[英]Is there any way to use Client Certificates with ASP.NET 5?
We are developing an ASP.NET 5 project and one of the requirements is that user authentication is done through client certificates via browser, but I can't make this work. 我们正在开发一个ASP.NET 5项目,其中一个要求是用户身份验证是通过浏览器通过客户端证书完成的,但我无法使其工作。
Using web.config
and IIS the certificate is requested properly with this configuration: 使用
web.config
和IIS,使用此配置正确请求证书:
<system.webServer>
<security>
<access sslFlags="Ssl, SslNegotiateCert" />
<authentication>
<iisClientCertificateMappingAuthentication enabled="true" />
</authentication>
</security>
</system.webServer>
But the client certificate does not arrive to the web application, as I understand it should be in context.Connection.ClientCertificate
property, where context
is the current HttpContext
. 但是客户端证书没有到达Web应用程序,因为我知道它应该在
context.Connection.ClientCertificate
属性中,其中context
是当前的HttpContext
。
I suspect that httpPlatformHandler
that tunnels IIS to Kestrel is ignoring https and this may be implemented in the future. 我怀疑将IIS隧道连接到Kestrel的
httpPlatformHandler
忽略了https,这可能在将来实现。
I have made some tests with an OWIN site (not DNX) and a custom AuthenticationHandler
that gets the X509 client certificate and works properly under IIS. 我已经使用OWIN站点(而不是DNX)和自定义
AuthenticationHandler
进行了一些测试,该AuthenticationHandler
获取X509客户端证书并在IIS下正常运行。
It looks like there has been some work done on this and a pull request and merge was done implementing this. 看起来已经完成了一些工作,并且执行了拉取请求和合并。 So... hopefully we'll see it in a updated release of Kestrel.
所以...希望我们会在Kestrel的更新版本中看到它。
See here: https://github.com/aspnet/KestrelHttpServer/pull/385 请参见: https : //github.com/aspnet/KestrelHttpServer/pull/385
As I can read in the Change to IIS hosting model announcement: 我可以在更改到IIS托管模型公告中阅读:
- The HttpPlatformHandler currently does not forward client certs (this will be a future enhancement)
HttpPlatformHandler目前不转发客户端证书(这将是未来的增强功能)
So, it seems that is not possible right now and httpPlaformHandler
must be fixed. 所以,现在似乎不可能,
httpPlaformHandler
必须修复。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.