SslStream FtpWebRequest - SSPI failed - The token supplied to the function is invalid

**MdoDev** · 14/06/2010, 16h47

Bonjour,

Je n'ai pas trouvé de discussion en français sur ce sujet et les forums en anglais ne me donnent pas assez de détail donc je vous remercie de votre aide.

Je souhaite me connecter à un serveur FTPS en mode explicite avec une authentification client/server sur la couche SSL.

J'ai systématiquement l'erreur suivante lorsque j'utilise la couche TcpClient+SslStream ou FtpWebRequest :

System.Security.Authentication.AuthenticationException: A call to SSPI failed, see inner exception. ---> System.ComponentModel.Win32Exception: The token supplied to the function is invalid
--- End of inner exception stack trace ---
at System.Net.Security.SslState.StartSendAuthResetSignal(ProtocolToken message, AsyncProtocolRequest asyncRequest, Exception exception)
at System.Net.Security.SslState.CheckCompletionBeforeNextReceive(ProtocolToken message, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.ProcessReceivedBlob(Byte[] buffer, Int32 count, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.StartReadFrame(Byte[] buffer, Int32 readBytes, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.StartReceiveBlob(Byte[] buffer, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.CheckCompletionBeforeNextReceive(ProtocolToken message, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.ProcessReceivedBlob(Byte[] buffer, Int32 count, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.StartReadFrame(Byte[] buffer, Int32 readBytes, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.StartReceiveBlob(Byte[] buffer, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.CheckCompletionBeforeNextReceive(ProtocolToken message, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.ForceAuthentication(Boolean receiveFirst, Byte[] buffer, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.ProcessAuthentication(LazyAsyncResult lazyResult)
at System.Net.Security.SslStream.AuthenticateAsClient(String targetHost, X509CertificateCollection clientCertificates, SslProtocols enabledSslProtocols, Boolean checkCertificateRevocation)
at CCDS.FRAMEWORK.DataAccess.Ftp.Generic.FtpControlConnection.ConnectionServer() in D:\Drivers\CCDS Packages\certificat\NET-COMMON\CCDS.FRAMEWORK\DataAccess\Ftp\Generic\FtpControlConnection.cs:line 81
at CCDS.FRAMEWORK.DataAccess.Ftp.Generic.FtpControlConnection.Connexion() in D:\Drivers\CCDS Packages\certificat\NET-COMMON\CCDS.FRAMEWORK\DataAccess\Ftp\Generic\FtpControlConnection.cs:line 34
at CCDS.FRAMEWORK.DataAccess.Ftp.Generic.FtpFactory.ListDirectory(String directory, String masque) in D:\Drivers\CCDS Packages\certificat\NET-COMMON\CCDS.FRAMEWORK\DataAccess\Ftp\Generic\FtpFactory.cs:line 40

En complément, voici mes codes :

Test 1 :

Code :

Sélectionner tout - Visualiser dans une fenêtre à part

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
                X509Certificate cer1 = new X509Certificate("D:\\Drivers\\CCDS Packages\\certificat\\certificat-prive.pfx", "azerty");
                ServicePointManager.ServerCertificateValidationCallback = new System.Net.Security.RemoteCertificateValidationCallback(OnCertificateValidation);
 
                FtpWebRequest request = (FtpWebRequest)FtpWebRequest.Create("ftp://xxx.xxx.xxx.xx:21/");
                request.Credentials = new NetworkCredential("xxxxxx", "xxxxxxxx");
                request.EnableSsl = true;
                request.ClientCertificates.Add(cer1);
                request.Proxy = null;
                request.UseBinary = true;
                request.UsePassive = true;
                request.KeepAlive = false;
 
                request.Method = WebRequestMethods.Ftp.ListDirectory;
 
                StringCollection list = new StringCollection();
                FtpWebResponse response = (FtpWebResponse)request.GetResponse();
                try
                {
                    using (StreamReader read = new StreamReader(response.GetResponseStream()))
                    {
                        while (!read.EndOfStream) list.Add(read.ReadLine());
                        read.Close();
                    }
                    response.Close();
                }
                catch
                {
                    response.Close();
                    throw;
                }

Code :

Sélectionner tout - Visualiser dans une fenêtre à part

1
2
3
4
        public static bool OnCertificateValidation(object sender, System.Security.Cryptography.X509Certificates.X509Certificate certification, System.Security.Cryptography.X509Certificates.X509Chain chain, System.Net.Security.SslPolicyErrors sslPolicyErrors)
        { 
            return true; 
        }

Test 2 :

Code :

