[英]ASP.NET Core Kestrel on Linux never prompts for client certificate
我有一个ASP.NET Core 1.1应用程序设置为使用Https并需要客户端证书:
我正在Linux上运行该应用程序。
如果我将ClientCertificateMode更改为“AllowCertificates”,那么一切正常,但浏览器从不提示客户端证书。
设置了“RequireCertificate”后,浏览器仍然没有提示输入证书,我在服务器端获得了以下两个例外(两次重复)并且没有响应返回浏览器:
Microsoft.AspNetCore.Server.Kestrel:错误:ConnectionFilter.OnConnection
System.AggregateException:发生一个或多个错误。 (身份验证失败,因为远程方已关闭传输流。)---> System.IO.IOException:身份验证失败,因为远程方已关闭传输流。 在System.Net.Security.SslState.StartReadFrame(Byte []缓冲区,Int32 readBytes,AsyncProtocolRequest asyncRequest)处于System.Net.Security.SslState.PartialFrameCallback(AsyncProtocolRequest asyncRequest)---从先前位置抛出异常的堆栈跟踪结束---位于System.Net.Security的System.Net.Security.SslState.EndProcessAuthentication(IAsyncResult结果)的System.Net.Security.SslState.InternalEndProcessAuthentication(LazyAsyncResult lazyResult)中的System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()。 System.Threading.Tasks.TaskFactory上的SslStream.EndAuthenticateAsServer(IAsyncResult asyncResult) 1.FromAsyncCoreLogic(IAsyncResult iar, Func 2 endFunction,Action 1 endAction, Task 1 promise,Boolean requiresSynchronization)---来自先前位置的堆栈跟踪结束,其中异常是抛出---在System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification的System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()处 Microsoft.AspNetCore.Server.Kestrel.Https.HttpsConnectionFilter.d__3.MoveNext()---内部异常堆栈跟踪结束--- --->(内部异常#0)System.IO.IOException:身份验证失败因为远程方已关闭传输流。 在System.Net.Security.SslState.StartReadFrame(Byte []缓冲区,Int32 readBytes,AsyncProtocolRequest asyncRequest)处于System.Net.Security.SslState.PartialFrameCallback(AsyncProtocolRequest asyncRequest)---从先前位置抛出异常的堆栈跟踪结束---位于System.Net.Security的System.Net.Security.SslState.EndProcessAuthentication(IAsyncResult结果)的System.Net.Security.SslState.InternalEndProcessAuthentication(LazyAsyncResult lazyResult)中的System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()。 System.Threading.Tasks.TaskFactory上的SslStream.EndAuthenticateAsServer(IAsyncResult asyncResult) 1.FromAsyncCoreLogic(IAsyncResult iar, Func 2 endFunction,Action 1 endAction, Task 1 promise,Boolean requiresSynchronization)---来自先前位置的堆栈跟踪结束,其中异常是抛出---在System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification的System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()处 任务)在Microsoft.AspNetCore.Server.Kestrel.Https.HttpsConnectionFilter.d__3.MoveNext()<---
Microsoft.AspNetCore.Server.Kestrel:错误:ConnectionFilter.OnConnection
System.AggregateException:发生一个或多个错误。 (根据验证过程,远程证书无效。)---> System.Security.Authentication.AuthenticationException:根据验证程序,远程证书无效。 System.Net.Security.SslState.CheckCompletionBeforeNextReceive(ProtocolToken message,AsyncProtocolRequest asyncRequest)上的System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()处于System.Net.Security.SslState.StartSendAuthResetSignal(ProtocolToken消息,AsyncProtocolRequest asyncRequest,ExceptionDispatchInfo异常)处在System.Net.Security的System.Net.Security.SslState.ProcessReceivedBlob(Byte []缓冲区,Int32计数,AsyncProtocolRequest asyncRequest)处的System.Net.Security.SslState.StartSendBlob(Byte [] incoming,Int32 count,AsyncProtocolRequest asyncRequest)。 