如何使用自托管的ASP.NET Core 2应用程序(httpsys)进行HTTPS(SSL) [英] How to HTTPS (SSL) with self-hosted ASP.NET Core 2 app (httpsys)

问题描述

我写了一个小ASP.NET Core 2应用程序.它作为服务运行，因此没有IIS.它可以在装有Windows 7 SP1的PC上运行.

I wrote a little ASP.NET Core 2 application. It runs as a service, so no IIS. It runs on a PC with Windows 7 SP1.

var host = WebHost.CreateDefaultBuilder(args)
            .UseContentRoot(pathToContentRoot)
            .UseHttpSys(options =>
            {
                options.Authentication.Schemes = AuthenticationSchemes.None;
                options.Authentication.AllowAnonymous = true;
                options.MaxConnections = null;
                options.MaxRequestBodySize = 30000000;
                options.UrlPrefixes.Add("http://*:5050");
            })
            .UseStartup<Startup>()
            .UseApplicationInsights()
            .Build();

if (isService)
{
    host.RunAsService();
}
else
{
    host.Run();
} 

如您所见，我想在端口5050上侦听.在没有SSL的情况下，它可以正常工作.

As you can see, I want to listen on port 5050. This is working fine without SSL.

我的问题是，如何为我的应用程序启用https?再次:没有IIS，没有域名(没有Internet连接).通信仅在内部网络内部进行，因此我想使用自签名证书.

My question is, how can I enable https for my application? Again: No IIS, no Domain-Name (no internet connection). Communication is just inside the internal network, so I want to use a self-signed certificate.

我阅读了文档( HTTP.sys文档; New-SelfSignedCertificate )，但总有一些与我的情况有所不同(它们使用Krestel，或者用于IIS).另外，我不知道如何为我的应用程序获取应用程序ID(netsh所需).我尝试过:StackOverflow获取GUID ，但不起作用.

I read the documentation (HTTP.sys documentation;Netsh Commands;New-SelfSignedCertificate), but there is always something different to my situation (they use Krestel, or it is for using IIS). Also, I dont know how to get the App-ID (needed for netsh) for my Application. I tryed this: StackOverflow Get GUID but it doesn't work.

var assembly = typeof(Program).Assembly;

// following line produces: System.IndexOutOfRangeException
var attribute = (GuidAttribute)assembly.GetCustomAttributes(typeof(GuidAttribute), true)[0];

var id = attribute.Value;
Console.WriteLine(id);

所以我对所有可能和不同的配置感到困惑.而且文档不考虑我的具体情况.

So I am a bit confused about all the possabilitys and different configurations. And the docs don't consider my specific case.

我创建了一个证书，我想我需要将其存储在我的"商店中.(那是哪里?cert:\ LocalMachine \ My)然后我需要为其分配我的Applicaion ID和端口.

I created a certificate, and I guess I need to store it on the "my" Store. (Where is that? cert:\LocalMachine\My) And then I need to assign my Applicaion ID and Port to it.

但是我不知道该怎么做.有人可以帮忙吗?

But I have no idea how to do that exactly. Can anyone help?

推荐答案

所以我通过以下方式解决了这个问题:

So I solve the problem in the following way:

首先，如果您想知道自己的GUID，将使用以下代码获取它:

First, if you want to know your own GUID, you will get it with the following code:

var id = typeof(RuntimeEnvironment).GetTypeInfo().Assembly.GetCustomAttribute<GuidAttribute>().Value;

创建自签名证书

现在创建一个SelfSigned-Certificate(如果您已经拥有或购买了，请跳过此步骤)

Create a SelfSigned Certificate

Now create a SelfSigned-Certificate (Skip this if you already got one, or purchased one)

1. 运行以下OpenSSL命令以生成您的私钥和公共证书.回答问题，并在出现提示时输入通用名称.

openssl req -newkey rsa:2048 -nodes -keyout key.pem -x509 -days 365 -out certificate.pem

openssl req -newkey rsa:2048 -nodes -keyout key.pem -x509 -days 365 -out certificate.pem

1. 在PKCS#12(P12)软件包中组合密钥和证书:

openssl pkcs12 -inkey key.pem -in certificate.pem -export -out certificate.p12

openssl pkcs12 -inkey key.pem -in certificate.pem -export -out certificate.p12

在客户端上安装证书:

对于Windows 8和更高版本:

使用 PowerShell

PS C:> $ certpwd = ConvertTo-SecureString -String"passwort" -Force –AsPlainText

PS C:> $certpwd = ConvertTo-SecureString -String "passwort" -Force –AsPlainText

PS C:> Import-PfxCertificate –FilePath D:\ data \ cert \ certificate.p12 cert:\ localMachine \ my -Password $ certpwd

PS C:> Import-PfxCertificate –FilePath D:\data\cert\certificate.p12 cert:\localMachine\my -Password $certpwd

获取证书的指纹(哈希)

