如何从客户端请求中获取 X509Certificate [英] How to get the X509Certificate from a client request
问题描述
我有一个使用证书保护的网络服务.现在,我想通过查看证书指纹来识别客户端.这意味着我在某处的服务上有一个与某个用户相关联的指纹列表.
I have a web-service which I secured using certificates. Now, I want to identify the client by looking at the certificate thumbprint. This means that I have a list of thumbprints on my service somewhere that are linked to some user.
实际上,我的第一个问题(有点跑题)是:这是一个好方法还是我仍然应该引入一些用户名密码构造?
Actually, my first question (a little off-topic) is: is this a good approach or should I still introduce some username password construction?
第二个问题是:如何获取客户端用于连接到 Web 服务的证书,以便我可以在服务端读取指纹.
Second question is: how can I get the certificate that the client used to connect to the web-service so I can read the thumbprint at the service side.
我确实阅读了很多相关内容(例如这篇文章:如何从 Web 服务中的客户端获取 X509Certificate?) 但找不到答案.
I did read a lot about it (like this post:How do I get the X509Certificate sent from the client in web service?) but could not find an answer.
我没有 HTTPContext,所以这不是一个选项.在上面提到的帖子中谈到了 Context.Request.ClientCertificate.Certificate
但我猜他们也指的是那里的 HTTPContext
.另外将 <serviceHostingEnvironment aspNetCompatibilityEnabled="true"/>
添加到 web.config 也不是一个选项.
I have no HTTPContext, so that is not an option. In the post mentioned above is spoken about Context.Request.ClientCertificate.Certificate
but I guess they mean the HTTPContext
there as well. Also adding <serviceHostingEnvironment aspNetCompatibilityEnabled="true" />
to the web.config is also not an option.
推荐答案
这就是我们在 webservice 的构造函数中这样做的方式:
this is how we do this in the constructor of our webservice:
if (OperationContext.Current.ServiceSecurityContext.AuthorizationContext.ClaimSets == null)
throw new SecurityException ("No claimset service configured wrong");
if (OperationContext.Current.ServiceSecurityContext.AuthorizationContext.ClaimSets.Count <= 0)
throw new SecurityException ("No claimset service configured wrong");
var cert = ((X509CertificateClaimSet) OperationContext.Current.ServiceSecurityContext.
AuthorizationContext.ClaimSets[0]).X509Certificate;
//this contains the thumbprint
cert.Thumbprint
这篇关于如何从客户端请求中获取 X509Certificate的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!