System.Net.Security.SslState.CheckCompletionBeforeNextReceive的System.Net.Security.SslState.StartReceiveBlob(Byte []缓冲区,AsyncProtocolRequest asyncRequest)中的SslState.StartReadFrame(Byte []缓冲区,Int32 readBytes,AsyncProtocolRequest asyncRequest)(ProtocolToken消息,AsyncProtocolRequest asyncRequest) )在System.Net.Security.SslState.StartSendBlob(Byte []传入,Int32计数,AsyncProtocolRequest asyn System.Net上的System.Net.Security.SslState.ProcessReceivedBlob(Byte []缓冲区,Int32计数,AsyncProtocolRequest asyncRequest)处于System.Net的System.Net.Security.SslState.StartReadFrame(Byte []缓冲区,Int32 readBytes,AsyncProtocolRequest asyncRequest)处的cRequest) System.Net.Security.SslState.StartSendBlob(Byte []传入,Int32计数的System.Net.Security.SslState.CheckCompletionBeforeNextReceive(ProtocolToken message,AsyncProtocolRequest asyncRequest).Security.SslState.StartReceiveBlob(Byte [] buffer,AsyncProtocolRequest asyncRequest)系统中的System.Net.Security.SslState.ProcessReceivedBlob(Byte []缓冲区,Int32计数,AsyncProtocolRequest asyncRequest),系统上的System.Net.Security.SslState.StartReadFrame(Byte []缓冲区,Int32 readBytes,AsyncProtocolRequest asyncRequest),AsyncProtocolRequest asyncRequest) System.Net.Security.SslState.CheckCompletionBeforeNextReceive中的.Net.Security.SslState.StartReceiveBlob(Byte []缓冲区,AsyncProtocolRequest asyncRequest)(ProtocolToken消息,AsyncProtoco) lRequest asyncRequest)在System.Net.Security.SslState.StartSendBlob(Byte [] incoming,Int32 count,AsyncProtocolRequest asyncRequest)处于System.Net.Security.SslState.ProcessReceivedBlob(Byte [] buffer,Int32 count,AsyncProtocolRequest asyncRequest)。 System.Net.Security.SslState.PartialFrameCallback(AsyncProtocolRequest asyncRequest)中的Net.Security.SslState.StartReadFrame(Byte []缓冲区,Int32 readBytes,AsyncProtocolRequest asyncRequest)---从抛出异常的上一个位置开始的堆栈跟踪结束---位于System.Net.Security.SslStream.EndAuthenticateAsServer上的System.Net.Security.SslState.EndProcessAuthentication(IAsyncResult结果)中的System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()处于System.Net.Security.SslState.InternalEndProcessAuthentication(LazyAsyncResult lazyResult)处System.Threading.Tasks.TaskFactory上的(IAsyncResult asyncResult) 1.FromAsyncCoreLogic(IAsyncResult iar, Func 2 endFunction,Action 1 endAction, Task 1 promise,Boolean requiresSyn chronization)---抛出异常的前一个位置的堆栈跟踪结束---在Microsoft.AspNetCore的System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(任务任务)的System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()处。 Server.Kestrel.Https.HttpsConnectionFilter.d__3.MoveNext()---内部异常堆栈跟踪结束--- --->(内部异常#0)System.Security.Authentication.AuthenticationException:根据远程证书无效验证程序。 System.Net.Security.SslState.CheckCompletionBeforeNextReceive(ProtocolToken message,AsyncProtocolRequest asyncRequest)上的System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()处于System.Net.Security.SslState.StartSendAuthResetSignal(ProtocolToken消息,AsyncProtocolRequest asyncRequest,ExceptionDispatchInfo异常)处在System.Net.Security的System.Net.Security.SslState.ProcessReceivedBlob(Byte []缓冲区,Int32计数,AsyncProtocolRequest asyncRequest)处的System.Net.Security.SslState.StartSendBlob(Byte [] incoming,Int32 count,AsyncProtocolRequest asyncRequest)。 