堆栈内存溢出
  简体   繁体   English

无法使用指纹从 asp.net core 2.1 访问 X509Store 中的证书

[英]Cant access certificates in X509Store from asp.net core 2.1 with thumbprints

 原文  2020-09-14 17:40:56       c#/ asp.net-core/ iis/ x509certificate2/ certificate-store

问题描述

I have strange problem when accessing X509Store from IIS.从 IIS 访问 X509Store 时遇到奇怪的问题。 I can't look them up.我无法查找它们。
If I access both the rp cert and ca cert from powershell both are there,如果我从 powershell 访问 rp cert 和 ca cert 都在那里,

dir cert: -Recurse | dir cert: -Recurse | Where-Object { $_.Thumbprint -like " thumprintstring " } Where-Object { $_.Thumbprint -like " thumprintstring " }

I have checked that the thumbprints don't have a hidden char in the beginning of thumbprint我已经检查过指纹在指纹的开头没有隐藏的字符
I have set that the certificates are exportable when I install them我已设置证书在安装时可导出
I have for the moment set it accessable for everyone(its a certificate to a test server) in certficate store我暂时将它设置为每个人都可以访问(它是测试服务器的证书)在证书存储中

This is code I use这是我使用的代码

                StoreLocation location = certificateConfig.UseCurrentUserStoreLocation ? StoreLocation.CurrentUser : StoreLocation.LocalMachine;
 
                using (var clientCertStore = new X509Store(StoreName.My, location))
                {
                    clientCertStore.Open(OpenFlags.ReadOnly);

                    //Search for the client cert
                    X509Certificate2 rpCert = GetCertByThumbprint(clientCertStore, certificateConfig.RpCertThumbprint);
                    if (rpCert == null)
                    {
                        throw new InvalidOperationException("No rp cert found for specified thumbprint #" + certificateConfig.RpCertThumbprint +"# "+location);
                    }
                    ClientCertificates.Add(rpCert);
                }
<snip>
        private X509Certificate2 GetCertByThumbprint(X509Store certStore, string thumbprint)
        {
            var certs = certStore.Certificates.Find(X509FindType.FindByThumbprint, thumbprint, false);

            return certs.Count > 0 ? certs[0] : null;
        }

The rpcert is always null whatever i try.无论我尝试什么,rpcert 始终为空。
Do I need another way to open up the store from IIS?我是否需要另一种方式从 IIS 打开商店?
Any ideas or suggestions?有什么想法或建议吗? What am I missing?我错过了什么?

1 个解决方案

解决方案1
 0 已采纳  2020-09-16 08:25:46

The problem was not what I expected.问题出乎我的意料。 The config read from enviromentvariables that had been deleted so they didnt show in enviromentvariables and the server had not been restarted.配置从已删除的环境变量中读取,因此它们没有显示在环境变量中并且服务器没有重新启动。 And the deleted ones had most likely the bad character infront of the thumbprint.而被删除的很可能是指纹前面的坏字符。 Restarting iis doesn't solve this since the network service account doesnt reread these when already loggedon.重新启动 iis 不能解决这个问题,因为网络服务帐户在已经登录时不会重新读取这些。

Follow up question: Is possible to relogin in network service account without restarting the server?追问:是否可以在不重启服务器的情况下重新登录网络服务帐户?

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 .NET core X509Store on Linux - .NET core X509Store on linux 如何从 X509Store 加载受密码保护的证书? - how to load password protected certificates from the X509Store? .NET的X509Store可以用于从远程Linux商店获取证书吗? - Can .NET's X509Store be used to get certificates from remote Linux stores? 从 X509Store 频繁检索证书 - Frequent retrieval of certificates from X509Store 无法从X509Store读取CurrentUser证书 - Can't read CurrentUser certificates from X509Store 如何检索 X509Store 中的所有证书 - How to retrieve all certificates in your X509Store X509Store证书。查找FindByThumbprint - X509Store Certificates.Find FindByThumbprint X509Store 证书问题。查找 FindByThumbprint - Problems with X509Store Certificates.Find FindByThumbprint C# X509存储访问 Web 托管 - C# X509Store Access Web Hosting 由于X509Store中的store.Open和store.Certificates.Find方法而导致的性能影响 - Performance impact due to store.Open and store.Certificates.Find methods in X509Store
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM