您的位置: 首页  >  技术问答  >  如何在.Net Core 3.1中的OpenId连接时禁用ssl证书验证?

如何在.Net Core 3.1中的OpenId连接时禁用ssl证书验证?

分类: 技术问答 2022-05-05 11:59:41
问题描述:

我正在尝试在开发环境中使用其IP地址连接到开放ID颁发机构.显然,在这种情况下,ssl验证将失败.我想绕过它,到目前为止没有任何运气.我找到了有关该主题的以下答案:

I'm trying to connect in a development environment to a open id authority with it's ip address. Obviously in this scenario the ssl validation will fail. I'd like to bypass it, without any luck so far. I've found the following answers regarding this topic:

  • 在OpenIdConnectOptions类中将RequireHttpsMetadata设置为false.
  • 使用以下代码:

ServicePointManager.ServerCertificateValidationCallback + =(发件人,证书,链条,sslPolicyErrors)=>真的;

ServicePointManager.ServerCertificateValidationCallback += (sender, cert, chain, sslPolicyErrors) => true;

当我的应用尝试访问oidc授权时,我收到相同的错误:

When my app tries to access the oidc authority I recieve the same error:

处理请求时发生未处理的异常.AuthenticationException:远程证书无效,具体取决于验证程序.System.Net.Security.SslStream.StartSendAuthResetSignal(ProtocolToken消息,AsyncProtocolRequest asyncRequest,ExceptionDispatchInfo例外)

An unhandled exception occurred while processing the request. AuthenticationException: The remote certificate is invalid according to the validation procedure. System.Net.Security.SslStream.StartSendAuthResetSignal(ProtocolToken message, AsyncProtocolRequest asyncRequest, ExceptionDispatchInfo exception)

HttpRequestException:无法建立SSL连接,请参阅内部异常.System.Net.Http.ConnectHelper.EstablishmentSslConnectionAsyncCore(流流,SslClientAuthenticationOptions sslOptions,CancellationTokencancelToken)

HttpRequestException: The SSL connection could not be established, see inner exception. System.Net.Http.ConnectHelper.EstablishSslConnectionAsyncCore(Stream stream, SslClientAuthenticationOptions sslOptions, CancellationToken cancellationToken)

IOException:IDX20804:无法从以下位置检索文档:'https://172.11.0.11:1111/MY_APP/.well-known/openid-configuration'.Microsoft.IdentityModel.Protocols.HttpDocumentRetriever.GetDocumentAsync(string地址,CancellationToken取消)

IOException: IDX20804: Unable to retrieve document from: 'https://172.11.0.11:1111/MY_APP/.well-known/openid-configuration'. Microsoft.IdentityModel.Protocols.HttpDocumentRetriever.GetDocumentAsync(string address, CancellationToken cancel)

InvalidOperationException:IDX20803:无法获取配置从:'https://172.11.0.11:1111/MY_APP/.well-known/openid-configuration'.Microsoft.IdentityModel.Protocols.ConfigurationManager.GetConfigurationAsync(CancellationToken取消)

InvalidOperationException: IDX20803: Unable to obtain configuration from: 'https://172.11.0.11:1111/MY_APP/.well-known/openid-configuration'. Microsoft.IdentityModel.Protocols.ConfigurationManager.GetConfigurationAsync(CancellationToken cancel)

警告:仅在开发期间使用它.如果需要,您需要针对您的生产平台的自定义证书验证例程.

您可能已经重写了错误的HttpClientHandler.可以在此处覆盖用于OpenId Connect的反向通道HttpClient:

You might have overridden the wrong HttpClientHandler. Back-channel HttpClient for OpenId Connect can be overridden here:

services
    .AddAuthentication(options =>
    {
        ...
    })
    .AddCookie()
    .AddOpenIdConnect(options =>
    {
        ...
        HttpClientHandler handler = new HttpClientHandler();
        handler.ServerCertificateCustomValidationCallback = HttpClientHandler.DangerousAcceptAnyServerCertificateValidator;
        options.BackchannelHttpHandler = handler;
    });

相关推荐