问题描述
我在个人下安装了一个证书,以及受信任的根证书颁发机构
I have a certificate installed under Personal as well as Trusted Root Certification Authorities
尝试使用以下代码将其发布到端点:
Have tried using this bit of code to post to an endpoint:
public void Post()
{
try
{
var clientCert = LoadFromStore("MyThumbprint");
var requestHandler = new WebRequestHandler();
requestHandler.ClientCertificates.Add(clientCert);
var client = new HttpClient(requestHandler)
{
BaseAddress = new Uri("https://localhost:44430/")
};
var response = client.GetAsync("api/test").Result;
response.EnsureSuccessStatusCode();
string responseContent = response.Content.ReadAsStringAsync().Result;
Console.WriteLine(responseContent);
}
catch (Exception ex)
{
Console.WriteLine("Exception while executing the test code: {0}", ex.Message);
}
}
经检查, .ClientCertificate 属性始终为空.
Upon inspection the .ClientCertificate property is always null.
[Route("api/[controller]")]
public class TestController : Controller
{
[HttpGet]
public ActionResult<IEnumerable<string>> Get()
{
var clientCertInRequest = Request.HttpContext.Connection.ClientCertificate;
if (clientCertInRequest != null) return Ok();
return BadRequest("No certificate found");
}
}
想知道是否有人曾经遇到过此问题,或者是否知道将证书发布到webapi端点并能够检索和验证的方法?
Wondering if anyone has come across this issue before or know a way around posting a certificate to webapi endpoint and be able to retrieve and validate?
非常感谢
推荐答案
您必须知道,响应证书在服务器端取决于证书类型/证书内容.当我推送自签名证书(在IIS中本地生成)时,我遇到了同样的问题:请求证书的服务器上始终为null.但是当我按链层次结构推送普通(公共)证书时,我很惊讶,因为我收到了证书!
You must know, that on server-side in response certificate is depends on certificate type / certificate content.I had same issue, when I pushed self-signed certificate (generated locally in IIS): on server in request certificate was always null.But when I pushed normal (public) certificate, with chain hierarchy - I was surprised cause I received certificate!!
因此,我建议您首次在免费的证书授权中心生成公共证书,例如 https://www.sslforfree.com/
So I recommend to generate public certificate for the first time at free Certificate authorized centers, such as https://www.sslforfree.com/
我也建议您查看 System.Security.Cryptography.X509Certificates.x509certificate2 和其他类!
Also I recommend you to look at MS source mode of System.Security.Cryptography.X509Certificates.x509certificate2 and other classes!
这篇关于客户端证书始终为空的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!