问题描述

因此，我正在与我们的系统管理员一起为在此开发的Web工具设置本地身份验证(使用ADFS).

So I'm working with our sysadmin to setup on-premises authentication (with ADFS) for the web tool we're developing here.

我已经完成了设置过程，并且在运行项目时遇到了异常:

I've gone through the setup process, and we're getting an exception when I run the project:

根据验证过程，远程证书无效."

"The remote certificate is invalid according to the validation procedure."

   [AuthenticationException: The remote certificate is invalid according to the   validation procedure.]
   System.Net.TlsStream.EndWrite(IAsyncResult asyncResult) +231
   System.Net.PooledStream.EndWrite(IAsyncResult asyncResult) +15
   System.Net.ConnectStream.WriteHeadersCallback(IAsyncResult ar) +119

现在，当我将这段代码插入StartupAuth.cs时，我实际上可以进入登录页面

Now I was able to actually reach the sign-in page when I plugged in this bit of code to StartupAuth.cs

   ServicePointManager.ServerCertificateValidationCallback += new RemoteCertificateValidationCallback(ValidateCertificate);
...

static bool ValidateCertificate(object sender, X509Certificate certificate, X509Chain chain, SslPolicyErrors errors)
{
   return true;
}

但是在登录时，系统引发了另一个异常.而且我们也不想总是验证证书.有趣的是，当系统管理员转换为自签名证书时，我们什至无法进入登录页面.我们正在使用通配符证书，但我想知道这是否是问题.

But on login, the system threw another exception. And we don't want to always validate certificates anyway. Interestingly enough, when the sysadmin changed over to a self-signed certificate, we weren't even able to reach the login page. We're using a wildcard certificate, but I'm wondering if that's the problem.

我们的系统管理员认为我们可能只需要购买经过正确签名的证书，但是我想知道我的终端是否存在配置问题.

Our sysadmin thinks we may just need to buy a properly signed certificate, but I'm wondering if there's a configuration problem on my end.

在进一步调查中，我得到了一条有意义的错误消息.这是调试输出(我已将证书序列号和URL替换为"xxx"):

On further investigation, i've gotten a meaningful error message. Here's the debug output (I've replaced cert serial numbers and URLs with 'xxx'):

Looking at Security Cert. Issuers...
    System.Security.Cryptography.X509Certificates.X509Chain
    CN=xxxxx.xxxx.org
    Checking elements in X509 Chain:
    UntrustedRoot
    A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider.

推荐答案

我们已经能够通过将ADFS服务器上的证书安装到受信任的根证书颁发机构"下的我的开发机器上来解决安全证书问题.

We've been able to solve the security certificate issue by installing the certificate on the ADFS server onto my dev machine under 'Trusted Root Certification Authorities'.

这篇关于Asp.net本地身份验证-根据验证过程，远程证书无效的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持！