![](/img/trans.png)
[英]Require client certificates in IIS for non-local network requests using HttpModule
[英]Using local certificates by IIS
我已经开发了Web API服务,该服务可以要求另一个需要个人证书的Web API。
当我在本地PC上开发此服务时,我像这样使用了HttpClient:
_handler = new HttpClientHandler()
{ ClientCertificateOptions = ClientCertificateOption.Automatic };
_client = new HttpClient(_handler);
我的个人证书是从我的PC上获得的。
然后,我想将项目发布到Windows Server 2012 R2上的IIS 8。
首先,我已经在服务器上安装了所有证书,并在IIS中设置了应用程序池,IIS由服务用户启动,但是我的API应用程序使用了我帐户的池(证书已绑定到该池)。 但是,当我尝试发出请求时,出现如下异常:
<InnerException>
<Message>An error has occurred.</Message>
<ExceptionMessage>An error occurred while sending the request.</ExceptionMessage>
<ExceptionType>System.Net.Http.HttpRequestException</ExceptionType>
<StackTrace/>
<InnerException>
<Message>An error has occurred.</Message>
<ExceptionMessage>
The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel.
</ExceptionMessage>
<ExceptionType>System.Net.WebException</ExceptionType>
<StackTrace>
at System.Net.HttpWebRequest.EndGetRequestStream(IAsyncResult asyncResult, TransportContext& context) at System.Net.Http.HttpClientHandler.GetRequestStreamCallback(IAsyncResult ar)
</StackTrace>
<InnerException>
<Message>An error has occurred.</Message>
<ExceptionMessage>
The remote certificate is invalid according to the validation procedure.
</ExceptionMessage>
<ExceptionType>
System.Security.Authentication.AuthenticationException
</ExceptionType>
<StackTrace>
at System.Net.TlsStream.EndWrite(IAsyncResult asyncResult) at System.Net.ConnectStream.WriteHeadersCallback(IAsyncResult ar)
</StackTrace>
</InnerException>
</InnerException>
</InnerException>
我认为我的问题是IIS无法使用我已经在Windows Server上安装的证书。
我该如何解决?
在调用HttpClient之前使用它。 请记住,此代码仅适用于开发机器。 请勿在生产中使用
ServicePointManager.ServerCertificateValidationCallback =
delegate (
object s,
X509Certificate certificate,
X509Chain chain,
SslPolicyErrors sslPolicyErrors
) {
return true;
};
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.