使用 OWIN 在 IIS 10 中设置自定义证书身份验证
[英]Setting up custom certificate authentication in IIS 10 using OWIN
问题描述
We are trying to setup multiple authentication using OWIN/Katana and the webapi will be hosted on IIS 10 with certificate authentication and windows authentication.
我们正在尝试使用 OWIN/Katana 设置多重身份验证,并且 webapi 将托管在具有证书身份验证和 Windows 身份验证的 IIS 10 上。 I'm following this blog by Andras Nemes to setup my local client and server certificate authentication.我正在关注Andras Nemes 的这个博客来设置我的本地客户端和服务器证书身份验证。 Unfortunately, after setting up the Web API in IIS, when I try to access the website with the client certificate, I'm getting 403 Forbidden error which says that the certificate is not trusted or invalid.不幸的是,在 IIS 中设置 Web API 后,当我尝试使用客户端证书访问网站时,我收到 403 Forbidden 错误,表示证书不受信任或无效。 I'm not sure what is causing this issue.我不确定是什么导致了这个问题。
I tried setting up my IIS by following other posts also, I've tried to add the website certificate to IIS and bind it with mylocalsite.local and tried with and without editing “system.webServer/security/authentication/iisClientCertificateMappingAuthentication”.我也尝试通过关注其他帖子来设置我的 IIS,我尝试将网站证书添加到 IIS 并将其与 mylocalsite.local 绑定,并尝试使用和不编辑“system.webServer/security/authentication/iisClientCertificateMappingAuthentication”。
After searching a lot I found similar results but none of them worked.经过大量搜索,我发现了类似的结果,但没有一个有效。 I'm not sure if it is because of the IIS 10 has a different workflow of configuring client server certificate authentication mechanism or is there a problem with my certificates.我不确定是因为 IIS 10 具有不同的配置客户端服务器证书身份验证机制的工作流程,还是我的证书有问题。
Following are my self signed certificates, and I also have there pfx files.以下是我的自签名证书,我也有 pfx 文件。
RootCertificate:根证书:
RootCertificate.cer has been installed in Local Computer Trusted Root Certification Authorities as well as in Current User Trusted certificates. RootCertificate.cer 已安装在本地计算机受信任的根证书颁发机构以及当前用户受信任的证书中。
localtestclientcert:本地测试客户端证书:
localtestclientcert.pfx has been installed in Current User under Personal certificates.
localtestclientcert.pfx 已安装在当前用户的个人证书下。
mylocalsite.local: mylocalsite.local:
mylocalsite.local.pfx has been installed in Local Computer under personal certificates.
mylocalsite.local.pfx 已安装在个人证书下的本地计算机中。
IIS Server certificates IIS 服务器证书
website bindings网站绑定
SSL settings of the website网站的 SSL 设置
EDIT 1: Modified "Trusted Certificates" to "Trusted Root Certification Authorities" for clarity编辑 1:为清楚起见,将“受信任的证书”修改为“受信任的根证书颁发机构”
1 个解决方案
解决方案1
0 2022-07-17 16:47:47
The solution is to add the root certificate to the trusted authorities using MMC (machine account) as indicated in this tutorial https://docs.microsoft.com/en-gb/archive/blogs/asiatech/how-to-create-an-iis-website-that-requires-client-certificate-using-self-signed-certificates解决方案是使用 MMC(机器帐户)将根证书添加到受信任的机构,如本教程所示https://docs.microsoft.com/en-gb/archive/blogs/asiatech/how-to-create-an -iis-website-that-requires-client-certificate-using-self-signed-certificates
If you import the certif to perosnal account using certmgr you'll get this error如果您使用 certmgr 将证书导入个人帐户,您将收到此错误
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.