Get Fingerprint (Hash) of certificate

PS C:\ WINDOWS \ system32> dir证书:\ LocalMachine \ my

PS C:\WINDOWS\system32> dir Cert:\LocalMachine\my

安装证书(用您的值替换哈希，IP和端口)

Install certificate (replace Hash, IP and Port with your values)

PS C:\ WINDOWS \ system32> $ guid = [guid] :: NewGuid()

PS C:\WINDOWS\system32> $guid = [guid]::NewGuid()

PS C:\ WINDOWS \ system32> $ certHash ="A1D ... B672E"

PS C:\WINDOWS\system32> $certHash = "A1D...B672E"

PS C:\ WINDOWS \ system32> $ ip ="0.0.0.0"

PS C:\WINDOWS\system32> $ip = "0.0.0.0"

PS C:\ WINDOWS \ system32> $ port ="5050"

PS C:\WINDOWS\system32> $port = "5050"

PS C:\ WINDOWS \ system32>"http add sslcert ipport = $($ ip):$ portcerthash = $ certHash appid = {$ guid}"| netsh

PS C:\WINDOWS\system32> "http add sslcert ipport=$($ip):$port certhash=$certHash appid={$guid}" | netsh

您完成了.

对于Windows 7

将证书添加到Windows证书存储区(注意:请使用.pem文件进行此操作，因为certutil似乎不支持.p12文件)

Add Certificate to Windows Cert Store (note: use .pem file for this operation, because .p12 file seems to be not supported from certutil)

.\ certutil.exe -addstore -enterprise -f"Root" C:\ lwe \ cert \ certificate.pem

.\certutil.exe -addstore -enterprise -f "Root" C:\lwe\cert\certificate.pem

如果他的行抛出以下错误:

If his line throws the following error:

SSL证书添加失败，错误1312指定的登录会话不存在.它可能已经终止了.

SSL Certificate add failed, Error 1312 A specified logon session does not exist. It may already have been terminated.

您必须手动执行这些步骤(请在手动执行时插入.p12文件，而不是.pem):

You have to do the steps manually (please insert the .p12 file when doing it manually, not .pem) :

运行mmc.exe

• 转到文件"->添加/删除管理单元"

• Go to File-> Add/Remove Snap-In

选择证书"管理单元.

选择计算机帐户

导航到:证书(本地计算机)\个人\证书

Navigate to: Certificates (Local Computer)\Personal\Certificates

右键单击证书"文件夹，然后选择所有任务"->导入".

Right click the Certificates folder and choose All Tasks -> Import.

按照向导说明选择证书.确保在向导过程中选中了导出复选框.

Follow the wizard instructions to select the certificate. Be sure you check the export checkbox during wizard.

要获取证书的哈希，请运行Internet Explorer，按Alt + X，然后转到Internet选项->内容->证书.搜索您的证书并阅读哈希.

To get the hash of yor certificate, run the Internet Explorer, press Alt + X and go to Internet Options -> Content -> Certificates. Search your certificate and read the hash.

现在您可以运行与Windows 8+相同的命令:

Now you can run the same commands as for Windows 8+:

安装证书(用您的值替换哈希，IP和端口)

Install certificate (replace Hash, IP and Port with your values)

PS C:\ WINDOWS \ system32> $ guid = [guid] :: NewGuid()

PS C:\WINDOWS\system32> $guid = [guid]::NewGuid()

PS C:\ WINDOWS \ system32> $ certHash ="A1D ... B672E"

PS C:\WINDOWS\system32> $certHash = "A1D...B672E"

PS C:\ WINDOWS \ system32> $ ip ="0.0.0.0"

PS C:\WINDOWS\system32> $ip = "0.0.0.0"

PS C:\ WINDOWS \ system32> $ port ="5050"

PS C:\WINDOWS\system32> $port = "5050"

PS C:\ WINDOWS \ system32>"http add sslcert ipport = $($ ip):$ portcerthash = $ certHash appid = {$ guid}"| netsh

PS C:\WINDOWS\system32> "http add sslcert ipport=$($ip):$port certhash=$certHash appid={$guid}" | netsh

编辑您的代码

毕竟，您必须将UrlPrefixes设置为https.因此，在您的Program.cs文件中，您需要具备以下条件:

Edit your Code

After all, you have to set the UrlPrefixes to https. So in your Program.cs file you need to have:

var host = WebHost.CreateDefaultBuilder(args)
            .UseContentRoot(pathToContentRoot)
            .UseHttpSys(options =>
            {
                options.Authentication.Schemes = AuthenticationSchemes.None;
                options.Authentication.AllowAnonymous = true;
                options.MaxConnections = null;
                options.MaxRequestBodySize = 30000000;
                options.UrlPrefixes.Add("https://*:5050");
            })
            .UseStartup<Startup>()
            .UseApplicationInsights()
            .Build();

这篇关于如何使用自托管的ASP.NET Core 2应用程序(httpsys)进行HTTPS(SSL)的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！