UWP上的证书固定 [英] Certificate Pinning on UWP
问题描述
我们有一个Xamarin.Forms
项目,当前使用.NET Standard 2.0为共享项目为Android
,iOS
和UWP
进行编译.
We have a Xamarin.Forms
project that is currently compiled for Android
, iOS
and UWP
using .NET Standard 2.0 for the shared project.
通信是通过WCF
服务合同进行的.
The communications is performed through a WCF
Service Contract.
为了固定证书,我们根据示例实现了以下代码.确保在项目属性下使用必需的HttpClient
实现后,此方法在Android
和iOS
上可以正常使用.
In order to pin the certificate we implemented the following code as per examples. This works correctly on Android
and iOS
after making sure that are using the necessary HttpClient
implementations under their project properties.
ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12;
ServicePointManager.ServerCertificateValidationCallback = ValidateServerCertificate;
private bool ValidateServerCertificate(object sender,
X509Certificate certificate,
X509Chain chain,
SslPolicyErrors sslPolicyErrors)
{
// Make sure we have a certificate to check.
if (certificate == null)
{
return false;
}
if (sslPolicyErrors != SslPolicyErrors.None)
{
return false;
}
return this.KnownKeys.Contains(certificate.GetCertHashString(),
StringComparer.Ordinal);
}
UWP
但是事实证明它很顽固.我无法在通讯的任何阶段触发回调.
UWP
however is proving to be rather stubborn. I am unable to get the callback to fire at any stage of the communications.
我还研究了实现我们自己的X509CertificateValidator
并将其提供给WCF
配置,但这也无济于事.
I have also looked in to implementing our own X509CertificateValidator
and supplying it to the WCF
config however that also does nothing.
问题
- 我是否需要/可以在
UWP
下指定HttpClient
实现,就像可以解决Android
和iOS
那样? - 我目前还缺少另一种方法吗?
- Do I need to/Am I able to specify a
HttpClient
implementation underUWP
much like you can forAndroid
andiOS
that will fix this? - Is there another approach that I am currently missing?
推荐答案
我建议您使用您的UWP应用中的Windows.Web.Http命名空间.使用 HttpBaseProtocolFilter 实例,可以订阅 HttpBaseProtocolFilter.ServerCustomValidationRequested 事件.在此事件处理程序中,您可以执行服务器SSL证书的额外验证(除操作系统默认设置外).
I would suggest you to use the HttpBaseProtocolFilter Class in the Windows.Web.Http Namespace in you UWP app. With the HttpBaseProtocolFilter instance, you can subscribe HttpBaseProtocolFilter.ServerCustomValidationRequested event. In this event handler, you can perform extra validation (in addition to the OS default) of the server SSL certificate.
这篇关于UWP上的证书固定的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!