Sélectionner tout - Visualiser dans une fenêtre à part

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
            X509Certificate2 cer = new X509Certificate2("D:\\Drivers\\CCDS Packages\\certificat\\RSFRLB-CCDALL1D-prive.pfx", "azerty");
            X509CertificateCollection collection = new X509CertificateCollection();
            collection.Add(cer);
 
            _tcp = new TcpClient();
            _tcp.NoDelay = true;
            System.Net.IPAddress ip = new System.Net.IPAddress(new byte[]{xxx, xxx, xxx, xxx});
            _tcp.Connect(ip, 21);
            _stream = _tcp.GetStream();
 
 
            if (_type == FtpConnectionType.SECURE_IMPLICIT)
            {
                SslStream ssl = new SslStream(_tcp.GetStream(), false, new RemoteCertificateValidationCallback(OnCertificateValidation), null);
                ssl.AuthenticateAsClient(
                     System.Environment.MachineName,
                     collection,
                     System.Security.Authentication.SslProtocols.Ssl3 | System.Security.Authentication.SslProtocols.Tls,
                     true);
 
                _stream = ssl;            
            }
            if (_type == FtpConnectionType.SECURE_EXPLICIT)
            {
                WebResponse();
 
                WebRequest(FtpCommands.AUTH, "TLS");
                WebResponse();
 
                SslStream ssl = new SslStream(
                    _tcp.GetStream(), 
                    false, 
                    new RemoteCertificateValidationCallback(OnCertificateValidation),
                    new LocalCertificateSelectionCallback(OnCertificateSelection));
                ssl.AuthenticateAsClient(
                     System.Environment.MachineName,
                     collection,
                     System.Security.Authentication.SslProtocols.Ssl3 | System.Security.Authentication.SslProtocols.Tls,
                     false);
 
                _stream = ssl;            
 
            }
 
            WebResponse();

Code :

Sélectionner tout - Visualiser dans une fenêtre à part

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
 
        private static bool OnCertificateValidation(object sender, X509Certificate certificate, X509Chain chain, SslPolicyErrors errors)
        {
            Trace.TraceVerbose("CCDS.FRAMEWORK.DataAccess.Ftp.Generic", "FtpControlConnection", "OnCertificateValidation");
            return true;
        }
        public static X509Certificate OnCertificateSelection(
                                Object sender,
                                string targetHost,
                                X509CertificateCollection localCertificates,
                                X509Certificate remoteCertificate,
                                string[] acceptableIssuers
                            )
        {
            return (localCertificates.Count != 0 )?localCertificates[0]:null;
        }

La connexion tcp s'établie, les commandes FTP sont envoyées. L'erreur a lieu au moment de la connexion SSL.
De plus, j'utilise un certificat auto-signé pour cette opération.

Mon hypothèse : soit je ne passe pas les bons arguments aux classes, soit mes certificats sont invalides.

Je vous remercie de votre aide.

