如何在.Net Core中使用客戶端SSL證書

Question

我最近想配置一個.net核心網站以使用客戶端SSL證書身份驗證

我找不到很好的例子，所以我做了一些研究，決定將結果發布給其他人。

Answer 1

在.net core 2.2中，可以在Program.cs配置Kestrel時將客戶端證書配置為.UseHttps方法中的一個選項Program.cs

使用此配置，當用戶在瀏覽器中拉出站點時，瀏覽器將顯示一個對話框，要求用戶選擇用於身份驗證的客戶端證書。 如果證書無效，服務器將返回HTTP 495 SSL Certificate Error

public static IWebHostBuilder CreateWebHostBuilder(string[] args) =>
        WebHost.CreateDefaultBuilder(args)
            .UseStartup<Startup>()
            .ConfigureKestrel((context, options) =>
            {
                options.Listen(IPAddress.Loopback, 5022);
                options.Listen(IPAddress.Loopback, 5023, listenOptions =>
                {
                    listenOptions.UseHttps((httpsOptions) =>
                    {
                        var certFileName = "server_cert.pfx";
                        var contentRoot = context.HostingEnvironment.ContentRootPath;
                        X509Certificate2 serverCert;
                        var path = Path.Combine(contentRoot, certFileName);
                        serverCert = new X509Certificate2(path, "<server cert password>");

                        httpsOptions.ServerCertificate = serverCert;
                        // this is what will make the browser display the client certificate dialog
                        httpsOptions.ClientCertificateMode = ClientCertificateMode.RequireCertificate;
                        httpsOptions.CheckCertificateRevocation = false;
                        httpsOptions.ClientCertificateValidation = (certificate2, validationChain, policyErrors) =>
                        {
                            // this is for testing non production certificates, do not use these settings in production
                            validationChain.ChainPolicy.RevocationMode = X509RevocationMode.NoCheck;
                            validationChain.ChainPolicy.RevocationFlag = X509RevocationFlag.ExcludeRoot;
                            validationChain.ChainPolicy.VerificationFlags = X509VerificationFlags.AllowUnknownCertificateAuthority;
                            validationChain.ChainPolicy.VerificationTime = DateTime.Now;
                            validationChain.ChainPolicy.UrlRetrievalTimeout = new TimeSpan(0, 0, 0);
                            validationChain.ChainPolicy.ExtraStore.Add(serverCert);

                            var valid = validationChain.Build(certificate2);
                            if (!valid)
                                return false;

                            // only trust certs that are signed by our CA cert
                            valid = validationChain.ChainElements
                                .Cast<X509ChainElement>()
                                .Any(x => x.Certificate.Thumbprint == serverCert.Thumbprint);

                            return valid;
                        };
                    });
                });
            });
}

如何在.Net Core中使用客戶端SSL證書

問題描述

1 個解決方案

解決方案1
2 已采納 2019-01-06 00:33:53

如何在.Net Core中使用客戶端SSL證書

問題描述

1 個解決方案

解決方案1 2 已采納 2019-01-06 00:33:53

解決方案1
2 已采納 2019-01-06 00:33:53