SSL客户端/服务器相互认证
您好我正在尝试在C#中使用服务器和客户端证书进行相互身份validation的ssl客户端/服务器通信。 设法只使用服务器证书进行ssl通信,在客户端我使用这样的:
TcpClient client = new TcpClient(machineName, port); //Create an SSL stream that will close the client's stream. SslStream sslStream = new SslStream( client.GetStream(), false, new RemoteCertificateValidationCallback(ValidateServerCertificate), null ); try { // The server name must match the name on the server certificate. sslStream.AuthenticateAsClient(serverName); } catch (AuthenticationException e) { Console.WriteLine("Exception: {0}", e.Message); if (e.InnerException != null) { Console.WriteLine("Inner exception: {0}", e.InnerException.Message); } Console.WriteLine("Authentication failed - closing the connection."); client.Close(); return; } 我想我需要使用
AuthenticateAsClient(string targetHost, X509CertificateCollection clientCertificates, SslProtocols enabledSslProtocols, bool checkCertificateRevocation)
方法,我是谁? 任何人都可以告诉我如何使用它周围的所有东西?甚至在服务器端,或指向我一个基本的例子?
非常感谢。
static void HTTPSClient() { try { string message = "GET / HTTP/1.0\r\nHost: host.com\r\n\r\n"; byte[] data = System.Text.Encoding.ASCII.GetBytes(message); string server = "host.com"; int nPort = 443; TcpClient client = new TcpClient(server, nPort); X509Certificate2Collection cCollection = new X509Certificate2Collection(); cCollection.Add(new X509Certificate2("cert.pfx", "password")); using (SslStream sslStream = new SslStream(client.GetStream(), false, new RemoteCertificateValidationCallback(ValidateServerCertificate), null)) { // Add a client certificate to the ssl connection sslStream.AuthenticateAsClient(server, cCollection, System.Security.Authentication.SslProtocols.Default, true); sslStream.Write(data, 0, data.Length); data = new Byte[8192]; int bytes = 0; string responseData = ""; do { bytes = sslStream.Read(data, 0, data.Length); if (bytes > 0) { responseData += System.Text.Encoding.ASCII.GetString(data, 0, bytes); } } while (bytes > 0); Console.WriteLine("Response: " + responseData); } // Disconnect and close the client client.Close(); } catch (Exception ex) { Console.WriteLine("Error: " + ex.ToString()); } } public static bool ValidateServerCertificate(object sender, X509Certificate certificate, X509Chain chain, SslPolicyErrors sslPolicyErrors) { if (sslPolicyErrors == SslPolicyErrors.None) return true; Console.WriteLine("Certificate error: {0}", sslPolicyErrors); // Do not allow this client to communicate with unauthenticated servers. return false; }
- 您需要一个x509自我证书,创建它简单,下载pluralsight自我证书
- 像在图像中一样生成证书
- 创建新的网站,有选择wcf服务。
- 添加解决方案新控制台应用程序,以测试我们的服务。
-
在服务put配置的web.config中:
-
在Service类中,删除现有方法并添加:
public string TestAccess(){return OperationContext.Current.ServiceSecurityContext.PrimaryIdentity.Name; }
-
在IService中删除数据合同,删除操作合同并添加新的操作合同:
[OperationContract的]
public string TestAccess(); -
运行服务并在客户端应用程序中将服务引用添加到我们的服
-
客户端配置:
-
客户代码:
ServiceClient客户端=新的ServiceClient();
client.ClientCredentials.UserName.UserName =“你的windows用户”;
client.ClientCredentials.UserName.Password =“您的Windows用户密码”;
Console.WriteLine(client.TestAccess());
到Console.ReadLine(); - 如果您不想使用Windows登录/密码,则必须创建自定义用户/密码validation器- > msdn :
问候,的Sergiu。
- 为什么使用“新的NetworkCredential(用户名,密码)”不适用于我的网站的基本身份validation(来自WinForms C#应用程序)?
- 使用带有登录页面的HttpWebRequest发送数据
- C#Flurl – 将WebRequestHandler添加到FlurlClient
- 如何支持NTLM身份validation与ASP.NET MVC中的回退forms?
- 如何在ASP.NET Boilerplate中设置社交登录?
- MVC 5 IoC和身份validation
- WEB API – 在控制器或操作级别授权(无身份validation)
- UserPrincipal.FindByIdentity中的.NET 4.5错误(System.DirectoryServices.AccountManagement)
- 用于JWT承载认证的.NET Core IssuerSigningKey文件