[英]ASP.NET Core Kestrel on Linux never prompts for client certificate
我有一個ASP.NET Core 1.1應用程序設置為使用Https並需要客戶端證書:
我正在Linux上運行該應用程序。
如果我將ClientCertificateMode更改為“AllowCertificates”,那么一切正常,但瀏覽器從不提示客戶端證書。
設置了“RequireCertificate”后,瀏覽器仍然沒有提示輸入證書,我在服務器端獲得了以下兩個例外(兩次重復)並且沒有響應返回瀏覽器:
Microsoft.AspNetCore.Server.Kestrel:錯誤:ConnectionFilter.OnConnection
System.AggregateException:發生一個或多個錯誤。 (身份驗證失敗,因為遠程方已關閉傳輸流。)---> System.IO.IOException:身份驗證失敗,因為遠程方已關閉傳輸流。 在System.Net.Security.SslState.StartReadFrame(Byte []緩沖區,Int32 readBytes,AsyncProtocolRequest asyncRequest)處於System.Net.Security.SslState.PartialFrameCallback(AsyncProtocolRequest asyncRequest)---從先前位置拋出異常的堆棧跟蹤結束---位於System.Net.Security的System.Net.Security.SslState.EndProcessAuthentication(IAsyncResult結果)的System.Net.Security.SslState.InternalEndProcessAuthentication(LazyAsyncResult lazyResult)中的System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()。 System.Threading.Tasks.TaskFactory上的SslStream.EndAuthenticateAsServer(IAsyncResult asyncResult) 1.FromAsyncCoreLogic(IAsyncResult iar, Func 2 endFunction,Action 1 endAction, Task 1 promise,Boolean requiresSynchronization)---來自先前位置的堆棧跟蹤結束,其中異常是拋出---在System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification的System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()處 Microsoft.AspNetCore.Server.Kestrel.Https.HttpsConnectionFilter.d__3.MoveNext()---內部異常堆棧跟蹤結束--- --->(內部異常#0)System.IO.IOException:身份驗證失敗因為遠程方已關閉傳輸流。 在System.Net.Security.SslState.StartReadFrame(Byte []緩沖區,Int32 readBytes,AsyncProtocolRequest asyncRequest)處於System.Net.Security.SslState.PartialFrameCallback(AsyncProtocolRequest asyncRequest)---從先前位置拋出異常的堆棧跟蹤結束---位於System.Net.Security的System.Net.Security.SslState.EndProcessAuthentication(IAsyncResult結果)的System.Net.Security.SslState.InternalEndProcessAuthentication(LazyAsyncResult lazyResult)中的System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()。 System.Threading.Tasks.TaskFactory上的SslStream.EndAuthenticateAsServer(IAsyncResult asyncResult) 1.FromAsyncCoreLogic(IAsyncResult iar, Func 2 endFunction,Action 1 endAction, Task 1 promise,Boolean requiresSynchronization)---來自先前位置的堆棧跟蹤結束,其中異常是拋出---在System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification的System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()處 任務)在Microsoft.AspNetCore.Server.Kestrel.Https.HttpsConnectionFilter.d__3.MoveNext()<---
Microsoft.AspNetCore.Server.Kestrel:錯誤:ConnectionFilter.OnConnection
System.AggregateException:發生一個或多個錯誤。 (根據驗證過程,遠程證書無效。)---> System.Security.Authentication.AuthenticationException:根據驗證程序,遠程證書無效。 System.Net.Security.SslState.CheckCompletionBeforeNextReceive(ProtocolToken message,AsyncProtocolRequest asyncRequest)上的System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()處於System.Net.Security.SslState.StartSendAuthResetSignal(ProtocolToken消息,AsyncProtocolRequest asyncRequest,ExceptionDispatchInfo異常)處在System.Net.Security的System.Net.Security.SslState.ProcessReceivedBlob(Byte []緩沖區,Int32計數,AsyncProtocolRequest asyncRequest)處的System.Net.Security.SslState.StartSendBlob(Byte [] incoming,Int32 count,AsyncProtocolRequest asyncRequest)。 