我正在尝试基于证书身份验证进行.Net核心API调用
服务器端
public static IWebHostBuilder CreateWebHostBuilder(string[] args) => WebHost.CreateDefaultBuilder(args).UseStartup<Startup>()
.ConfigureKestrel((context, options) =>
{
options.ConfigureHttpsDefaults(httpsOptions =>
{
httpsOptions.ClientCertificateMode = ClientCertificateMode.RequireCertificate;
httpsOptions.SslProtocols = System.Security.Authentication.SslProtocols.Tls12;
httpsOptions.ClientCertificateValidation = (certificate2, validationChain, policyErrors) =>
{
string ServerCertificateFile = "myCertServer.pfx";
string ServerCertificatePassword = null;
var certificate = new X509Certificate2(ServerCertificateFile, ServerCertificatePassword);
validationChain.ChainPolicy.ExtraStore.Add(certificate);
var valid = validationChain.Build(certificate2);
...
return valid;
};
});
});
CLIENTE SIDE
static async Task RunAsync()
{
string ServerCertificateFile = "myCertClient.cer";
string ServerCertificatePassword = null;
var certificate = new X509Certificate2(ServerCertificateFile, ServerCertificatePassword);
var handler = new HttpClientHandler();
handler.ClientCertificateOptions = ClientCertificateOption.Manual;
handler.SslProtocols = SslProtocols.Tls12;
handler.CheckCertificateRevocationList = false;
handler.ClientCertificates.Add(certificate);
var httpClient = new HttpClient(handler);
try
{
httpClient.DefaultRequestHeaders.Accept.Clear();
httpClient.DefaultRequestHeaders.Accept.Add(new MediaTypeWithQualityHeaderValue("application/json"));
var res =httpClient.GetAsync("https://localhost:5001/api/values").GetAwaiter().GetResult();
}
catch (Exception ex)
{
//the following exception is always thrown:
//InnerException = {"The decryption operation failed, see inner exception."}
throw;
}
}
总是抛出以下异常:
“解密操作失败,请参阅内部异常”