客户端身份验证方案“匿名”网络核心禁止 HTTP 请求
[英]The HTTP request was forbidden with client authentication scheme 'Anonymous' net core
问题描述
I'm having a .net core API and an EmailService as a connected service (WCF) The EmailService is hosted on IIS (HTTPS);
我有一个 .net 核心 API 和一个作为连接服务 (WCF) 的 EmailService。EmailService 托管在 IIS (HTTPS) 上; I'm trying to connect to the emailService with a Client Certificate.我正在尝试使用客户端证书连接到 emailService。 Everything is fine but i'm getting the一切都很好,但我得到了
The HTTP request was forbidden with client authentication scheme 'Anonymous' error;
- On the EmailService side:在电子邮件服务端:
The SSL Settings are on Require SSL (Require), the IIS Binding is on HTTPS SSL 设置在 Require SSL (Require) 上,IIS 绑定在 HTTPS 上
- On the API side:在 API 方面:
When i'm trying to access the emailservice by chrome browser, i'm getting a prompt for a client certificate, i'm picking the cert and everything works alright;当我尝试通过 chrome 浏览器访问电子邮件服务时,我收到了一个客户端证书的提示,我正在选择证书并且一切正常;
Any suggestions?有什么建议? Thanks谢谢
1 个解决方案
解决方案1
-1 2020-04-02 03:12:16
I am not sure if you can call the service properly since WS-security is not supported in DotNet Core.我不确定您是否可以正确调用该服务,因为 DotNet Core 不支持 WS-security。 Anyway, this error typically indicates that the client's certificate cannot be recognized by the server-side when establishing the Https communication.无论如何,这个错误通常表示客户端的证书在建立Https通信时无法被服务器端识别。 Also, if your client communicates with the server over HTTP and the server requires SSL , this kind of error also occurred.此外,如果您的客户端通过HTTP与服务器通信并且服务器需要SSL ,也会发生这种错误。
The Https secure communication between the client-side and the server-side can not be established properly.客户端和服务器端之间的 Https 安全通信无法正常建立。 As you know, the https secure communication requires the procedure of exchanging each other's public key of the certificate.如您所知,https 安全通信需要交换彼此的证书公钥的过程。 Therefore, the server-side and the client-side should establish mutual trust.因此,服务器端和客户端应该建立相互信任。 In other words, the server's certificate must be trusted by the client and the client's certificate must be trusted by the server.换句话说,服务器的证书必须被客户端信任,而客户端的证书必须被服务器信任。 The specific operation is to install the certificate in the local Trusted Root Certification Authorities .具体操作是在本地的Trusted Root Certification Authorities安装Trusted Root Certification Authorities 。
Please refer to the below link.请参考以下链接。
https://docs.microsoft.com/en-us/dotnet/framework/wcf/feature-details/transport-security-with-certificate-authentication https://docs.microsoft.com/en-us/dotnet/framework/wcf/feature-details/transport-security-with-certificate-authentication
Besides, the client-side should have access to the private key of the certificate provided by the client so that the https secure communication is valid.此外,客户端应该可以访问客户端提供的证书的私钥,以便https安全通信有效。 The specific operation is to add the current user to the private key management group of the certificate.具体操作是将当前用户加入到证书的私钥管理组中。
Feel free to let me know if there is anything I can help with.如果有什么我可以帮忙的,请随时告诉我。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.