**MdoDev** · 14/06/2010, 18h05

En complément la trace .NET

System.Net Verbose: 0 : [4496] WebRequest::Create(ftp://xxx.xxx.xxx.xx/)
System.Net Information: 0 : [4496] FtpWebRequest#57352375::.ctor(ftp://xxx.xxx.xxx.xx/)
System.Net Verbose: 0 : [4496] Exiting WebRequest::Create() -> FtpWebRequest#57352375
System.Net Verbose: 0 : [4496] FtpWebRequest#57352375::GetResponse()
System.Net Information: 0 : [4496] FtpWebRequest#57352375::GetResponse(Method=NLST.)
System.Net.Sockets Verbose: 0 : [4496] Socket#2637164::Socket(InterNetwork#2)
System.Net.Sockets Verbose: 0 : [4496] Exiting Socket#2637164::Socket()
System.Net.Sockets Verbose: 0 : [4496] Socket#2637164::Connect(45:21#771452372)
System.Net.Sockets Verbose: 0 : [4496] Exiting Socket#2637164::Connect()
System.Net Information: 0 : [4496] Associating FtpWebRequest#57352375 with FtpControlStream#41014879
System.Net.Sockets Verbose: 0 : [4496] Socket#2637164::Receive()
System.Net.Sockets Verbose: 0 : [4496] Data from Socket#2637164::Receive
System.Net.Sockets Verbose: 0 : [4496] 00000000 : 32 32 30 20 47 49 53 20-46 54 50 20 53 65 72 76 : 220 GIS FTP Serv
System.Net.Sockets Verbose: 0 : [4496] 00000010 : 65 72 20 28 6A 61 76 61-20 2D 31 2E 31 2E 30 30 : er (java -1.1.00
System.Net.Sockets Verbose: 0 : [4496] 00000020 : 29 20 72 65 61 64 79 2E-0D 0A : ) ready...
System.Net.Sockets Verbose: 0 : [4496] Exiting Socket#2637164::Receive() -> 42#42
System.Net Information: 0 : [4496] FtpControlStream#41014879 - Received response [220 GIS FTP Server (java -1.1.00) ready.]
System.Net Information: 0 : [4496] FtpControlStream#41014879 - Sending command [AUTH TLS]
System.Net.Sockets Verbose: 0 : [4496] Socket#2637164::Send()
System.Net.Sockets Verbose: 0 : [4496] Data from Socket#2637164::Send
System.Net.Sockets Verbose: 0 : [4496] 00000000 : 41 55 54 48 20 54 4C 53-0D 0A : AUTH TLS..
System.Net.Sockets Verbose: 0 : [4496] Exiting Socket#2637164::Send() -> 10#10
System.Net.Sockets Verbose: 0 : [4496] Socket#2637164::Receive()
System.Net.Sockets Verbose: 0 : [4496] Data from Socket#2637164::Receive
System.Net.Sockets Verbose: 0 : [4496] 00000000 : 32 33 34 20 53 65 63 75-72 69 74 79 20 64 61 74 : 234 Security dat
System.Net.Sockets Verbose: 0 : [4496] 00000010 : 61 20 65 78 63 68 61 6E-67 65 20 63 6F 6D 70 6C : a exchange compl
System.Net.Sockets Verbose: 0 : [4496] 00000020 : 65 74 65 2E 0D 0A : ete...
System.Net.Sockets Verbose: 0 : [4496] Exiting Socket#2637164::Receive() -> 38#38
System.Net Information: 0 : [4496] FtpControlStream#41014879 - Received response [234 Security data exchange complete.]
System.Net Information: 0 : [4496] TlsStream#3888474::.ctor(host=xxx.xxx.xxx.xxx, #certs=0)
System.Net Information: 0 : [4496] FtpControlStream#41014879 - Sending command [PBSZ 0]
System.Net Information: 0 : [4496] SecureChannel#25209742::.ctor(hostname=xxx.xxx.xxx.xxx, #clientCertificates=0)
System.Net Information: 0 : [4496] Enumerating security packages:
System.Net Information: 0 : [4496] Negotiate
System.Net Information: 0 : [4496] Kerberos
System.Net Information: 0 : [4496] NTLM
System.Net Information: 0 : [4496] Schannel
System.Net Information: 0 : [4496] Microsoft Unified Security Protocol Provider
System.Net Information: 0 : [4496] WDigest
System.Net Information: 0 : [4496] DPA
System.Net Information: 0 : [4496] Digest
System.Net Information: 0 : [4496] MSN
System.Net Information: 0 : [4496] SecureChannel#25209742 - Left with 0 client certificates to choose from.
System.Net Information: 0 : [4496] AcquireCredentialsHandle(package = Microsoft Unified Security Protocol Provider, intent = Outbound, scc = System.Net.SecureCredential)
System.Net Information: 0 : [4496] InitializeSecurityContext(credential = System.Net.SafeFreeCredential_SECURITY, context = (null), targetName = xxx.xxx.xxx.xxx, inFlags = ReplayDetect, SequenceDetect, Confidentiality, AllocateMemory, InitManualCredValidation)
System.Net Information: 0 : [4496] InitializeSecurityContext(In-Buffer length=0, Out-Buffer length=70, returned code=ContinueNeeded).
System.Net.Sockets Verbose: 0 : [4496] Socket#2637164::Send()
System.Net.Sockets Verbose: 0 : [4496] Data from Socket#2637164::Send
System.Net.Sockets Verbose: 0 : [4496] 00000000 : 16 03 01 00 41 01 00 00-3D 03 01 4C 16 51 59 B7 : ....A...=..L.QY.
System.Net.Sockets Verbose: 0 : [4496] 00000010 : 47 70 96 C4 95 32 C1 3C-6F 72 39 AC 06 29 D4 F3 : Gp...2.<or9..)..
System.Net.Sockets Verbose: 0 : [4496] 00000020 : 5F 8A 64 51 82 1C 7B 1E-87 CB E2 00 00 16 00 04 : _.dQ..{.........
System.Net.Sockets Verbose: 0 : [4496] 00000030 : 00 05 00 0A 00 09 00 64-00 62 00 03 00 06 00 13 : .......d.b......
System.Net.Sockets Verbose: 0 : [4496] 00000040 : 00 12 00 63 01 00 : ...c..
System.Net.Sockets Verbose: 0 : [4496] Exiting Socket#2637164::Send() -> 70#70
System.Net.Sockets Verbose: 0 : [4496] Socket#2637164::Receive()
System.Net.Sockets Verbose: 0 : [4496] Data from Socket#2637164::Receive
System.Net.Sockets Verbose: 0 : [4496] 00000000 : 16 03 01 00 3A : ....:
System.Net.Sockets Verbose: 0 : [4496] Exiting Socket#2637164::Receive() -> 5#5
System.Net.Sockets Verbose: 0 : [4496] Socket#2637164::Receive()
System.Net.Sockets Verbose: 0 : [4496] Data from Socket#2637164::Receive
System.Net.Sockets Verbose: 0 : [4496] 00000005 : 02 00 00 36 03 01 4C 16-51 59 8F 2B 5A 5E D3 08 : ...6..L.QY.+Z^..
System.Net.Sockets Verbose: 0 : [4496] 00000015 : 16 F0 0A 0A 0C 8D 85 EE-98 CB 82 9F 15 AF 80 CD : ................
System.Net.Sockets Verbose: 0 : [4496] 00000025 : 53 DD 17 74 A0 B5 10 36-E0 B3 BD 48 0A 0A DB 3B : S..t...6...H...;
System.Net.Sockets Verbose: 0 : [4496] 00000035 : 36 3E FA 06 83 96 51 00-05 00 : 6>....Q...
System.Net.Sockets Verbose: 0 : [4496] Exiting Socket#2637164::Receive() -> 58#58
System.Net Information: 0 : [4496] InitializeSecurityContext(credential = System.Net.SafeFreeCredential_SECURITY, context = 36b1600:1620060, targetName = xxx.xxx.xxx.xxx, inFlags = ReplayDetect, SequenceDetect, Confidentiality, AllocateMemory, InitManualCredValidation)
System.Net Information: 0 : [4496] InitializeSecurityContext(In-Buffers count=2, Out-Buffer length=0, returned code=ContinueNeeded).
System.Net.Sockets Verbose: 0 : [4496] Socket#2637164::Receive()
System.Net.Sockets Verbose: 0 : [4496] Data from Socket#2637164::Receive
System.Net.Sockets Verbose: 0 : [4496] 00000000 : 16 03 01 03 FC : .....
System.Net.Sockets Verbose: 0 : [4496] Exiting Socket#2637164::Receive() -> 5#5
System.Net.Sockets Verbose: 0 : [4496] Socket#2637164::Receive()
System.Net.Sockets Verbose: 0 : [4496] Data from Socket#2637164::Receive
System.Net.Sockets Verbose: 0 : [4496] 00000005 : 0B 00 03 F8 00 03 F5 00-03 F2 30 82 03 EE 30 82 : ..........0...0.
System.Net.Sockets Verbose: 0 : [4496] 00000015 : 03 57 A0 03 02 01 02 02-10 43 24 B5 79 58 CD 94 : .W.......C$.yX..

