我在一个 IIS6/ASP.NET 网站上工作,该网站必须以智能卡(特别是 Common Access Card )的形式“要求客户端证书”。我需要创建一些服务来访问计时器上的各种 URL,以执行更新搜索索引、预热 Sharepoint 页面和其他任务等操作。
考虑到除非您拥有智能卡上的证书,否则该站点不允许访问,如何做到这一点?我试图加载证书 (.cer) 并像这样加载它:
HttpWebRequest request = (HttpWebRequest)
WebRequest.Create("https://.../someURL.html");
const string certFilename = @"my.cer";
var cert = X509Certificate2.CreateFromCertFile(certFilename);
cert.Import(certFilename, "my pin", X509KeyStorageFlags.Exportable);
request.ClientCertificates.Add(cert);
HttpWebResponse response = (HttpWebResponse)
request.GetResponse();
但是我收到了 403 Forbidden。
最佳答案
您可以从您的个人商店加载您的证书,如下所示:
System.Security.Cryptography.X509Certificates.X509Certificate cert = FindCertByName(PART_AFTER_CN_IN_CERT_SUBJECT);
request.ClientCertificates.Add(cert);
..
private System.Security.Cryptography.X509Certificates.X509Certificate FindCertByName(string simpleName)
{
X509Store store = new X509Store(StoreName.My, StoreLocation.CurrentUser);
store.Open(OpenFlags.ReadOnly);
foreach (X509Certificate cert in store.Certificates)
{
if( cert.Subject.Contains("CN="+simpleName))
{
return cert;
}
}
string msg = "The '" + simpleName + "' security certificate is not installed on this system!";
throw new ApplicationException(msg);
}
关于c# - 如何自动访问具有 "require client certificates"的 IIS 网站?,我们在Stack Overflow上找到一个类似的问题:https://stackoverflow.com/questions/3344204/