C# 如何使用自签名客户端证书修复asp.net core 3.1中的RevocationStatusUnknown 我尝试用客户端证书实现一个asp.net核心WebAPI应用程序。我使用了docs.microsoft和其他网站的互联网示例代码。为了测试我构建的内容,我生成了CA证书、服务器证书和客户端证书。服务器和客户端证书都是使用该CA创建的。我还将CA证书添加到TrustedRoot存储中。 运行应用程序后,我收到403个错误,每次使用客户端证书(从Chrome和Firefox尝试)调用该端点时,都会出现错误Unhorized。与403一起,我可以在控制台中看到一条消息“证书验证失败,主题为…””和“吊销状态未知吊销功能无法检查证书的吊销情况。” 我不明白这个错误是从哪里来的,所以我无法追踪它。我曾尝试在asp.net核心源代码中搜索短语的部分内容,或使用microsoft pdb服务器上的源代码符号进行调试,但我不知道错误来自何处。我怀疑这是因为我使用了自签名证书,但错误消息具有误导性 这是我的密码: Program.cs
和WeatherForecastController.csC# 如何使用自签名客户端证书修复asp.net core 3.1中的RevocationStatusUnknown 我尝试用客户端证书实现一个asp.net核心WebAPI应用程序。我使用了docs.microsoft和其他网站的互联网示例代码。为了测试我构建的内容,我生成了CA证书、服务器证书和客户端证书。服务器和客户端证书都是使用该CA创建的。我还将CA证书添加到TrustedRoot存储中。 运行应用程序后,我收到403个错误,每次使用客户端证书(从Chrome和Firefox尝试)调用该端点时,都会出现错误Unhorized。与403一起,我可以在控制台中看到一条消息“证书验证失败,主题为…””和“吊销状态未知吊销功能无法检查证书的吊销情况。” 我不明白这个错误是从哪里来的,所以我无法追踪它。我曾尝试在asp.net核心源代码中搜索短语的部分内容,或使用microsoft pdb服务器上的源代码符号进行调试,但我不知道错误来自何处。我怀疑这是因为我使用了自签名证书,但错误消息具有误导性 这是我的密码: Program.cs,c#,ssl,asp.net-core,client-certificates,C#,Ssl,Asp.net Core,Client Certificates,和WeatherForecastController.cs using System; using System.Collections.Generic; using System.Linq; using System.Threading.Tasks; using Microsoft.AspNetCore.Authorization; using Microsoft.AspNetCore.Mvc; using Microsoft.Extensions.Logging; namespace Au
using System;
using System.Collections.Generic;
using System.Linq;
using System.Threading.Tasks;
using Microsoft.AspNetCore.Authorization;
using Microsoft.AspNetCore.Mvc;
using Microsoft.Extensions.Logging;
namespace AuthEndpoint.Controllers
{
[ApiController]
[Route("[controller]")]
[Authorize]
public class WeatherForecastController : ControllerBase
{
private static readonly string[] Summaries = new[]
{
"Freezing", "Bracing", "Chilly", "Cool", "Mild", "Warm", "Balmy", "Hot", "Sweltering", "Scorching"
};
private readonly ILogger<WeatherForecastController> _logger;
public WeatherForecastController(ILogger<WeatherForecastController> logger)
{
_logger = logger;
}
[HttpGet]
public IEnumerable<WeatherForecast> Get()
{
var rng = new Random();
return Enumerable.Range(1, 5).Select(index => new WeatherForecast
{
Date = DateTime.Now.AddDays(index),
TemperatureC = rng.Next(-20, 55),
Summary = Summaries[rng.Next(Summaries.Length)]
})
.ToArray();
}
}
}
使用系统;
使用System.Collections.Generic;
使用System.Linq;
使用System.Threading.Tasks;
使用Microsoft.AspNetCore.Authorization;
使用Microsoft.AspNetCore.Mvc;
使用Microsoft.Extensions.Logging;
命名空间AuthEndpoint.Controllers
{
[ApiController]
[路线(“[控制器]”)]
[授权]
公共类WeatherForecastController:ControllerBase
{
私有静态只读字符串[]摘要=新[]
{
“冻结”、“支撑”、“寒冷”、“凉爽”、“温和”、“温暖”、“温和”、“炎热”、“闷热”、“灼热”
};
专用只读ILogger\u记录器;
公共天气预报控制器(ILogger记录器)
{
_记录器=记录器;
}
[HttpGet]
公共IEnumerable Get()
{
var rng=新随机数();
返回可枚举的范围(1,5)。选择(索引=>NewWeatherForecast
{
日期=DateTime.Now.AddDays(索引),
温度c=下一个温度(-20,55),
摘要=摘要[rng.Next(摘要长度)]
})
.ToArray();
}
}
}
因此,我想得到一个关于如何使asp.net core使用我的证书的答案,或者如果无法使用自签名证书,请在下一行设置AddCertificate In选项: options.RevocationMode=X509RevocationMode.NoCheck
using System;
using System.Security.Cryptography.X509Certificates;
using System.Text;
using System.Threading.Tasks;
using Microsoft.AspNetCore.Authentication.Certificate;
using Microsoft.AspNetCore.Builder;
using Microsoft.AspNetCore.Hosting;
using Microsoft.Extensions.Configuration;
using Microsoft.Extensions.DependencyInjection;
using Microsoft.Extensions.Hosting;
namespace AuthEndpoint
{
public class Startup
{
public Startup(IConfiguration configuration)
{
Configuration = configuration;
}
public IConfiguration Configuration { get; }
// This method gets called by the runtime. Use this method to add services to the container.
public void ConfigureServices(IServiceCollection services)
{
services.AddControllers();
services
.AddAuthentication(CertificateAuthenticationDefaults.AuthenticationScheme)
.AddCertificate(options =>
{
options.AllowedCertificateTypes = CertificateTypes.All;
options.Events = new CertificateAuthenticationEvents
{
OnCertificateValidated = context =>
{
Console.WriteLine(context.ClientCertificate.IssuerName);
context.Success();
return Task.CompletedTask;
},
OnAuthenticationFailed = context =>
{
Console.WriteLine(context.Exception);
return Task.CompletedTask;
}
};
})
;
services.AddCertificateForwarding(options =>
{
options.CertificateHeader = "X-ARR-ClientCert";
options.HeaderConverter = (headerValue) =>
{
X509Certificate2 clientCertificate = null;
if (!string.IsNullOrWhiteSpace(headerValue))
{
byte[] bytes = Encoding.UTF8.GetBytes(headerValue);
clientCertificate = new X509Certificate2(bytes);
}
return clientCertificate;
};
});
services.AddAuthorization();
}
// This method gets called by the runtime. Use this method to configure the HTTP request pipeline.
public void Configure(IApplicationBuilder app, IWebHostEnvironment env)
{
if (env.IsDevelopment())
{
app.UseDeveloperExceptionPage();
}
app.UseCertificateForwarding();
app.UseHttpsRedirection();
app.UseRouting();
app.UseAuthentication();
app.UseAuthorization();
app.UseEndpoints(endpoints =>
{
endpoints.MapControllers();
});
}
}
}
using System;
using System.Collections.Generic;
using System.Linq;
using System.Threading.Tasks;
using Microsoft.AspNetCore.Authorization;
using Microsoft.AspNetCore.Mvc;
using Microsoft.Extensions.Logging;
namespace AuthEndpoint.Controllers
{
[ApiController]
[Route("[controller]")]
[Authorize]
public class WeatherForecastController : ControllerBase
{
private static readonly string[] Summaries = new[]
{
"Freezing", "Bracing", "Chilly", "Cool", "Mild", "Warm", "Balmy", "Hot", "Sweltering", "Scorching"
};
private readonly ILogger<WeatherForecastController> _logger;
public WeatherForecastController(ILogger<WeatherForecastController> logger)
{
_logger = logger;
}
[HttpGet]
public IEnumerable<WeatherForecast> Get()
{
var rng = new Random();
return Enumerable.Range(1, 5).Select(index => new WeatherForecast
{
Date = DateTime.Now.AddDays(index),
TemperatureC = rng.Next(-20, 55),
Summary = Summaries[rng.Next(Summaries.Length)]
})
.ToArray();
}
}
}