带有客户端证书身份验证的.Net Core Web API
[英].Net Core Web API with Client Certificate Authentication
问题描述
I've developed a simple WEB API service in .Net Core 2.1 
我在.Net Core 2.1中开发了一个简单的WEB API服务
I'm trying to implement a client certificate authentication, so I can give access to the APIs only to the clients that have a specific certificate installed on their machine. 我正在尝试实现客户端证书身份验证,因此我只能将API访问其计算机上安装了特定证书的客户端。
The clients access the API using a browser (Chrome, Edge, IE11 or Firefox). 客户使用浏览器(Chrome,Edge,IE11或Firefox)访问API。
I've added in the API method the request for the certificate: 我在API方法中添加了证书请求:
[HttpGet]
public ActionResult<IEnumerable<string>> Get()
{
X509Certificate2 cert = Request.HttpContext.Connection.ClientCertificate;
if (cert!=null && cert.Verify())
{
//more verification here...
return Content("....", "application/json");
}
else
{
return Content("....", "application/json");
}
}
then I've installed a self-signed certificate and added to the Trusted Root, enabling the Client Authentication purpose. 然后我安装了一个自签名证书并添加到受信任的根目录,启用了客户端身份验证。
but the variable cert is always null and the browser didn't even prompt me to use a certificate when I request the page. 但变量cert始终为null,当我请求页面时,浏览器甚至没有提示我使用证书。
I suppose because I have to set somewhere that the web server must ask for the client certificate as it is possible to set in IIS, but in my development environment, I'm using IIS Express. 我想因为我必须在某处设置Web服务器必须要求客户端证书,因为可以在IIS中设置,但在我的开发环境中,我使用的是IIS Express。
How can I force IIS express to request a client certificate? 如何强制IIS express请求客户端证书?
3 个解决方案
解决方案1
3 已采纳 2018-12-13 13:10:33
For proper certificate authentication using the ASP.NET Core authentication stack, you can also check out idunno.Authentication.Certificate by Barry Dorrans himself. 要使用ASP.NET Core身份验证堆栈进行正确的证书身份验证,您还可以查看Barry Dorrans自己的idunno.Authentication.Certificate 。 It allows you to enable certificate authentication for your application and handles it like any other authentication scheme, so you can keep actual certificate-based logic out of your business logic. 它允许您为应用程序启用证书身份验证,并像处理任何其他身份验证方案一样处理它,因此您可以将实际的基于证书的逻辑保留在业务逻辑之外。
This project sort of contains an implementation of Certificate Authentication for ASP.NET Core.
You must configure your host for certificate authentication, be it IIS, Kestrel, Azure Web Applications or whatever else you're using.
Make sure to also check out the “documentation” on how to set this up properly, since it requires configuration of the host to work properly, just like you did with IIS Express. 请务必查看有关如何正确设置此文档的“文档” ,因为它需要配置主机才能正常工作,就像使用IIS Express一样。 Instructions for other servers like raw Kestrel, IIS, Azure or general reverse proxies are included. 包括其他服务器的说明,如原始Kestrel,IIS,Azure或一般反向代理。
解决方案2
1 2018-12-13 12:40:58
In order to enable IIS Express to start requesting client certificates and therefore pass them to the server side, the configuration file must be edited: 为了使IIS Express能够开始请求客户端证书并因此将它们传递到服务器端,必须编辑配置文件:
The whole configuration is inside the solution folder in the .vs\\config\\applicationhost.config 整个配置位于.vs \\ config \\ applicationhost.config中的解决方案文件夹中
Ensure the following values are set: 确保设置以下值:
<security>
<access sslFlags="Ssl, SslNegotiateCert, SslRequireCert" />
and 和
<iisClientCertificateMappingAuthentication enabled="true"></iisClientCertificateMappingAuthentication>
解决方案3
0 2019-07-30 14:14:17
For local testing, you can enable SSL in IIS Express from Visual Studio. 对于本地测试,您可以从Visual Studio中在IIS Express中启用SSL。 In the Properties window, set SSL Enabled to True. 在“属性”窗口中,将“SSL Enabled”设置为“True”。 Note the value of SSL URL; 注意SSL URL的值; use this URL for testing HTTPS connections. 使用此URL来测试HTTPS连接。
For Who needs Details here 对于谁需要详细信息
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.