Question

我不想检查需要客户端证书身份验证的网页。我如何从Certstore向Webrequest提供我的证书：有没有办法在Proxy中的Credentials odr中指定它？

$webclient = New-Object Net.WebClient
# The next 5 lines are required if your network has a proxy server
$webclient.Credentials = [System.Net.CredentialCache]::DefaultCredentials
if($webclient.Proxy -ne $null)     {
    $webclient.Proxy.Credentials = `
            [System.Net.CredentialCache]::DefaultNetworkCredentials
}
# This is the main call
$output = $webclient.DownloadString("$URL")

PS：也许这会有所帮助：How can you add a Certificate to WebClient (C#)?但我不明白.. ;-)

Answer 1

使用PowerShell v2中的新Add-Type功能，您可以创建一个自定义类，然后可以使用它来创建典型的WebRequest。我在自定义类中包含了一个方法，允许您添加可用于身份验证的证书。

PS C:\> $def = @"
public class ClientCertWebClient : System.Net.WebClient
{
    System.Net.HttpWebRequest request = null;
    System.Security.Cryptography.X509Certificates.X509CertificateCollection certificates = null;

     protected override System.Net.WebRequest GetWebRequest(System.Uri address)
     {
         request = (System.Net.HttpWebRequest)base.GetWebRequest(address);
         if (certificates != null)
         {
             request.ClientCertificates.AddRange(certificates);
         }
         return request;
     }

     public void AddCerts(System.Security.Cryptography.X509Certificates.X509Certificate[] certs)
     {
         if (certificates == null)
         {
             certificates = new System.Security.Cryptography.X509Certificates.X509CertificateCollection();
         }
         if (request != null)
         {
             request.ClientCertificates.AddRange(certs);
         }
         certificates.AddRange(certs);
     }
 }
 "@

PS C:\> Add-Type -TypeDefinition $def

您可能希望将要添加的证书限制为您想要使用的一个（或多个），而不是仅使用当前用户存储中的每个可用证书，但这里只是加载所有这些证书的示例：

PS C:\> $wc = New-Object ClientCertWebClient
PS C:\> $certs = dir cert:\CurrentUser\My
PS C:\> $wc.AddCerts($certs)
PS C:\> $wc.DownloadString("http://stackoverflow.com")

如何在Powershell中向WebClient添加证书

1 个答案: