如何从客户端请求的X509证书 [英] How to get the X509Certificate from a client request

问题描述

我有一个Web服务，我保证使用证书。
现在，我想通过查看证书指纹来识别客户端。这意味着我必须链接到一些用户对我的服务的地方指纹的列表。

其实，我的第一个问题（有点偏离主题）是：这是一个很好的方法，或者我应该还是介绍一些用户名密码建<​​/ p>？

第二个问题是：我怎样才能得到所使用的客户端连接到Web服务，所以我可以在阅读服务端的指纹证书

我也读了很多关于它（喜欢这个岗位？我如何X509证书从客户端的Web服务发送），但找不到答案。

我没有HttpContext的，所以这是不是一种选择。在上面提到的职位是谈到 Context.Request.ClientCertificate.Certificate ，但我猜他们的意思是的HttpContext 那里好。还加入＆LT; serviceHostingEnvironment aspNetCompatibilityEnabled =真/方式＆gt; 到Web.config也不能选择

解决方案

这是我们如何在Web服务的构造函数中做到这一点：

 如果（OperationContext.Current.ServiceSecurityContext.AuthorizationContext.ClaimSets == NULL）
    抛出新SecurityException异常（配置错误没有claimset服务）;如果（OperationContext.Current.ServiceSecurityContext.AuthorizationContext.ClaimSets.Count＆下; = 0）
    抛出新SecurityException异常（配置错误没有claimset服务）;
VAR证书=（（X509CertificateClaimSet）OperationContext.Current.ServiceSecurityContext。
            AuthorizationContext.ClaimSets [0]）x509证书。//这包含了指纹
cert.Thumbprint
 

I have a web-service which I secured using certificates. Now, I want to identify the client by looking at the certificate thumbprint. This means that I have a list of thumbprints on my service somewhere that are linked to some user.

Actually, my first question (a little off-topic) is: is this a good approach or should I still introduce some username password construction?

Second question is: how can I get the certificate that the client used to connect to the web-service so I can read the thumbprint at the service side.

I did read a lot about it (like this post:How do I get the X509Certificate sent from the client in web service?) but could not find an answer.

I have no HTTPContext, so that is not an option. In the post mentioned above is spoken about Context.Request.ClientCertificate.Certificate but I guess they mean the HTTPContext there as well. Also adding <serviceHostingEnvironment aspNetCompatibilityEnabled="true" /> to the web.config is also not an option.

解决方案

this is how we do this in the constructor of our webservice:

if (OperationContext.Current.ServiceSecurityContext.AuthorizationContext.ClaimSets == null)
    throw new SecurityException ("No claimset service configured wrong");

if (OperationContext.Current.ServiceSecurityContext.AuthorizationContext.ClaimSets.Count <= 0)
    throw new SecurityException ("No claimset service configured wrong");


var cert = ((X509CertificateClaimSet) OperationContext.Current.ServiceSecurityContext.
            AuthorizationContext.ClaimSets[0]).X509Certificate;

//this contains the thumbprint
cert.Thumbprint

这篇关于如何从客户端请求的X509证书的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！