...

System.Net.Sockets Verbose: 0 : [4496] 000003F5 : B0 03 D0 33 B3 5E 6E 18-92 47 6B 84 : ...3.^n..Gk.
System.Net.Sockets Verbose: 0 : [4496] Exiting Socket#2637164::Receive() -> 1020#1020
System.Net Information: 0 : [4496] InitializeSecurityContext(credential = System.Net.SafeFreeCredential_SECURITY, context = 36b1600:1620060, targetName = xxx.xxx.xxx.xxx, inFlags = ReplayDetect, SequenceDetect, Confidentiality, AllocateMemory, InitManualCredValidation)
System.Net Information: 0 : [4496] InitializeSecurityContext(In-Buffers count=2, Out-Buffer length=0, returned code=InvalidToken).
System.Net.Sockets Verbose: 0 : [4496] Socket#2637164:

ispose()
System.Net Information: 0 : [4496] FtpWebRequest#57352375:

Releasing FTP connection#41014879.)
System.Net Error: 0 : [4496] Exception in the FtpWebRequest#57352375::GetResponse - A call to SSPI failed, see inner exception.
System.Net Error: 0 : [4496] at System.Net.FtpWebRequest.SyncRequestCallback(Object obj)
at System.Net.FtpWebRequest.RequestCallback(Object obj)
at System.Net.CommandStream.InvokeRequestCallback(Object obj)
at System.Net.CommandStream.Abort(Exception e)
at System.Net.FtpWebRequest.FinishRequestStage(RequestStage stage)
at System.Net.FtpWebRequest.GetResponse()
System.Net Verbose: 0 : [4496] Exiting FtpWebRequest#57352375::GetResponse()

**MdoDev** · 16/11/2011, 11h45

J'ai confondu l'authentification cliente par certificat avec les échanges SSL.
Le développement n'est pas valide pour répondre au besoin.

SslStream FtpWebRequest - SSPI failed - The token supplied to the function is invalid

Développement Web avec .NET

Discussions similaires

Partager

Partager