[英]Require client certificates in IIS for non-local network requests using HttpModule
[英]Using local certificates by IIS
我已經開發了Web API服務,該服務可以要求另一個需要個人證書的Web API。
當我在本地PC上開發此服務時,我像這樣使用了HttpClient:
_handler = new HttpClientHandler()
{ ClientCertificateOptions = ClientCertificateOption.Automatic };
_client = new HttpClient(_handler);
我的個人證書是從我的PC上獲得的。
然后,我想將項目發布到Windows Server 2012 R2上的IIS 8。
首先,我已經在服務器上安裝了所有證書,並在IIS中設置了應用程序池,IIS由服務用戶啟動,但是我的API應用程序使用了我帳戶的池(證書已綁定到該池)。 但是,當我嘗試發出請求時,出現如下異常:
<InnerException>
<Message>An error has occurred.</Message>
<ExceptionMessage>An error occurred while sending the request.</ExceptionMessage>
<ExceptionType>System.Net.Http.HttpRequestException</ExceptionType>
<StackTrace/>
<InnerException>
<Message>An error has occurred.</Message>
<ExceptionMessage>
The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel.
</ExceptionMessage>
<ExceptionType>System.Net.WebException</ExceptionType>
<StackTrace>
at System.Net.HttpWebRequest.EndGetRequestStream(IAsyncResult asyncResult, TransportContext& context) at System.Net.Http.HttpClientHandler.GetRequestStreamCallback(IAsyncResult ar)
</StackTrace>
<InnerException>
<Message>An error has occurred.</Message>
<ExceptionMessage>
The remote certificate is invalid according to the validation procedure.
</ExceptionMessage>
<ExceptionType>
System.Security.Authentication.AuthenticationException
</ExceptionType>
<StackTrace>
at System.Net.TlsStream.EndWrite(IAsyncResult asyncResult) at System.Net.ConnectStream.WriteHeadersCallback(IAsyncResult ar)
</StackTrace>
</InnerException>
</InnerException>
</InnerException>
我認為我的問題是IIS無法使用我已經在Windows Server上安裝的證書。
我該如何解決?
在調用HttpClient之前使用它。 請記住,此代碼僅適用於開發機器。 請勿在生產中使用
ServicePointManager.ServerCertificateValidationCallback =
delegate (
object s,
X509Certificate certificate,
X509Chain chain,
SslPolicyErrors sslPolicyErrors
) {
return true;
};
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.