback callback, Object state)
at Microsoft.ServiceBus.TokenProvider.GetWebTokenAsyncResult..ctor(TokenProvider tokenProvider, String appliesTo, String action, Boolean bypassCache, TimeSpan timeout, AsyncCallback callback, Object state)
at Microsoft.ServiceBus.TokenProvider.BeginGetWebToken(String appliesTo, String action, Boolean bypassCache, TimeSpan timeout, AsyncCallback callback, Object state)
at Microsoft.ServiceBus.TokenProviderUtility.GetMessagingWebToken(ITokenProvider tokenProvider, String appliesTo, String action, Boolean bypassCache, TimeSpan timeout)
--- End of inner exception stack trace ---
at Microsoft.ServiceBus.TokenProviderUtility.GetMessagingWebToken(ITokenProvider tokenProvider, String appliesTo, String action, Boolean bypassCache, TimeSpan timeout)
at Microsoft.ServiceBus.Messaging.HttpWebRequestExtensions.AddAuthorizationHeader(HttpWebRequest request, ITokenProvider tokenProvider, Uri baseAddress, String action)
at Microsoft.ServiceBus.Messaging.ServiceBusResourceOperations.GetAsyncResult`1.<GetAsyncSteps>d__c.MoveNext()
at Microsoft.ServiceBus.Messaging.IteratorAsyncResult`1.MoveNextStep()
A first chance exception of type 'System.UnauthorizedAccessException' occurred in Microsoft.ServiceBus.dll
System.UnauthorizedAccessException: The token provider was unable to provide a security token while accessing 'https://107.23.15.5:4446/APIHealthcare/$STS/Windows/'. Token provider returned message: 'The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel.'. ---> System.IdentityModel.Tokens.SecurityTokenException: The token provider was unable to provide a security token while accessing 'https://107.23.15.5:4446/APIHealthcare/$STS/Windows/'. Token provider returned message: 'The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel.'. ---> System.Net.WebException: The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel. ---> System.Security.Authentication.AuthenticationException: The remote certificate is invalid according to the validation procedure.
at System.Net.Security.SslState.StartSendAuthResetSignal(ProtocolToken message, AsyncProtocolRequest asyncRequest, Exception exception)
at System.Net.Security.SslState.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.ProcessReceivedBlob(Byte[] buffer, Int32 count, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.StartReceiveBlob(Byte[] buffer, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.ProcessReceivedBlob(Byte[] buffer, Int32 count, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.StartReceiveBlob(Byte[] buffer, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.ProcessReceivedBlob(Byte[] buffer, Int32 count, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.StartReceiveBlob(Byte[] buffer, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.ForceAuthentication(Boolean receiveFirst, Byte[] buffer, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.ProcessAuthentication(LazyAsyncResult lazyResult)
at System.Threading.ExecutionContext.RunInternal(ExecutionContext executionContext, ContextCallback callback, Object state, Boolean preserveSyncCtx)
at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state, Boolean preserveSyncCtx)
at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state)
at System.Net.TlsStream.ProcessAuthentication(LazyAsyncResult result)
at System.Net.TlsStream.Write(Byte[] buffer, Int32 offset, Int32 size)
at System.Net.PooledStream.Write(Byte[] buffer, Int32 offset, Int32 size)
at System.Net.ConnectStream.WriteHeaders(Boolean async)
--- End of inner exception stack trace ---
at System.Net.HttpWebRequest.GetRequestStream(TransportContext& context)
at System.Net.HttpWebRequest.GetRequestStream()
at Microsoft.ServiceBus.TokenProviderHelper.GetWindowsAccessTokenCore(IEnumerator`1 stsUris, Func`2 uriBuilder, String requestToken, TimeSpan timeout, DateTime& expiresIn)
--- End of inner exception stack trace ---
at Microsoft.ServiceBus.TokenProviderHelper.ThrowException(Uri requestUri, WebException exception)
at Microsoft.ServiceBus.TokenProviderHelper.GetWindowsAccessTokenCore(IEnumerator`1 stsUris, Func`2 uriBuilder, String requestToken, TimeSpan timeout, DateTime& expiresIn)
at Microsoft.ServiceBus.WindowsTokenProvider.OnBeginGetWebToken(String appliesTo, String action, TimeSpan timeout, AsyncCallback callback, Object state)
at Microsoft.ServiceBus.TokenProvider.GetWebTokenAsyncResult..ctor(TokenProvider tokenProvider, String appliesTo, String action, Boolean bypassCache, TimeSpan timeout, AsyncCallback callback, Object state)
at Microsoft.ServiceBus.TokenProvider.BeginGetWebToken(String appliesTo, String action, Boolean bypassCache, TimeSpan timeout, AsyncCallback callback, Object state)
at Microsoft.ServiceBus.TokenProviderUtility.GetMessagingWebToken(ITokenProvider tokenProvider, String appliesTo, String action, Boolean bypassCache, TimeSpan timeout)
--- End of inner exception stack trace ---
Server stack trace:
at Microsoft.ServiceBus.TokenProviderUtility.GetMessagingWebToken(ITokenProvider tokenProvider, String appliesTo, String action, Boolean bypassCache, TimeSpan timeout)
at Microsoft.ServiceBus.Messaging.HttpWebRequestExtensions.AddAuthorizationHeader(HttpWebRequest request, ITokenProvider tokenProvider, Uri baseAddress, String action)
at Microsoft.ServiceBus.Messaging.ServiceBusResourceOperations.GetAsyncResult`1.<GetAsyncSteps>d__c.MoveNext()
at Microsoft.ServiceBus.Messaging.IteratorAsyncResult`1.MoveNextStep()
at Microsoft.ServiceBus.Messaging.IteratorAsyncResult`1.EnumerateSteps(CurrentThreadType state)
at Microsoft.ServiceBus.Messaging.IteratorAsyncResult`1.Start()
Exception rethrown at [0]:
at Microsoft.ServiceBus.Common.AsyncResult.End[TAsyncResult](IAsyncResult result)
at Microsoft.ServiceBus.Messaging.IteratorAsyncResult`1.End(IAsyncResult asyncResult)
at Microsoft.ServiceBus.Messaging.ServiceBusResourceOperations.EndGet[TEntityDescription](IAsyncResult asyncResult)
at Microsoft.ServiceBus.NamespaceManager.OnEndQueueExists(IAsyncResult result)
at Microsoft.ServiceBus.NamespaceManager.EndQueueExists(IAsyncResult result)
at Microsoft.ServiceBus.NamespaceManager.QueueExists(String path)
at ServiceBusSandbox.ServiceBusSampleApp.CreateAQueue(NamespaceManager namespaceManager) in c:\Users\cent049\Documents\Visual Studio 2012\Projects\ServiceBusSandbox\ServiceBusSandbox\ServiceBusSampleApp.cs:line 15
at ServiceBusSandbox.ServiceBusSampleApp.Main(String[] args) in c:\Users\cent049\DocumentThe thread 'vshost.RunParkingWindow' (0x2608) has exited with code 0 (0x0).
