Asp.net Azure中rest api的证书身份验证(使用https)
我在配置asp.net web api服务以通过客户端证书验证请求时遇到问题 我执行Pro ASP.NET Web Api Security中描述的步骤:Asp.net Azure中rest api的证书身份验证(使用https),asp.net,azure,asp.net-web-api,x509certificate,Asp.net,Azure,Asp.net Web Api,X509certificate,我在配置asp.net web api服务以通过客户端证书验证请求时遇到问题 我执行Pro ASP.NET Web Api Security中描述的步骤: 我使用makecert.exe创建证书 makecert.exe-r-n“CN=MobileTradeDataGateway”-pe-sv MobileTradeDataGateway.pvk-a sha256-cy authority MobileTradeDataGateway.cer和makecert.exe-iv MobileTrad
makecert.exe-r-n“CN=MobileTradeDataGateway”-pe-sv MobileTradeDataGateway.pvk-a sha256-cy authority MobileTradeDataGateway.cer和makecert.exe-iv MobileTradeDataGateway.pvk-ic MobileTradeDataGateway.cer-n“CN=DataGateway1”-pe-sv数据网关1.pvk-a sha256-sky exchange数据网关1.cer-eku 1.3.6.1.5.5.7.3.2
var cert=request.GetClientCertificate();//此处为空
在我的自定义委托处理程序中
当然,我允许IIS接受证书并正确地将证书放入受信任的根证书颁发机构
有什么想法吗?您是否也尝试过通过“指纹”获取证书。 下面是尝试从证书存储读取证书的示例代码
private X509Certificate2 FindCertificate()
{
X509Store certificateStore = new X509Store(StoreName.My, StoreLocation.CurrentUser);
certificateStore.Open(OpenFlags.ReadOnly);
X509Certificate2Collection certificates = certificateStore.Certificates;
X509Certificate2Collection matchingCertificates = certificates.Find(X509FindType.FindByThumbprint, "CertThumbprint", false);
if (matchingCertificates != null && matchingCertificates.Count > 0)
{
return matchingCertificates[0];
}
throw new ArgumentException("Unable to find a matching certificate in the certificate store. Please modify the search criteria.");
}
这有更多关于如何从web/worker角色读取证书的信息这是我的web api中的delegatinghandler代码
public class X509ClientCertificateHandler : DelegatingHandler
{
protected override async Task<HttpResponseMessage> SendAsync(HttpRequestMessage request, CancellationToken cancellationToken)
{
if (request.RequestUri.Scheme != Uri.UriSchemeHttps)
{
WebApiEventSource.Log.InvalidHttpsScheme();
return request.CreateResponse(HttpStatusCode.Forbidden);
}
var cert = request.GetClientCertificate(); // here is null!!!
if (cert == null)
{
WebApiEventSource.Log.FailureAuthenticate("certificate is abcent", "", "");
return request.CreateResponse(HttpStatusCode.Unauthorized);
}
var chain =new X509Chain {ChainPolicy = {RevocationMode = X509RevocationMode.NoCheck}};
if (chain.Build(cert) && cert.Issuer.Equals("CN=MobileTradeDataGateway"))
{
var claims = new List<Claim>
{
new Claim(ClaimTypes.Name, cert.Subject.Substring(3))
};
var principal = new ClaimsPrincipal(new[] {new ClaimsIdentity(claims, "X509")});
Thread.CurrentPrincipal = principal;
if (HttpContext.Current != null)
HttpContext.Current.User = principal;
WebApiEventSource.Log.SuccessAuthenticate(cert.SubjectName.Name);
return await base.SendAsync(request, cancellationToken);
}
WebApiEventSource.Log.FailureAuthenticate("certificate is incorrect", cert.IssuerName.Name, cert.SubjectName.Name);
return request.CreateResponse(HttpStatusCode.Unauthorized);
}
}
public类X509ClientCertificateHandler:DelegatingHandler
{
受保护的覆盖异步任务SendAsync(HttpRequestMessage请求,CancellationToken CancellationToken)
{
if(request.RequestUri.Scheme!=Uri.UriSchemeHttps)
{
WebApiEventSource.Log.InvalidHttpsScheme();
返回请求.CreateResponse(HttpStatusCode.Forbidden);
}
var cert=request.GetClientCertificate();//此处为空!!!
如果(证书==null)
{
WebApiEventSource.Log.FailureAuthenticate(“证书是abcent的,”“,”);
返回请求.CreateResponse(HttpStatusCode.Unauthorized);
}
var chain=new X509Chain{ChainPolicy={RevocationMode=X509RevocationMode.NoCheck};
if(chain.Build(cert)和&cert.Issuer.Equals(“CN=MobileTradeDataGateway”))
{
var索赔=新列表
{
新索赔(ClaimTypes.Name,cert.Subject.Substring(3))
};
var principal=新索赔(新[]{新索赔实体(索赔,“X509”)});
Thread.CurrentPrincipal=主体;
if(HttpContext.Current!=null)
HttpContext.Current.User=主体;
WebApiEventSource.Log.SuccessAuthenticate(cert.SubjectName.Name);
返回wait base.sendaync(请求、取消令牌);
}
WebApiEventSource.Log.FailureAuthenticate(“证书不正确”,cert.IssuerName.Name,cert.SubjectName.Name);
返回请求.CreateResponse(HttpStatusCode.Unauthorized);
}
}
我认为您没有将证书上载到Azure门户。请确保将.cer或.pfx证书上载到Azure门户。如果您需要有关如何上传等方面的帮助,请告诉我。在delegatehandlerHi@АаСаааааа中读取HttpRequestMessage中的证书没有问题,您是否在最后解决了此问题?我面临着同样的问题