客户证书没有通过

时间:2015-11-24 09:26:44

标签: c# iis-7 ssl-certificate asp.net-web-api client-certificates

使用:.net 4.0,VS2010和webapi1.0 我点了这个链接http://southworks.com/blog/2014/06/16/enabling-ssl-client-certificates-in-asp-net-web-api/

强制客户端将证书发送到Authenticate

在服务器端,代码如下所示

 public class RequireCertificateFilter : ActionFilterAttribute
        {
            public override void OnActionExecuting(HttpActionContext actionContext)
            {


                var request = actionContext.Request;

                if (!this.AuthorizeRequest(request.GetClientCertificate()))
                {
                    throw new HttpResponseException(HttpStatusCode.Forbidden);
                }

            }

            private bool AuthorizeRequest(System.Security.Cryptography.X509Certificates.X509Certificate2 x509Certificate2)
            {
                bool result = false;
                if (x509Certificate2 != null)
                {
                    string issuer = x509Certificate2.Issuer;
                    string subject = x509Certificate2.Subject;
                    result = true;
                }
                return result;
            }

request.GetClientCertificate()总是返回null我缺少任何其他设置吗?不确定为什么客户证书没有通过?

客户端代码如下所示

      X509Store store = new X509Store(StoreName.My, StoreLocation.CurrentUser);
            store.Open(OpenFlags.OpenExistingOnly | OpenFlags.ReadOnly);
            var cert = store.Certificates.Find(X509FindType.FindBySubjectName, "ClientCertificatesTest", true)[0];


  // Build HTTP Request
            HttpWebRequest wrStatus = (HttpWebRequest)WebRequest.Create("https://localhost/TestAPI/api/Home");          
            wrStatus.KeepAlive = true;
            wrStatus.Method = WebRequestMethods.Http.Get;
            wrStatus.Accept = "text/xml";
            wrStatus.UserAgent = "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.2; Trident/4.0; .NET CLR 1.1.4322; .NET CLR 1.0.3705; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30; .NET CLR 3.0.04506.648; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; .NET4.0C; .NET4.0E)";
            wrStatus.ClientCertificates.Clear();
            wrStatus.ClientCertificates.Add(cert);


            string result = null;
            using (HttpWebResponse resp = (HttpWebResponse)wrStatus.GetResponse())
            {
            StreamReader reader = new StreamReader(resp.GetResponseStream());
            result = reader.ReadToEnd();
            }

            }

更新:

我尝试使用fiddler并通过调用getResponse的代码进行调试 这就是我回来的原因

enter image description here

1 个答案:

答案 0 :(得分:0)

您的客户端证书不受信任,因为信任链失败,因此被拒绝。我相信你发布的southworks.com链接假设客户端和服务器代码在同一个盒子上运行。如果您使用单独的服务器作为服务器代码,除非您将自制的CA证书(DevelopmentCA.cer)安装到 服务器的 <中,否则它将无法验证您的客户端证书/ strong>受信任的根证书颁发机构。

相关问题
最新问题