如何使用自托管 ASP.NET Core 2 应用程序 (httpsys) 进行 HTTPS (SSL) [英] How to HTTPS (SSL) with self-hosted ASP.NET Core 2 app (httpsys)
问题描述
我写了一个小的 ASP.NET Core 2 应用程序.它作为服务运行,因此没有 IIS.它在装有 Windows 7 SP1 的 PC 上运行.
var host = WebHost.CreateDefaultBuilder(args).UseContentRoot(pathToContentRoot).UseHttpSys(选项 =>{options.Authentication.Schemes = AuthenticationSchemes.None;options.Authentication.AllowAnonymous = true;选项.MaxConnections = null;选项.MaxRequestBodySize = 30000000;options.UrlPrefixes.Add("http://*:5050");}).UseStartup<启动>().UseApplicationInsights().建造();如果(是服务){主机.RunAsService();}别的{主机.运行();}如您所见,我想在端口 5050 上监听.没有 SSL 也可以正常工作.
我的问题是,如何为我的应用程序启用 https?再次:没有 IIS,没有域名(没有互联网连接).通信只是在内部网络内部,所以我想使用自签名证书.
我阅读了文档(HTTP.sys 文档;Netsh 命令;New-SelfSignedCertificate),但我的情况总是有所不同(他们使用 Krestel,或者是使用 IIS).另外,我不知道如何为我的应用程序获取 App-ID(netsh 需要).我试过这个:StackOverflow 获取 GUID 但它不起作用.
var assembly = typeof(Program).Assembly;//以下行产生:System.IndexOutOfRangeExceptionvar 属性 = (GuidAttribute)assembly.GetCustomAttributes(typeof(GuidAttribute), true)[0];var id = 属性值;Console.WriteLine(id);所以我对所有的可能性和不同的配置有点困惑.而且文档没有考虑我的具体情况.
我创建了一个证书,我想我需要将它存储在我的"商店中.(那在哪里?cert:LocalMachineMy)然后我需要为其分配我的 Applicaion ID 和端口.
但我不知道该怎么做.有人可以帮忙吗?
所以我通过以下方式解决问题:
首先,如果您想知道自己的 GUID,您将通过以下代码获得它:
var id = typeof(RuntimeEnvironment).GetTypeInfo().Assembly.GetCustomAttribute().Value; 创建自签名证书
现在创建一个 SelfSigned-Certificate(如果您已经获得或购买了,请跳过此步骤)
- 运行以下 OpenSSL 命令以生成您的私钥和公共证书.回答问题并在出现提示时输入通用名称.
<块引用>
openssl req -newkey rsa:2048 -nodes -keyout key.pem -x509 -days 365 -out certificate.pem
- 将您的密钥和证书组合到一个 PKCS#12 (P12) 捆绑包中:
<块引用>
openssl pkcs12 -inkey key.pem -in certificate.pem -export -out certificate.p12
在客户端安装证书:
对于 Windows 8 及更高版本:
使用 PowerShell
将证书添加到 Windows Cert Store<块引用>PS C:> $certpwd = ConvertTo-SecureString -String "passwort" -Force –AsPlainText
PS C:> Import-PfxCertificate –FilePath D:datacertcertificate.p12 cert:localMachinemy -Password $certpwd
获取证书的指纹(哈希)
<块引用>PS C:WINDOWSsystem32> dir Cert:LocalMachinemy
安装证书(用您的值替换哈希、IP 和端口)
<块引用>PS C:WINDOWSsystem32> $guid = [guid]::NewGuid()
PS C:WINDOWSsystem32> $certHash =A1D...B672E"
PS C:WINDOWSsystem32> $ip = "0.0.0.0"
PS C:WINDOWSsystem32> $port = "5050"
PS C:WINDOWSsystem32> "http 添加 sslcert ipport=$($ip):$portcertash=$certHash appid={$guid}" | netsh
你已经完成了.
