无法从控制台应用程序向Web API发送/接收客户端证书
[英]Fail to send/receive Client Certificate from Console App to web api
问题描述
I created a Web Api to accept a client certificate. 
我创建了一个Web Api以接受客户端证书。
I am calling the web api from a console app using the following code. 我正在使用以下代码从console app调用Web API。
var uri = new Uri("https://myservice.azurewebsites.net/api/values");
var handler = new WebRequestHandler();
handler.ClientCertificateOptions = ClientCertificateOption.Manual;
var certResults = new X509Store(StoreLocation.LocalMachine);
var certStore = new X509Store(StoreName.My, StoreLocation.CurrentUser);
try
{
certStore.Open(OpenFlags.ReadOnly);
}
catch (Exception)
{
Console.WriteLine("Unable to access Certificate store");
}
var thumbprint = "<<self signed cert thumbprint>>";
var certCollection = certStore.Certificates.Find(X509FindType.FindByThumbprint, thumbprint, false);
certStore.Close();
HttpClient client = new HttpClient(handler);
if (certCollection.Count > 0)
{
handler.ClientCertificates.Add(certCollection[0]);
client.DefaultRequestHeaders.Add("Thumbprint", certCollection[0].Thumbprint);
}
var result = client.GetAsync(uri).GetAwaiter().GetResult();
Console.WriteLine($"status: {result.StatusCode}");
Console.WriteLine($"content: {result.Content.ReadAsStringAsync().GetAwaiter().GetResult()}");
Console.ReadLine();
}
On the server side, I added a middleware to get the certificate details. 在服务器端,我添加了一个中间件来获取证书详细信息。
{
//var certHeader = context.Request.Headers["X-ARR-ClientCert"];
var certificate = context.Connection.ClientCertificate;
if (certificate != null)
{
try
{
//var clientCertBytes = Convert.FromBase64String(certHeader);
//var certificate = new X509Certificate2(clientCertBytes);
bool isValidCert = IsValidClientCertificate(certificate);
if (isValidCert)
{
await _next.Invoke(context);
}
else
{
_logger.LogError("Certificate is not valid");
context.Response.StatusCode = 403;
}
}
catch (Exception ex)
{
_logger.LogError(ex.Message, ex);
await context.Response.WriteAsync(ex.Message);
context.Response.StatusCode = 403;
}
}
else
{
_logger.LogError("X-ARR-ClientCert header is missing");
context.Response.StatusCode = 403;
}
}
I tried running it on the local machine and on Azure App Services. 我尝试在本地计算机和Azure App Services上运行它。 I set the flag clientCertEnabled to true in resources.azure.com . 我在resources.azure.com中将标志clientCertEnabled设置为true 。 Web Api is SSL enabled. Web Api已启用SSL。
But the certificate is always coming as null in both 但是,证书在两种情况下都始终为null
var certHeader = context.Request.Headers["X-ARR-ClientCert"]; and var certificate = context.Connection.ClientCertificate; 和var certificate = context.Connection.ClientCertificate; . 。
What am I doing wrong here? 我在这里做错了什么?
Thanks in advance. 提前致谢。
1 个解决方案
解决方案1
0 已采纳 2019-04-30 17:06:58
Was reasearching some of this stuff myself and seeing your question, I wonder if you are having one of the issues described in the link Securing ASP.NET WebAPI using Client Certificates 我自己在研究其中的一些内容并看到了您的问题,我想知道您是否遇到了使用客户端证书保护ASP.NET WebAPI链接中描述的问题之一。
Specifically: 特别:
4 Add MyPersonalCA.cer to Local Machine -> Truted Root Certificate Authorities.
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.