System.Net.Security.SslState.CheckCompletionBeforeNextReceive的System.Net.Security.SslState.StartReceiveBlob(Byte []緩沖區,AsyncProtocolRequest asyncRequest)中的SslState.StartReadFrame(Byte []緩沖區,Int32 readBytes,AsyncProtocolRequest asyncRequest)(ProtocolToken消息,AsyncProtocolRequest asyncRequest) )在System.Net.Security.SslState.StartSendBlob(Byte []傳入,Int32計數,AsyncProtocolRequest asyn System.Net上的System.Net.Security.SslState.ProcessReceivedBlob(Byte []緩沖區,Int32計數,AsyncProtocolRequest asyncRequest)處於System.Net的System.Net.Security.SslState.StartReadFrame(Byte []緩沖區,Int32 readBytes,AsyncProtocolRequest asyncRequest)處的cRequest) System.Net.Security.SslState.StartSendBlob(Byte []傳入,Int32計數的System.Net.Security.SslState.CheckCompletionBeforeNextReceive(ProtocolToken message,AsyncProtocolRequest asyncRequest).Security.SslState.StartReceiveBlob(Byte [] buffer,AsyncProtocolRequest asyncRequest)系統中的System.Net.Security.SslState.ProcessReceivedBlob(Byte []緩沖區,Int32計數,AsyncProtocolRequest asyncRequest),系統上的System.Net.Security.SslState.StartReadFrame(Byte []緩沖區,Int32 readBytes,AsyncProtocolRequest asyncRequest),AsyncProtocolRequest asyncRequest) System.Net.Security.SslState.CheckCompletionBeforeNextReceive中的.Net.Security.SslState.StartReceiveBlob(Byte []緩沖區,AsyncProtocolRequest asyncRequest)(ProtocolToken消息,AsyncProtoco) lRequest asyncRequest)在System.Net.Security.SslState.StartSendBlob(Byte [] incoming,Int32 count,AsyncProtocolRequest asyncRequest)處於System.Net.Security.SslState.ProcessReceivedBlob(Byte [] buffer,Int32 count,AsyncProtocolRequest asyncRequest)。 System.Net.Security.SslState.PartialFrameCallback(AsyncProtocolRequest asyncRequest)中的Net.Security.SslState.StartReadFrame(Byte []緩沖區,Int32 readBytes,AsyncProtocolRequest asyncRequest)---從拋出異常的上一個位置開始的堆棧跟蹤結束---位於System.Net.Security.SslStream.EndAuthenticateAsServer上的System.Net.Security.SslState.EndProcessAuthentication(IAsyncResult結果)中的System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()處於System.Net.Security.SslState.InternalEndProcessAuthentication(LazyAsyncResult lazyResult)處System.Threading.Tasks.TaskFactory上的(IAsyncResult asyncResult) 1.FromAsyncCoreLogic(IAsyncResult iar, Func 2 endFunction,Action 1 endAction, Task 1 promise,Boolean requiresSyn chronization)---拋出異常的前一個位置的堆棧跟蹤結束---在Microsoft.AspNetCore的System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(任務任務)的System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()處。 Server.Kestrel.Https.HttpsConnectionFilter.d__3.MoveNext()---內部異常堆棧跟蹤結束--- --->(內部異常#0)System.Security.Authentication.AuthenticationException:根據遠程證書無效驗證程序。 System.Net.Security.SslState.CheckCompletionBeforeNextReceive(ProtocolToken message,AsyncProtocolRequest asyncRequest)上的System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()處於System.Net.Security.SslState.StartSendAuthResetSignal(ProtocolToken消息,AsyncProtocolRequest asyncRequest,ExceptionDispatchInfo異常)處在System.Net.Security的System.Net.Security.SslState.ProcessReceivedBlob(Byte []緩沖區,Int32計數,AsyncProtocolRequest asyncRequest)處的System.Net.Security.SslState.StartSendBlob(Byte [] incoming,Int32 count,AsyncProtocolRequest asyncRequest)。 