适用于 Windows 7
将证书添加到 Windows 证书存储(注意:此操作使用 .pem 文件,因为 certutil 似乎不支持 .p12 文件)
<块引用>.certutil.exe -addstore -enterprise -f "Root" C:lwecertcertificate.pem
如果他的行抛出以下错误:
<块引用>SSL 证书添加失败,错误 1312指定的登录会话不存在.它可能已经被终止了.
您必须手动执行这些步骤(手动执行时请插入 .p12 文件,而不是 .pem):
运行 mmc.exe
转到文件-> 添加/删除管理单元
选择证书管理单元.
选择计算机帐户
导航至:证书(本地计算机)个人证书
右键单击证书文件夹并选择所有任务 -> 导入.
按照向导说明选择证书.确保在向导期间选中导出复选框.
要获取您证书的哈希值,请运行 Internet Explorer,按 Alt + X 并转到 Internet 选项 -> 内容 -> 证书.搜索您的证书并读取哈希值.
现在您可以运行与 Windows 8+ 相同的命令:
安装证书(用您的值替换哈希、IP 和端口)
<块引用>PS C:WINDOWSsystem32> $guid = [guid]::NewGuid()
PS C:WINDOWSsystem32> $certHash =A1D...B672E"
PS C:WINDOWSsystem32> $ip = "0.0.0.0"
PS C:WINDOWSsystem32> $port = "5050"
PS C:WINDOWSsystem32> "http 添加 sslcert ipport=$($ip):$portcertash=$certHash appid={$guid}" | netsh
编辑您的代码
毕竟,您必须将 UrlPrefixes 设置为 https.因此,在您的 Program.cs 文件中,您需要:
var host = WebHost.CreateDefaultBuilder(args).UseContentRoot(pathToContentRoot).UseHttpSys(选项 =>{options.Authentication.Schemes = AuthenticationSchemes.None;options.Authentication.AllowAnonymous = true;选项.MaxConnections = null;选项.MaxRequestBodySize = 30000000;options.UrlPrefixes.Add("https://*:5050");}).UseStartup<启动>().UseApplicationInsights().建造();I wrote a little ASP.NET Core 2 application. It runs as a service, so no IIS. It runs on a PC with Windows 7 SP1.
var host = WebHost.CreateDefaultBuilder(args)
.UseContentRoot(pathToContentRoot)
.UseHttpSys(options =>
{
options.Authentication.Schemes = AuthenticationSchemes.None;
options.Authentication.AllowAnonymous = true;
options.MaxConnections = null;
options.MaxRequestBodySize = 30000000;
options.UrlPrefixes.Add("http://*:5050");
})
.UseStartup<Startup>()
.UseApplicationInsights()
.Build();
if (isService)
{
host.RunAsService();
}
else
{
host.Run();
}
As you can see, I want to listen on port 5050. This is working fine without SSL.
My question is, how can I enable https for my application? Again: No IIS, no Domain-Name (no internet connection). Communication is just inside the internal network, so I want to use a self-signed certificate.
I read the documentation (HTTP.sys documentation;Netsh Commands;New-SelfSignedCertificate), but there is always something different to my situation (they use Krestel, or it is for using IIS). Also, I dont know how to get the App-ID (needed for netsh) for my Application. I tryed this: StackOverflow Get GUID but it doesn't work.
var assembly = typeof(Program).Assembly;
// following line produces: System.IndexOutOfRangeException
var attribute = (GuidAttribute)assembly.GetCustomAttributes(typeof(GuidAttribute), true)[0];
var id = attribute.Value;
Console.WriteLine(id);
So I am a bit confused about all the possabilitys and different configurations. And the docs don't consider my specific case.
I created a certificate, and I guess I need to store it on the "my" Store. (Where is that? cert:LocalMachineMy) And then I need to assign my Applicaion ID and Port to it.
