如何从客户端请求的X509证书 [英] How to get the X509Certificate from a client request
问题描述
我有一个Web服务,我保证使用证书。
现在,我想通过查看证书指纹来识别客户端。这意味着我必须链接到一些用户对我的服务的地方指纹的列表。
其实,我的第一个问题(有点偏离主题)是:这是一个很好的方法,或者我应该还是介绍一些用户名密码建</ p>?
第二个问题是:我怎样才能得到所使用的客户端连接到Web服务,所以我可以在阅读服务端的指纹证书
我也读了很多关于它(喜欢这个岗位?我如何X509证书从客户端的Web服务发送),但找不到答案。
我没有HttpContext的,所以这是不是一种选择。在上面提到的职位是谈到 Context.Request.ClientCertificate.Certificate
,但我猜他们的意思是的HttpContext
那里好。还加入&LT; serviceHostingEnvironment aspNetCompatibilityEnabled =真/方式&gt;
到Web.config也不能选择
这是我们如何在Web服务的构造函数中做到这一点:
如果(OperationContext.Current.ServiceSecurityContext.AuthorizationContext.ClaimSets == NULL)
抛出新SecurityException异常(配置错误没有claimset服务);如果(OperationContext.Current.ServiceSecurityContext.AuthorizationContext.ClaimSets.Count&下; = 0)
抛出新SecurityException异常(配置错误没有claimset服务);
VAR证书=((X509CertificateClaimSet)OperationContext.Current.ServiceSecurityContext。
AuthorizationContext.ClaimSets [0])x509证书。//这包含了指纹
cert.Thumbprint
I have a web-service which I secured using certificates. Now, I want to identify the client by looking at the certificate thumbprint. This means that I have a list of thumbprints on my service somewhere that are linked to some user.
Actually, my first question (a little off-topic) is: is this a good approach or should I still introduce some username password construction?
Second question is: how can I get the certificate that the client used to connect to the web-service so I can read the thumbprint at the service side.
I did read a lot about it (like this post:How do I get the X509Certificate sent from the client in web service?) but could not find an answer.
I have no HTTPContext, so that is not an option. In the post mentioned above is spoken about Context.Request.ClientCertificate.Certificate
but I guess they mean the HTTPContext
there as well. Also adding <serviceHostingEnvironment aspNetCompatibilityEnabled="true" />
to the web.config is also not an option.
this is how we do this in the constructor of our webservice:
if (OperationContext.Current.ServiceSecurityContext.AuthorizationContext.ClaimSets == null)
throw new SecurityException ("No claimset service configured wrong");
if (OperationContext.Current.ServiceSecurityContext.AuthorizationContext.ClaimSets.Count <= 0)
throw new SecurityException ("No claimset service configured wrong");
var cert = ((X509CertificateClaimSet) OperationContext.Current.ServiceSecurityContext.
AuthorizationContext.ClaimSets[0]).X509Certificate;
//this contains the thumbprint
cert.Thumbprint
这篇关于如何从客户端请求的X509证书的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!