System.Net.Security.SslState.CheckCompletionBeforeNextReceive的System.Net.Security.SslState.StartReceiveBlob(Byte []缓冲区,AsyncProtocolRequest asyncRequest)中的SslState.StartReadFrame(Byte []缓冲区,Int32 readBytes,AsyncProtocolRequest asyncRequest)(ProtocolToken消息,AsyncProtocolRequest asyncRequest) )在System.Net.Security.SslState.StartSendBlob(Byte []传入,Int32计数,AsyncProtocolRequest asyn System.Net上的System.Net.Security.SslState.ProcessReceivedBlob(Byte []缓冲区,Int32计数,AsyncProtocolRequest asyncRequest)处于System.Net的System.Net.Security.SslState.StartReadFrame(Byte []缓冲区,Int32 readBytes,AsyncProtocolRequest asyncRequest)处的cRequest) System.Net.Security.SslState.StartSendBlob(Byte []传入,Int32计数的System.Net.Security.SslState.CheckCompletionBeforeNextReceive(ProtocolToken message,AsyncProtocolRequest asyncRequest).Security.SslState.StartReceiveBlob(Byte [] buffer,AsyncProtocolRequest asyncRequest)系统中的System.Net.Security.SslState.ProcessReceivedBlob(Byte []缓冲区,Int32计数,AsyncProtocolRequest asyncRequest),系统上的System.Net.Security.SslState.StartReadFrame(Byte []缓冲区,Int32 readBytes,AsyncProtocolRequest asyncRequest),AsyncProtocolRequest asyncRequest) System.Net.Security.SslState.CheckCompletionBeforeNextReceive中的.Net.Security.SslState.StartReceiveBlob(Byte []缓冲区,AsyncProtocolRequest asyncRequest)(ProtocolToken消息,AsyncProtoco) lRequest asyncRequest)在System.Net.Security.SslState.StartSendBlob(Byte [] incoming,Int32 count,AsyncProtocolRequest asyncRequest)处于System.Net.Security.SslState.ProcessReceivedBlob(Byte [] buffer,Int32 count,AsyncProtocolRequest asyncRequest)。 System.Net.Security.SslState.PartialFrameCallback(AsyncProtocolRequest asyncRequest)中的Net.Security.SslState.StartReadFrame(Byte []缓冲区,Int32 readBytes,AsyncProtocolRequest asyncRequest)---从抛出异常的上一个位置开始的堆栈跟踪结束---位于System.Net.Security.SslStream.EndAuthenticateAsServer上的System.Net.Security.SslState.EndProcessAuthentication(IAsyncResult结果)中的System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()处于System.Net.Security.SslState.InternalEndProcessAuthentication(LazyAsyncResult lazyResult)处System.Threading.Tasks.TaskFactory上的(IAsyncResult asyncResult) 1.FromAsyncCoreLogic(IAsyncResult iar, Func 2 endFunction,Action 1 endAction, Task 1 promise,Boolean requiresSyn chronization)---抛出异常的前一个位置的堆栈跟踪结束---在Microsoft.AspNetCore的System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(任务任务)的System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()处。 Server.Kestrel.Https.HttpsConnectionFilter.d__3.MoveNext()<---
我花了大约四个小时尝试不同的东西和谷歌搜索,但我似乎无法弄清楚问题的核心原因是什么,所以我想要检查一下这里是否有人有想法。
不确定你是否找到了解决方案,但我最近遇到了类似的问题。 我发现如果您没有任何由服务器信任的CA签名的客户端证书,则不会提示您。 我的解决方案是将根CA添加到Linux中的信任存储区,之后将适当地发送/提示客户端证书。
我最终使用IIS作为反向代理来获取证书信息(并进行验证),然后将其传递给标头到Kestrel。
OnCertificateValidated 未运行 - 自签名证书客户端身份验证 - ASP.NET Core 和 Kestrel
[英]OnCertificateValidated not running - Self-Signed Certificate Client Authentication - ASP.NET Core and Kestrel
将Linux客户端证书添加到Linux上的Kestrel REST API的.NET Core无法通过服务器证书验证
[英].NET Core adding client certificate to POST to Kestrel REST API on Linux fails server cert validation
为什么 Asp.Net Core Kestrel 服务器向 Ngrok 返回 404 并且控制器永远不会被调用?
[英]Why is Asp.Net Core Kestrel server returns 404 to Ngrok and Controller is never gets called?
在 Linux Docker 中查询 Asp.net Core/Kestrel 中的布尔属性的 Firestore 崩溃
[英]Querying Firestore for Boolean property in Asp.net Core/Kestrel Crashes in Linux Docker
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.