But I have no idea how to do that exactly. Can anyone help?
So I solve the problem in the following way:
First, if you want to know your own GUID, you will get it with the following code:
var id = typeof(RuntimeEnvironment).GetTypeInfo().Assembly.GetCustomAttribute<GuidAttribute>().Value;
Create a SelfSigned Certificate
Now create a SelfSigned-Certificate (Skip this if you already got one, or purchased one)
- Run the following OpenSSL command to generate your private key and public certificate. Answer the questions and enter the Common Name when prompted.
openssl req -newkey rsa:2048 -nodes -keyout key.pem -x509 -days 365 -out certificate.pem
- Combine your key and certificate in a PKCS#12 (P12) bundle:
openssl pkcs12 -inkey key.pem -in certificate.pem -export -out certificate.p12
Install the certificate on the client:
For Windows 8 and higher:
Add Certificate to Windows Cert Store with PowerShell
PS C:> $certpwd = ConvertTo-SecureString -String "passwort" -Force –AsPlainText
PS C:> Import-PfxCertificate –FilePath D:datacertcertificate.p12 cert:localMachinemy -Password $certpwd
Get Fingerprint (Hash) of certificate
PS C:WINDOWSsystem32> dir Cert:LocalMachinemy
Install certificate (replace Hash, IP and Port with your values)
PS C:WINDOWSsystem32> $guid = [guid]::NewGuid()
PS C:WINDOWSsystem32> $certHash = "A1D...B672E"
PS C:WINDOWSsystem32> $ip = "0.0.0.0"
PS C:WINDOWSsystem32> $port = "5050"
PS C:WINDOWSsystem32> "http add sslcert ipport=$($ip):$port certhash=$certHash appid={$guid}" | netsh
You are done.
For Windows 7
Add Certificate to Windows Cert Store (note: use .pem file for this operation, because .p12 file seems to be not supported from certutil)
.certutil.exe -addstore -enterprise -f "Root" C:lwecertcertificate.pem
If his line throws the following error:
SSL Certificate add failed, Error 1312 A specified logon session does not exist. It may already have been terminated.
You have to do the steps manually (please insert the .p12 file when doing it manually, not .pem) :
Run mmc.exe
Go to File-> Add/Remove Snap-In
Choose the Certificates snap-in.
Select Computer Account
Navigate to: Certificates (Local Computer)PersonalCertificates
Right click the Certificates folder and choose All Tasks -> Import.
Follow the wizard instructions to select the certificate. Be sure you check the export checkbox during wizard.
To get the hash of yor certificate, run the Internet Explorer, press Alt + X and go to Internet Options -> Content -> Certificates. Search your certificate and read the hash.
Now you can run the same commands as for Windows 8+:
Install certificate (replace Hash, IP and Port with your values)
PS C:WINDOWSsystem32> $guid = [guid]::NewGuid()
PS C:WINDOWSsystem32> $certHash = "A1D...B672E"
PS C:WINDOWSsystem32> $ip = "0.0.0.0"
PS C:WINDOWSsystem32> $port = "5050"
PS C:WINDOWSsystem32> "http add sslcert ipport=$($ip):$port certhash=$certHash appid={$guid}" | netsh
Edit your Code
After all, you have to set the UrlPrefixes to https. So in your Program.cs file you need to have:
var host = WebHost.CreateDefaultBuilder(args)
.UseContentRoot(pathToContentRoot)
.UseHttpSys(options =>
{
options.Authentication.Schemes = AuthenticationSchemes.None;
options.Authentication.AllowAnonymous = true;
options.MaxConnections = null;
options.MaxRequestBodySize = 30000000;
options.UrlPrefixes.Add("https://*:5050");
})
.UseStartup<Startup>()
.UseApplicationInsights()
.Build();
这篇关于如何使用自托管 ASP.NET Core 2 应用程序 (httpsys) 进行 HTTPS (SSL)的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
