1. 首頁
  2. 問答
  3. IdentityServer3通過來自客戶端請求上下文的Request.ClientCertificate

IdentityServer3通過來自客戶端請求上下文的Request.ClientCertificate

2016-10-12 102 views
0

我有以下配置:某些帶有「Require SSL」參數集的iis上託管的Web應用程序。另外我有基於IdentityServer3的身份驗證服務。IdentityServer3通過來自客戶端請求上下文的Request.ClientCertificate

我需要將身份驗證流中的Web應用程序中的Request.ClientCertificate.SerialNumber傳遞給IdentityServer。

這裏是我的客戶端配置的一部分:

Notifications = new OpenIdConnectAuthenticationNotifications 
      { 
       RedirectToIdentityProvider = n => 
       { 
        // if signing in, send certificate parameters 
        if(n.ProtocolMessage.RequestType == OpenIdConnectRequestType.AuthenticationRequest) 
        { 
         // here i would like to get client certificate 
         var req = n.OwinContext.Request; 

         // and pass it's serial number to IdentityServer someway 
         n.ProtocolMessage.AcrValues = req.ClientCertificate.SerialNumber 
        } 

        return Task.FromResult(0); 
       }, 
      }

這可能嗎?我如何獲得當前請求的ClientCertificate?

來源

2016-10-12 Eugene Karachkovsky

+0

見https://leastprivilege.com/2013/11/11/client-certificate-authentication-middleware-for-katana/的示例與客戶證書一起工作。 – Tratcher

回答

0

最後,我有這方面的工作:

Notifications = new OpenIdConnectAuthenticationNotifications 
{ 
    RedirectToIdentityProvider = n => 
    { 
     // if signing in, send certificate parameters 
     if(n.ProtocolMessage.RequestType == OpenIdConnectRequestType.AuthenticationRequest) 
     { 
      var RequestContext = n.OwinContext.Environment["System.Web.Routing.RequestContext"] as System.Web.Routing.RequestContext; 
      if (RequestContext != null) 
      { 
       var clientCert = RequestContext.HttpContext.Request.ClientCertificate; 

       // if client authenticated with certificate then extract certificate info and pass it to identity server 
       if (!string.IsNullOrEmpty(clientCert.SerialNumber)) 
       { 
        var sn = clientCert.SerialNumber.Replace("-", ""); 

        // Acr on IdentityServer side explodes by spaces. To prevent splitting values with spaces made some replaces 
        n.ProtocolMessage.AcrValues = "cert:" + sn + " " + clientCert.Subject.Replace(" ","_*_").Replace(",_*_"," "); 
       } 
      } 
     } 

     return Task.FromResult(0); 
    }, 
}

來源

2016-10-21 15:20:36

相關問題

 相關問題