堆栈内存溢出
  简体   繁体   English

Azure 应用服务中的证书排除路径

[英]Certificate Exclusion Paths in Azure App Service

 原文  2021-06-28 17:27:05       azure/ azure-web-app-service/ client-certificates

问题描述

I've an Azure App Service where one single page requires a client certificate (ex: help/tools/checker ).我有一个 Azure 应用服务,其中一个页面需要客户端证书(例如: help/tools/checker )。

In the configuration of App Service, there isn't an option like "inclusion paths", so, I'm including all rest of my paths in the "exclusion paths" list, but, my problem here is that the homepage also is requiring the client certificate.在应用服务的配置中,没有像“包含路径”这样的选项,所以,我在“排除路径”列表中包含了我的所有路径 rest,但是,我的问题是主页也需要客户端证书。 Is there some trick to avoid this behavior?有什么技巧可以避免这种行为吗?

1 个解决方案

解决方案1
 0  2021-06-29 08:37:35

you can exclude from requiring the client certificate authentication by following the steps below:-您可以按照以下步骤从要求客户端证书身份验证中排除:-

When you enable mutual auth for your application, all paths under the root of your app require a client certificate for access.为应用程序启用相互身份验证后,应用程序根目录下的所有路径都需要客户端证书才能访问。 To remove this requirement for certain paths, define exclusion paths as part of your application configuration.要取消对某些路径的此要求,请将排除路径定义为应用程序配置的一部分。

-->From the left navigation of your app's management page, select Configuration > General Settings. --> 从应用管理页面的左侧导航中,选择配置 > 常规设置。

-->Next to Client exclusion paths, click the edit icon. --> 在客户端排除路径旁边,单击编辑图标。

-->Click New path, specify a path, or a list of paths separated by , or ;, and click OK. --> 单击新建路径,指定一个路径,或由 , 或 ; 分隔的路径列表,然后单击确定。

-->Click Save at the top of the page. -->点击页面顶部的保存。

In the following screenshot, any path for your app that starts with /public does not request a client certificate.在以下屏幕截图中,您的应用程序的任何以 /public 开头的路径都不会请求客户端证书。 Path matching is case-insensitive.路径匹配不区分大小写。 在此处输入图片说明

For more information related to TLS/Client Certificate Authentication you can go through this document click here .有关 TLS/客户端证书身份验证的更多信息,您可以浏览此文档, 单击此处

解决方案2
 0  2021-12-04 23:19:32

As you've discovered, any path that starts with one of the entries under Certificate Exclusion Paths will be excluded from requiring a client certificate.正如您所发现的,任何以证书排除路径下的条目之一开头的路径都将被排除在需要客户端证书之外。 Therefore if one of the exclusion paths is "/", then all paths will be excluded (since all paths start with "/").因此,如果排除路径之一是“/”,则所有路径都将被排除(因为所有路径都以“/”开头)。

One workaround would be to:一种解决方法是:

  1. Use Client Certificate Mode "Allow" (instead of "Require").使用客户端证书模式“允许”(而不是“要求”)。 This configures the App Service to request a client certificate from the client, but still allow the connection if no client certificate is provided.这会将应用服务配置为从客户端请求客户端证书,但如果未提供客户端证书,则仍允许连接。
  2. In your application code, check for the client certificate in the X-ARR-ClientCert header for only the paths you want.在您的应用程序代码中,仅检查您想要的路径的X-ARR-ClientCert标头中的客户端证书。 By writing the code yourself to check for client certificates, you have complete flexibility in the paths that require and don't require client certificates.通过自己编写代码来检查客户端证书,您可以完全灵活地选择需要和不需要客户端证书的路径。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 Azure 应用服务证书 ssl 到 AKS 入口 - Azure App Service Certificate ssl to AKS ingress Azure 应用服务导出证书 - Export certificate in Azure App Services Azure 服务主体使用 PowerShell 创建新证书 - Azure Service Principal create new certificate with PowerShell azure 应用服务上的受信任根证书 - Trusted root certificate on azure app services 如何将安全证书添加到应用服务 - How to add Secure Certificate to App Service 部署Azure function到微软Azure中的应用服务 - Deploy Azure function to app service in Microsoft Azure 应用服务证书被拒绝但域验证通过? - App Service Certificate Denied but Domain verification passed? 将带有wsHttpBinding的WCF服务迁移到Azure应用服务 - Migrating WCF service with wsHttpBinding to Azure App Service 如何下载导入到 Azure Function 应用程序中的 SSL 证书? - How to download SSL certificate that was imported into an Azure Function app? 我可以使用服务帐户证书登录 Azure 门户吗? - Can I log into Azure Portal using Service Account Certificate?
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM