muh*_*hif 9 c# ssl ssl-certificate x509certificate asp.net-web-api
我花了整整一天的时间在这个问题上,除了在这里问我的同伴之外别无他法.
我们有一个web api接受X509证书,但是下面的代码总是在localhost和dev服务器上给我null.
以下是获取证书的代码:
var certificate = actionContext.Request.GetClientCertificate();
我创建了一个ActionFilterAttribute并且在其中OnActionExecuting我正在尝试获得如上所述的客户端证书.
在此之前,我按照此链接上的说明使用Windows PowerShell创建了证书:
我使用的命令是这样的:
New-SelfSignedCertificate -DnsName "localhost", "atp api" -CertStoreLocation "cert:\LocalMachine\My"
证书已创建,我确保它在受信任的证书中.然后从我的示例客户端App,我使用以下代码将证书发送到我的Web API:
X509Store store = new X509Store(StoreName.My, StoreLocation.LocalMachine);
store.Open(OpenFlags.OpenExistingOnly | OpenFlags.ReadOnly);
var certCollection = store.Certificates.Find(X509FindType.FindByIssuerName, "localhost", false);
var cert = certCollection[0];
HttpWebRequest request = (HttpWebRequest)WebRequest.Create("https://localhost:44308/dk");
request.ClientCertificates.Add(cert);
request.Method = "POST";
string postData = "<string xmlns='http://schemas.microsoft.com/2003/10/Serialization/'>sample string 1</string>";
byte[] byteArray = Encoding.UTF8.GetBytes(postData);
//request.ContentType = "application/xml";
request.ContentLength = byteArray.Length;
Stream dataStream = request.GetRequestStream();
// Write the data to the request stream.
dataStream.Write(byteArray, 0, byteArray.Length);
// Close the Stream object.
dataStream.Close();
HttpWebResponse response = (HttpWebResponse)request.GetResponse();
dataStream = response.GetResponseStream();
// Open the stream using a StreamReader for easy access.
StreamReader reader = new StreamReader(dataStream);
// Read the content.
string responseFromServer = reader.ReadToEnd();
store.Close();
但是当我在Web API中执行此代码时,证书为null.我认为可能是因为localhost,我在开发服务器上部署了web api,证书仍为null.
我还尝试从指定的Windows位置而不是从商店获取证书,结果是相同的.
我用谷歌搜索和谷歌搜索了很多,但没有任何帮助我.
您需要在 web.config 中添加以下行以强制 IIS 启动 SSL 证书协商:
<system.webServer>
<!-- things ... -->
<security>
<access sslFlags="SslNegotiateCert" />
</security>
<!-- things -->
</system.webServer>
| 归档时间: |
|
| 查看次数: |
1182 次 |
| 最近记录: |