我有一种预感,问题是我正在使用VM的IP地址而不是FQDN进行连接,但是我不知道如何确认这一点,也不知道如何获取AWS服务器的域名。服务器有一个机器名,但只是在工作组“workgroup”上,而不是在域上。
我们将不胜感激。
共有3个答案
郭永安
是的,你的直觉是正确的。您遇到了该问题,因为服务器使用的证书已颁发给计算机的FQDN,并且使用IP将导致证书名称不匹配。
短期内,您可以通过使用证书验证回调来忽略错误来解决这个问题:http://msdn.microsoft.com/en-us/library/system.net.servicepointmanager.servercertificatevalidationcallback.aspx
长期来看,您可能希望检查如何获取VM的外部名称,并使用与之匹配的证书。
武琛
我有坏消息和好消息。坏消息是无法使用microsoft.servicebus.dll方法发送消息。对我来说,我无法使用微软连接Windows服务总线windows.servicebus.dll.当我尝试发送消息时,我卡在sendmail操作上,无法继续超过该点。我怀疑问题是通过代理背后的超文本传输协议发布到Azure服务总线,这是当前版本中的一个错误。
好消息是,我成功地使用RESTAPI完成了所有服务总线操作。
首先,使用Microsoft提供的以下代码示例获取身份验证令牌。
http://msdn.microsoft.com/en-us/library/windowsazure/jj193003(v=azure.10)。aspx
一旦u得到令牌其余的操作(创建que,发送消息,命令消息)与windows azure服务总线相同。请参阅有关microsoft留档服务总线操作的详细信息。
http://msdn.microsoft.com/en-us/library/windowsazure/hh690927.aspx希望这有帮助。谢谢。
崔博延
使用CreateOAuthTokenProvider而不是CreateWindowsTokenProvider。
- 首先,您需要在机器中创建一个帐户:rootAddressManagement
- 将新创建的帐户添加为命名空间的管理用户。设置SBNamespace-名称为“YourNamespace”-管理您的用户
- 由于您使用的是ipaddress,请在调用SB之前添加证书验证代码。ServicePointManager。ServerCertificateValidationCallback=新的RemoteCertificateValidationCallback((s、cert、chain、ssl)=
注意:不要将机器名称指定为YourUser的一部分
类似资料:
-
我需要将一条消息从运行在SQL Server2014下的SSIS包放入Azure ServiceBus队列中。正如本文所建议的:从ssis连接到azure服务总线队列,我编写了一个引用“azure SDK2.9”的脚本任务。这种方法适用于Azure存储帐户处理Blob(引用Microsoft.WindowsAzure.Storage程序集),但不适用于Azure存储总线(引用Microsoft.S
-
我正在尝试运行节点。亚马逊AWS Ec2微实例上的js服务器和Redis服务器。 我已经安装了Redis Server,Redis Server命令运行良好。 我使用“永远”来保持Redis-Server运行。它工作正常。 但当我启动节点服务器时,它无法连接到Redis服务器。 它给出了以下错误- 做一个“永久列表”表明redis服务器运行良好。 我已经验证了当redis-server启动时,它从
-
我需要使用SAS令牌连接到Azure服务总线(生成并连接)。 我没有看到任何关于python实现的东西。 此链接提供Eventhubs的实现- https://docs.microsoft.com/en-us/rest/api/eventhub/generate-sas-token#python 不确定在哪里可以找到servicebus的python实现。
-
我要问的问题以前在这里被问过。David Ingham在背诵此Microsoft文档时给出了答案。Sentinel已确认该解决方案有效。 然而,我也有同样的问题。我严格遵守Microsoft文档,但仍然存在相同的问题。 冒着冗余的风险,问题是当使用Qpid-JMS客户端库(版本0.22或0.26)连接到Windows Server(非Azure)上的服务总线(1.1)并遵循Microsoft的所有
-
我有两个问题: > 我有父/子关系(配置为联接数据类型字段)。请某人提供文档或解释,如何使用ElasticsearchRestTemplate或ElasticsearchOperations正确插入/更新父记录和子记录? 谢谢,最好的问候,罗伯特
-
我创建了一个主机名为“%”的外部用户,以允许远程访问。我在将本地MySQL连接到远程AWS RDS时遇到以下错误: 错误2003(HY000):无法连接到'instance.cvxqy8tbi2bk.us-east-1.rds.amazonaws.com'上的MySQL服务器(110)。 我尝试注释,但没有解决方案。有什么线索吗?