堆栈内存溢出
  简体   繁体   English

有没有办法在ASP.NET 5中使用客户端证书?

[英]Is there any way to use Client Certificates with ASP.NET 5?

 原文  2015-11-04 11:32:06       ssl/ asp.net-core/ client-certificates

问题描述

We are developing an ASP.NET 5 project and one of the requirements is that user authentication is done through client certificates via browser, but I can't make this work. 我们正在开发一个ASP.NET 5项目,其中一个要求是用户身份验证是通过浏览器通过客户端证书完成的,但我无法使其工作。

Using web.config and IIS the certificate is requested properly with this configuration: 使用web.config和IIS,使用此配置正确请求证书: 

<system.webServer>
  <security>
    <access sslFlags="Ssl, SslNegotiateCert" />
    <authentication>
      <iisClientCertificateMappingAuthentication enabled="true" />
    </authentication>
  </security>
</system.webServer>

But the client certificate does not arrive to the web application, as I understand it should be in context.Connection.ClientCertificate property, where context is the current HttpContext . 但是客户端证书没有到达Web应用程序,因为我知道它应该在context.Connection.ClientCertificate属性中,其中context是当前的HttpContext

I suspect that httpPlatformHandler that tunnels IIS to Kestrel is ignoring https and this may be implemented in the future. 我怀疑将IIS隧道连接到Kestrel的httpPlatformHandler忽略了https,这可能在将来实现。

I have made some tests with an OWIN site (not DNX) and a custom AuthenticationHandler that gets the X509 client certificate and works properly under IIS. 我已经使用OWIN站点(而不是DNX)和自定义AuthenticationHandler进行了一些测试,该AuthenticationHandler获取X509客户端证书并在IIS下正常运行。

2 个解决方案

解决方案1
 2  2015-11-24 16:31:23

It looks like there has been some work done on this and a pull request and merge was done implementing this. 看起来已经完成了一些工作,并且执行了拉取请求和合并。 So... hopefully we'll see it in a updated release of Kestrel. 所以...希望我们会在Kestrel的更新版本中看到它。

See here: https://github.com/aspnet/KestrelHttpServer/pull/385 请参见: https//github.com/aspnet/KestrelHttpServer/pull/385

解决方案2
 1  2015-11-04 14:20:29

As I can read in the Change to IIS hosting model announcement: 我可以在更改到IIS托管模型公告中阅读:

  • The HttpPlatformHandler currently does not forward client certs (this will be a future enhancement) HttpPlatformHandler目前不转发客户端证书(这将是未来的增强功能)

So, it seems that is not possible right now and httpPlaformHandler must be fixed. 所以,现在似乎不可能, httpPlaformHandler必须修复。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 如何发送特定于客户端的可信证书颁发机构,以确定用户可以在asp.net网站表单站点上使用的客户端证书 - How to send client specific trusted certificate authority for deciding which client certificates the user may use on the asp.net web form site 使用客户端证书时,大型 POST 请求会导致 Asp.Net Web API 超时 - Large POST requests causes timeout in Asp.Net Web API when using client certificates ASP.NET WebApi-如何“允许”而不是“要求”客户端证书? - ASP.NET WebApi - How do I “allow”, but not “require” client certificates? 根据所使用的子域,是否可以在同一ASP.NET网站上使用几个不同的ssl证书? - Is it possible to use several different ssl certificates on the same ASP.NET website depending on the Subdomain used? .NET 中的客户端证书 - client certificates in .NET Asp.net Core的Docker容器上的Nuget CA证书错误 - Nuget CA certificates error on a docker container of Asp.net core 有没有一种方法可以使用FtpWebRequest使用C#中的客户端证书对FTP进行身份验证? - Is there a way to use FtpWebRequest to authenticate to FTP using client certificates in C#? 通过Asp.net MVC申请客户证书 - Requesting Client Certificate with Asp.net MVC 如何配置IIS / Asp.Net以将客户端证书用于TLS连接到服务器 - How to configure IIS/Asp.Net to use a client Certificate for TLS connection to a server 将Identyserver4与asp.net核心Web服务器一起使用时有两个证书? - Two Certificates when using Identyserver4 with asp.net core webserver?
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM