Windows应用商店应用 - C# - Https客户端身份验证

时间:2014-08-13 13:30:50

标签: c# ssl windows-store-apps authentication

我尝试在我的应用程序中实现Https客户端身份验证,但我无法找到有关如何执行此操作的任何文档。

通过MSDN文档,我想出了这个

// Certificate file in DER format (.cer or .p7b)   
string CountriesFile = @"Assets\https-client.keystore.cer";
StorageFolder InstallationFolder = Windows.ApplicationModel.Package.Current.InstalledLocation;
StorageFile file = await InstallationFolder.GetFileAsync(CountriesFile);

// Read the file into a buffer
IBuffer buffer = await Windows.Storage.FileIO.ReadBufferAsync(file);

// Create the Certificate object
Certificate ClientCert = new Certificate(buffer);
HttpBaseProtocolFilter aHBPF = new HttpBaseProtocolFilter();
aHBPF.ClientCertificate = ClientCert;

// Create our http client and send the request.
HttpClient httpClient = new HttpClient(aHBPF);
HttpResponseMessage response = await httpClient.SendRequestAsync(httpRequest, HttpCompletionOption.ResponseHeadersRead).AsTask(cts.Token);

我将此代码放在一起,查看HttpClientHttpBaseProtocolFilterCertificate的文档。假设我应该以所需格式获得证书并将文件读入Certificate类。

以上代码无法正常工作并抛出此错误

An exception of type 'System.ArgumentException' occurred in MyLib.DLL but was not handled in user code
WinRT information: The certificate specified is missing the required private key information.

我已经测试了我的服务器设置,它可以通过浏览器与客户端身份验证配合使用,这可以让我得出两个可能的结论。

  1. 证书文件的格式错误(虽然我希望在构造Certificate类时抛出异常)。
  2. 这不是打算这样做的!

    3. 任何人都知道应该怎么做?

1 个答案:

答案 0 :(得分:2)

在您可以有效地将其用于Windows应用商店应用中的客户端身份验证之前,您似乎必须在用户级别安装证书

// Needs to be a PKCS12 (p12/pfx) file
string certPath = @"Assets\https-client.keystore.p12";
StorageFile file = await Windows.ApplicationModel.Package.Current.InstalledLocation.GetFileAsync(certPath);
IBuffer buffer = await FileIO.ReadBufferAsync(file);
string certData = CryptographicBuffer.EncodeToBase64String(buffer);

// Will ask the user if they want this app to install the certificate if its not already installed.
await CertificateEnrollmentManager.UserCertificateEnrollmentManager.ImportPfxDataAsync(
     certData,
     "PASSWORD",
     ExportOption.NotExportable,
     KeyProtectionLevel.NoConsent,
     InstallOptions.None,
     "MyFriendlyName");

现在证书已安装,我们可以在证书库中使用它。

var certificate = await CertificateStores.FindAllAsync(new CertificateQuery() { FriendlyName = "MyFriendlyName" });
ClientCert = certificate.Single();

HttpBaseProtocolFilter aHBPF = new HttpBaseProtocolFilter();
aHBPF.ClientCertificate = ClientCert;

// Create our http client and send the request.
HttpClient httpClient = new HttpClient(aHBPF);
HttpResponseMessage response = await httpClient.SendRequestAsync(httpRequest, HttpCompletionOption.ResponseHeadersRead).AsTask(cts.Token);

我希望能够仅将证书提供给应用程序,并且如果我找到了一种方法,我会更新这个答案。

相关问题
最新问题