我已经在Azure密钥保管库中创建了一个证书,并试图使用它来调用带有服务的API.AddHttpClient来附加它
.ConfigurePrimaryHttpMessageHandler(s =>
{
var handler = new CertHttpClientHandler(cerificateBundle);
return handler;
})
我的客户端处理程序传递了一个CerificateBundle,它用于从Vault(Cer属性)获取证书详细信息
public class CertHttpClientHandler : HttpClientHandler
{
public CertHttpClientHandler(CertificateBundle cerificateBundle)
{
this.AllowAutoRedirect = true;
this.UseDefaultCredentials = true;
this.ClientCertificateOptions = ClientCertificateOption.Manual;
this.ClientCertificates.Add(new X509Certificate2(cerificateBundle?.Cer));
this.CheckCertificateRevocationList = false;
}
}
这一切看起来都很好,但是当我尝试使用被调用的应用程序中的证书时,我无法对其进行验证。
public class ValuesController : ApiController
{
public HttpResponseMessage Get()
{
var clientCertInRequest = Request.GetClientCertificate();
if (clientCertInRequest == null || (!clientCertInRequest.Verify() || clientCertInRequest.SerialNumber != "Test"))
{
return Request.CreateResponse(HttpStatusCode.NotFound, "Sorry");
}
var responseBody = new[] {"value1", "value2"};
return Request.CreateResponse(HttpStatusCode.OK, responseBody);
}
}
GetClientCertificate始终返回null。我已从保险库中取出证书,并将其放入Windows证书存储中。
我在做什么错?我也尝试过使用GetRawCertDataString在标头变量X-ARR-ClientCert中手动传递证书,但这没什么区别。