客户端证书始终为空 [英] Client certificate is always null

问题描述

我在个人下安装了一个证书，以及受信任的根证书颁发机构

I have a certificate installed under Personal as well as Trusted Root Certification Authorities

尝试使用以下代码将其发布到端点:

Have tried using this bit of code to post to an endpoint:

public void Post()
    {
        try
        {
            var clientCert = LoadFromStore("MyThumbprint");
            var requestHandler = new WebRequestHandler();

            requestHandler.ClientCertificates.Add(clientCert);

            var client = new HttpClient(requestHandler)
            {
                BaseAddress = new Uri("https://localhost:44430/")
            };

            var response = client.GetAsync("api/test").Result;
            response.EnsureSuccessStatusCode();

            string responseContent = response.Content.ReadAsStringAsync().Result;
            Console.WriteLine(responseContent);
        }
        catch (Exception ex)
        {
            Console.WriteLine("Exception while executing the test code: {0}", ex.Message);
        }
    }

经检查， .ClientCertificate 属性始终为空.

Upon inspection the .ClientCertificate property is always null.

 [Route("api/[controller]")]
public class TestController : Controller
{
    [HttpGet]
    public ActionResult<IEnumerable<string>> Get()
    {
        var clientCertInRequest = Request.HttpContext.Connection.ClientCertificate;
        if (clientCertInRequest != null) return Ok();

        return BadRequest("No certificate found");
    }

}

想知道是否有人曾经遇到过此问题，或者是否知道将证书发布到webapi端点并能够检索和验证的方法?

Wondering if anyone has come across this issue before or know a way around posting a certificate to webapi endpoint and be able to retrieve and validate?

非常感谢

推荐答案

您必须知道，响应证书在服务器端取决于证书类型/证书内容. 当我推送自签名证书(在IIS中本地生成)时，我遇到了同样的问题:请求证书的服务器上始终为null. 但是当我按链层次结构推送普通(公共)证书时，我很惊讶，因为我收到了证书！

You must know, that on server-side in response certificate is depends on certificate type / certificate content. I had same issue, when I pushed self-signed certificate (generated locally in IIS): on server in request certificate was always null. But when I pushed normal (public) certificate, with chain hierarchy - I was surprised cause I received certificate!!

• IIS自签名证书的示例

因此，我建议您首次在免费的证书授权中心生成公共证书，例如

So I recommend to generate public certificate for the first time at free Certificate authorized centers, such as https://www.sslforfree.com/

• 当前站点的证明示例

我也建议您查看

Also I recommend you to look at MS source mode of System.Security.Cryptography.X509Certificates.x509certificate2 and other classes!

这篇关于客户端证书始终为空的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！