堆棧內存溢出
  簡體   English   中英

GetRequestContext()。ClientCertificate始終返回null

[英]GetRequestContext().ClientCertificate always return null

 原文  2018-03-27 05:51:23       c#/ asp.net-web-api2

問題描述

我正在使用自托管的Web API進行基於客戶端證書的身份驗證,但是當嘗試使用GetRequestContext()從請求中獲取證書時,Web API總是返回null。

這是Web API端的代碼 

    protected override System.Threading.Tasks.Task<HttpResponseMessage>
                SendAsync(HttpRequestMessage request, CancellationToken cancellationToken)
        {
  HttpResponseMessage response = ValidateCertificate(request);
            if (response.StatusCode == HttpStatusCode.OK)
                return base.SendAsync(request, cancellationToken);
            else
                return Task<HttpResponseMessage>.Factory.StartNew(() => response);
        }

private HttpResponseMessage ValidateCertificate(HttpRequestMessage request)
        {
            var certificateFromRequest = request.GetRequestContext().ClientCertificate;

            if (certificateFromRequest == null)
            {
                return request.CreateResponse(HttpStatusCode.NotAcceptable, "Certificate is not available in request!");
            }

在客戶端代碼是: 

WebRequestHandler handler = new WebRequestHandler();
            X509Certificate2 certificate = ConfigurationManager.AppSettings["MSIClientCertificateThumbprint"].CleanThumbprint().GetCertByThumbprint();

            handler.ClientCertificates.Add(certificate);
using (var httpClient = new HttpClient(handler))
            {
                var response = await httpClient.PostAsync($"{ConfigurationManager.AppSettings["WEBAPIPATH"]}/api/controller/{param}", null);
                response.EnsureSuccessStatusCode();
            }

我總是看到證書在帶有私鑰的HTTPClient中正確傳遞,但是Web API仍然找不到它

1 個解決方案

解決方案1
 0  2018-03-28 12:51:00

通過將客戶端項目從net452更新為net461來解決該問題。

添加客戶端證書時,HttpClient要求私鑰在證書上可用

我從以下PowerShell命令生成證書 

New-SelfSignedCertificate -Subject "Subject" -FriendlyName "Name" -NotAfter (Get-Date).AddYears(5) -CertStoreLocation cert:\localmachine\my

生成基於CNG加密的私鑰,但net452不支持

另外,在將客戶端項目更新為net461之后,我還必須向PowerShell命令添加其他參數以生成證書。 

New-SelfSignedCertificate -Subject "UcClearly" -FriendlyName "UcClearly.MSI.API" -NotAfter (Get-Date).AddYears(5) -CertStoreLocation cert:\localmachine\my -KeyExportPolicy Exportable -KeySpec Signature

暫無
暫無

聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.

相關問題 Request.HttpContext.Connection.ClientCertificate 始終為 null c# gRPC Context.Connection.ClientCertificate 在服務器端始終為 null ClaimsResponse總是返回Null action始終返回null 總是返回 null 的方法 Cookie始終返回Null ExecuteScalar()始終返回NULL 值始終返回null GetInterface始終返回null XPathSelectElement始終返回null
相關標簽
 
粵ICP備18138465號  © 2020-2024 STACKOOM.COM