问题描述
我写了一个小ASP.NET Core 2应用程序.它作为服务运行,因此没有IIS.它可以在装有Windows 7 SP1的PC上运行.
I wrote a little ASP.NET Core 2 application. It runs as a service, so no IIS. It runs on a PC with Windows 7 SP1.
var host = WebHost.CreateDefaultBuilder(args)
.UseContentRoot(pathToContentRoot)
.UseHttpSys(options =>
{
options.Authentication.Schemes = AuthenticationSchemes.None;
options.Authentication.AllowAnonymous = true;
options.MaxConnections = null;
options.MaxRequestBodySize = 30000000;
options.UrlPrefixes.Add("http://*:5050");
})
.UseStartup<Startup>()
.UseApplicationInsights()
.Build();
if (isService)
{
host.RunAsService();
}
else
{
host.Run();
}
如您所见,我想在端口5050上侦听.在没有SSL的情况下,它可以正常工作.
As you can see, I want to listen on port 5050. This is working fine without SSL.
我的问题是,如何为我的应用程序启用https?再次:没有IIS,没有域名(没有Internet连接).通信仅在内部网络内部进行,因此我想使用自签名证书.
My question is, how can I enable https for my application? Again: No IIS, no Domain-Name (no internet connection). Communication is just inside the internal network, so I want to use a self-signed certificate.
我阅读了文档( HTTP.sys文档; Netsh命令; New-SelfSignedCertificate ),但总有一些与我的情况有所不同(它们使用Krestel,或者用于IIS).另外,我不知道如何为我的应用程序获取应用程序ID(netsh所需).我尝试过:StackOverflow获取GUID ,但不起作用.
I read the documentation (HTTP.sys documentation;Netsh Commands;New-SelfSignedCertificate), but there is always something different to my situation (they use Krestel, or it is for using IIS). Also, I dont know how to get the App-ID (needed for netsh) for my Application. I tryed this: StackOverflow Get GUID but it doesn't work.
var assembly = typeof(Program).Assembly;
// following line produces: System.IndexOutOfRangeException
var attribute = (GuidAttribute)assembly.GetCustomAttributes(typeof(GuidAttribute), true)[0];
var id = attribute.Value;
Console.WriteLine(id);
所以我对所有可能和不同的配置感到困惑.而且文档不考虑我的具体情况.
So I am a bit confused about all the possabilitys and different configurations. And the docs don't consider my specific case.
我创建了一个证书,我想我需要将其存储在我的"商店中.(那是哪里?cert:\ LocalMachine \ My)然后我需要为其分配我的Applicaion ID和端口.
I created a certificate, and I guess I need to store it on the "my" Store. (Where is that? cert:\LocalMachine\My) And then I need to assign my Applicaion ID and Port to it.
但是我不知道该怎么做.有人可以帮忙吗?
But I have no idea how to do that exactly. Can anyone help?
推荐答案
所以我通过以下方式解决了这个问题:
So I solve the problem in the following way:
首先,如果您想知道自己的GUID,将使用以下代码获取它:
First, if you want to know your own GUID, you will get it with the following code:
var id = typeof(RuntimeEnvironment).GetTypeInfo().Assembly.GetCustomAttribute<GuidAttribute>().Value;
创建自签名证书
现在创建一个SelfSigned-Certificate(如果您已经拥有或购买了,请跳过此步骤)
Create a SelfSigned Certificate
Now create a SelfSigned-Certificate (Skip this if you already got one, or purchased one)
- 运行以下OpenSSL命令以生成您的私钥和公共证书.回答问题,并在出现提示时输入通用名称.
- 在PKCS#12(P12)软件包中组合密钥和证书:
在客户端上安装证书:
对于Windows 8和更高版本:
使用 PowerShell
PS C:> Import-PfxCertificate –FilePath D:\ data \ cert \ certificate.p12 cert:\ localMachine \ my -Password $ certpwd
PS C:> Import-PfxCertificate –FilePath D:\data\cert\certificate.p12 cert:\localMachine\my -Password $certpwd
获取证书的指纹(哈希)
Get Fingerprint (Hash) of certificate
安装证书(用您的值替换哈希,IP和端口)
Install certificate (replace Hash, IP and Port with your values)
PS C:\ WINDOWS \ system32> $ certHash ="A1D ... B672E"
PS C:\WINDOWS\system32> $certHash = "A1D...B672E"
PS C:\ WINDOWS \ system32> $ ip ="0.0.0.0"
PS C:\WINDOWS\system32> $ip = "0.0.0.0"
PS C:\ WINDOWS \ system32> $ port ="5050"
PS C:\WINDOWS\system32> $port = "5050"
PS C:\ WINDOWS \ system32>"http add sslcert ipport = $($ ip):$ portcerthash = $ certHash appid = {$ guid}"| netsh
PS C:\WINDOWS\system32> "http add sslcert ipport=$($ip):$port certhash=$certHash appid={$guid}" | netsh
您完成了.
对于Windows 7
将证书添加到Windows证书存储区(注意:请使用.pem文件进行此操作,因为certutil似乎不支持.p12文件)
Add Certificate to Windows Cert Store (note: use .pem file for this operation, because .p12 file seems to be not supported from certutil)
如果他的行抛出以下错误:
If his line throws the following error:
您必须手动执行这些步骤(请在手动执行时插入.p12文件,而不是.pem):
You have to do the steps manually (please insert the .p12 file when doing it manually, not .pem) :
运行mmc.exe
-
转到文件"->添加/删除管理单元"
Go to File-> Add/Remove Snap-In
选择证书"管理单元.
选择计算机帐户
导航到:证书(本地计算机)\个人\证书
Navigate to: Certificates (Local Computer)\Personal\Certificates
右键单击证书"文件夹,然后选择所有任务"->导入".
Right click the Certificates folder and choose All Tasks -> Import.
按照向导说明选择证书.确保在向导过程中选中了导出复选框.
Follow the wizard instructions to select the certificate. Be sure you check the export checkbox during wizard.
要获取证书的哈希,请运行Internet Explorer,按Alt + X,然后转到Internet选项->内容->证书.搜索您的证书并阅读哈希.
To get the hash of yor certificate, run the Internet Explorer, press Alt + X and go to Internet Options -> Content -> Certificates. Search your certificate and read the hash.
现在您可以运行与Windows 8+相同的命令:
Now you can run the same commands as for Windows 8+:
安装证书(用您的值替换哈希,IP和端口)
Install certificate (replace Hash, IP and Port with your values)
PS C:\ WINDOWS \ system32> $ certHash ="A1D ... B672E"
PS C:\WINDOWS\system32> $certHash = "A1D...B672E"
PS C:\ WINDOWS \ system32> $ ip ="0.0.0.0"
PS C:\WINDOWS\system32> $ip = "0.0.0.0"
PS C:\ WINDOWS \ system32> $ port ="5050"
PS C:\WINDOWS\system32> $port = "5050"
PS C:\ WINDOWS \ system32>"http add sslcert ipport = $($ ip):$ portcerthash = $ certHash appid = {$ guid}"| netsh
PS C:\WINDOWS\system32> "http add sslcert ipport=$($ip):$port certhash=$certHash appid={$guid}" | netsh
编辑您的代码
毕竟,您必须将UrlPrefixes设置为https.因此,在您的Program.cs文件中,您需要具备以下条件:
Edit your Code
After all, you have to set the UrlPrefixes to https. So in your Program.cs file you need to have:
var host = WebHost.CreateDefaultBuilder(args)
.UseContentRoot(pathToContentRoot)
.UseHttpSys(options =>
{
options.Authentication.Schemes = AuthenticationSchemes.None;
options.Authentication.AllowAnonymous = true;
options.MaxConnections = null;
options.MaxRequestBodySize = 30000000;
options.UrlPrefixes.Add("https://*:5050");
})
.UseStartup<Startup>()
.UseApplicationInsights()
.Build();
这篇关于如何使用自托管的ASP.NET Core 2应用程序(httpsys)进行HTTPS(SSL)的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!