如何使用HttpWebRequest和IISExpress发送客户端证书进行调试

问题描述:

我有一些代码可用于从页面请求中提取客户端证书。这是 MyPage.aspx中的代码。

I have some code for pulling a client certificate from the page request. This is the code in "MyPage.aspx".

string someparam = this.Request.Params["someparam"];
if (!String.IsNullOrWhiteSpace(someparam) && this.Page.Request.ClientCertificate.IsPresent)
{
    try
    {
        X509Certificate2 x509Cert2 = new X509Certificate2(this.Page.Request.ClientCertificate.Certificate);
        //
        // Code for verifying the x509Cert2
        //
    }
    catch (Exception) { }
}

现在,我想在本地环境中的Visual Studio中测试代码。为此,我安装了IISExpress以通过https获得可信的通信。到现在为止还挺好。问题是我发送客户端证书的测试代码似乎不起作用。 ClientCertificate.IsPresent = false 在服务器上。

Now I want to test the code in Visual Studio in my local environment. For this I installed IISExpress to get trusted communication over https. So far so good. The problem is that my test code for sending a client certificate does not seem to work. ClientCertificate.IsPresent = false at the server.

下面是测试代码。证书是.pfx文件。

Below is the test code. The certificate is a .pfx-file.

var request = (HttpWebRequest)WebRequest.Create("https://localhost:44300/MyPage.aspx?someparam=222");
request.Method = "POST";

X509Store store = new X509Store(StoreName.TrustedPeople, StoreLocation.LocalMachine);
store.Open(OpenFlags.ReadOnly);
X509Certificate2Collection col = store.Certificates.Find(X509FindType.FindBySerialNumber, "XXXTHESERIALNUMBERXXX", true);
certFromStore = col[0];
store.Close();
request.ClientCertificates.Add(certFromStore);

HttpWebResponse reqWebResponse = (HttpWebResponse)request.GetResponse();
StreamReader reqResponseStream = new StreamReader(reqWebResponse.GetResponseStream(), Encoding.UTF8);

String resultHtml = reqResponseStream.ReadToEnd();

reqWebResponse.Close();
reqResponseStream.Close();

运行测试代码时不会出错。证书已从商店中正确加载,并成功添加到request.ClientCertificates集合中。但是在MyPage.aspx中,无法从页面请求中提取证书。

I get no errors when running the test code. The certificate is loaded correctly from the store and successfully added to request.ClientCertificates collection. But in MyPage.aspx no certificate can be pulled from the page request.

有人知道我缺少了什么吗?

Does anyone have an idea of what I'm missing?

您需要在IIS Express实例的配置文件中指定参数,该参数位于

C:\ \用户\ [用户名] \文档\IISExpress\config\applicationhost.config

You need to specify parameters in the config file for the IIS Express instance, located at
C:\Users\[username]\Documents\IISExpress\config\applicationhost.config

您应查找安全元素

该元素控制IIS服务器是否接受客户端证书。将属性设置为true可以这样做:

The element controls whether the IIS server would accept client certificates. Setting the attribute enabled to true does this:

iisClientCertificateMappingAuthentication enabled = true

access元素控制如何处理访问。 sslFlags属性控制如何处理客户端证书。出于某种原因,我让IIS真正将证书传递给请求的唯一方法是将sslFlags设置为值SslNegotiateCert:

The access element controls how to handle access. The sslFlags attribute controls how the client certificate would be treated. For some reason, the only way I've got the IIS to actually pass a certificate to the request is by setting the sslFlags to the value SslNegotiateCert as:

access sslFlags = SslNegotiateCert