System.Net.Security.SslState.CheckCompletionBeforeNextReceive的System.Net.Security.SslState.StartReceiveBlob(Byte []緩沖區,AsyncProtocolRequest asyncRequest)中的SslState.StartReadFrame(Byte []緩沖區,Int32 readBytes,AsyncProtocolRequest asyncRequest)(ProtocolToken消息,AsyncProtocolRequest asyncRequest) )在System.Net.Security.SslState.StartSendBlob(Byte []傳入,Int32計數,AsyncProtocolRequest asyn System.Net上的System.Net.Security.SslState.ProcessReceivedBlob(Byte []緩沖區,Int32計數,AsyncProtocolRequest asyncRequest)處於System.Net的System.Net.Security.SslState.StartReadFrame(Byte []緩沖區,Int32 readBytes,AsyncProtocolRequest asyncRequest)處的cRequest) System.Net.Security.SslState.StartSendBlob(Byte []傳入,Int32計數的System.Net.Security.SslState.CheckCompletionBeforeNextReceive(ProtocolToken message,AsyncProtocolRequest asyncRequest).Security.SslState.StartReceiveBlob(Byte [] buffer,AsyncProtocolRequest asyncRequest)系統中的System.Net.Security.SslState.ProcessReceivedBlob(Byte []緩沖區,Int32計數,AsyncProtocolRequest asyncRequest),系統上的System.Net.Security.SslState.StartReadFrame(Byte []緩沖區,Int32 readBytes,AsyncProtocolRequest asyncRequest),AsyncProtocolRequest asyncRequest) System.Net.Security.SslState.CheckCompletionBeforeNextReceive中的.Net.Security.SslState.StartReceiveBlob(Byte []緩沖區,AsyncProtocolRequest asyncRequest)(ProtocolToken消息,AsyncProtoco) lRequest asyncRequest)在System.Net.Security.SslState.StartSendBlob(Byte [] incoming,Int32 count,AsyncProtocolRequest asyncRequest)處於System.Net.Security.SslState.ProcessReceivedBlob(Byte [] buffer,Int32 count,AsyncProtocolRequest asyncRequest)。 System.Net.Security.SslState.PartialFrameCallback(AsyncProtocolRequest asyncRequest)中的Net.Security.SslState.StartReadFrame(Byte []緩沖區,Int32 readBytes,AsyncProtocolRequest asyncRequest)---從拋出異常的上一個位置開始的堆棧跟蹤結束---位於System.Net.Security.SslStream.EndAuthenticateAsServer上的System.Net.Security.SslState.EndProcessAuthentication(IAsyncResult結果)中的System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()處於System.Net.Security.SslState.InternalEndProcessAuthentication(LazyAsyncResult lazyResult)處System.Threading.Tasks.TaskFactory上的(IAsyncResult asyncResult) 1.FromAsyncCoreLogic(IAsyncResult iar, Func 2 endFunction,Action 1 endAction, Task 1 promise,Boolean requiresSyn chronization)---拋出異常的前一個位置的堆棧跟蹤結束---在Microsoft.AspNetCore的System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(任務任務)的System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()處。 Server.Kestrel.Https.HttpsConnectionFilter.d__3.MoveNext()<---
我花了大約四個小時嘗試不同的東西和谷歌搜索,但我似乎無法弄清楚問題的核心原因是什么,所以我想要檢查一下這里是否有人有想法。
不確定你是否找到了解決方案,但我最近遇到了類似的問題。 我發現如果您沒有任何由服務器信任的CA簽名的客戶端證書,則不會提示您。 我的解決方案是將根CA添加到Linux中的信任存儲區,之后將適當地發送/提示客戶端證書。
我最終使用IIS作為反向代理來獲取證書信息(並進行驗證),然后將其傳遞給標頭到Kestrel。
OnCertificateValidated 未運行 - 自簽名證書客戶端身份驗證 - ASP.NET Core 和 Kestrel
[英]OnCertificateValidated not running - Self-Signed Certificate Client Authentication - ASP.NET Core and Kestrel
將Linux客戶端證書添加到Linux上的Kestrel REST API的.NET Core無法通過服務器證書驗證
[英].NET Core adding client certificate to POST to Kestrel REST API on Linux fails server cert validation
為什么 Asp.Net Core Kestrel 服務器向 Ngrok 返回 404 並且控制器永遠不會被調用?
[英]Why is Asp.Net Core Kestrel server returns 404 to Ngrok and Controller is never gets called?
在 Linux Docker 中查詢 Asp.net Core/Kestrel 中的布爾屬性的 Firestore 崩潰
[英]Querying Firestore for Boolean property in Asp.net Core/Kestrel Crashes in Linux Docker
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.
