如何从客户端请求中获取 X509Certificate [英] How to get the X509Certificate from a client request

问题描述

我有一个使用证书保护的网络服务.现在，我想通过查看证书指纹来识别客户端.这意味着我在某处的服务上有一个与某个用户相关联的指纹列表.

I have a web-service which I secured using certificates. Now, I want to identify the client by looking at the certificate thumbprint. This means that I have a list of thumbprints on my service somewhere that are linked to some user.

实际上，我的第一个问题(有点跑题)是:这是一个好方法还是我仍然应该引入一些用户名密码构造?

Actually, my first question (a little off-topic) is: is this a good approach or should I still introduce some username password construction?

第二个问题是:如何获取客户端用于连接到 Web 服务的证书，以便我可以在服务端读取指纹.

Second question is: how can I get the certificate that the client used to connect to the web-service so I can read the thumbprint at the service side.

我确实阅读了很多相关内容(例如这篇文章:如何从 Web 服务中的客户端获取 X509Certificate?) 但找不到答案.

I did read a lot about it (like this post:How do I get the X509Certificate sent from the client in web service?) but could not find an answer.

我没有 HTTPContext，所以这不是一个选项.在上面提到的帖子中谈到了 Context.Request.ClientCertificate.Certificate 但我猜他们也指的是那里的 HTTPContext.另外将 <serviceHostingEnvironment aspNetCompatibilityEnabled="true"/> 添加到 web.config 也不是一个选项.

I have no HTTPContext, so that is not an option. In the post mentioned above is spoken about Context.Request.ClientCertificate.Certificate but I guess they mean the HTTPContext there as well. Also adding <serviceHostingEnvironment aspNetCompatibilityEnabled="true" /> to the web.config is also not an option.

推荐答案

这就是我们在 webservice 的构造函数中这样做的方式:

this is how we do this in the constructor of our webservice:

if (OperationContext.Current.ServiceSecurityContext.AuthorizationContext.ClaimSets == null)
    throw new SecurityException ("No claimset service configured wrong");

if (OperationContext.Current.ServiceSecurityContext.AuthorizationContext.ClaimSets.Count <= 0)
    throw new SecurityException ("No claimset service configured wrong");


var cert = ((X509CertificateClaimSet) OperationContext.Current.ServiceSecurityContext.
            AuthorizationContext.ClaimSets[0]).X509Certificate;

//this contains the thumbprint
cert.Thumbprint

这篇关于如何从客户端请求中获取 X509Certificate的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！