在Azure Worker角色中託管的ApiController中訪問客戶端證書

Question

這可能是一個重複的問題，但我仍然找不到任何可以解決我的問題的答案，因此再次發佈它。

我有一個天藍色的工作者角色，並且我使用Owin selfhost爲它添加了一個ApiController（請參閱this以供參考）。

在我的自定義控制器中，我有一個POST API，它嘗試通過從Request對象中提取證書來執行客戶端證書身份驗證，但是當部署到Azure cemulator時，證書始終爲空。

這裏是我的樣本客戶端代碼：

enter code here 

公共靜態異步任務GetResponseAsync（WebApiRequestInfo webApiRequestInfo）

{ 
    if (webApiRequestInfo == null) 
    { 
     throw new ArgumentNullException("webApiRequestInfo"); 
    } 

    WebRequestHandler requestHandler = null; 

    if (webApiRequestInfo.Certificate != null) 
    { 
     requestHandler = new WebRequestHandler { ClientCertificateOptions = ClientCertificateOption.Manual }; 
     requestHandler.ClientCertificates.Add(webApiRequestInfo.Certificate); 
    } 

    using (var client = requestHandler != null 
     ? new HttpClient(requestHandler) {BaseAddress = webApiRequestInfo.BaseUrl} 
     : new HttpClient {BaseAddress = webApiRequestInfo.BaseUrl}) 
    { 

     client.DefaultRequestHeaders.Accept.Clear(); 
     client.DefaultRequestHeaders.Accept.Add(
      new MediaTypeWithQualityHeaderValue(webApiRequestInfo.MediaType)); 

     var method = new HttpMethod(webApiRequestInfo.HttpMethod); 

     var request = new HttpRequestMessage(method, webApiRequestInfo.RelativeUrl) 
     { 
      Content = 
       webApiRequestInfo.Content != null 
        ? new StringContent(JsonConvert.SerializeObject(webApiRequestInfo.Content), Encoding.UTF8, 
         "application/json") 
        : null 
     }; 

     var response = await client.SendAsync(request); 

     return response; 

控制器代碼如下所示：

[HttpPost] 
     public async Task<HttpResponseMessage> GetPackage([FromBody]PackageInfo packageInfo) 
     { 
      string correlationId = null; 
      var logger = TraceLogger<LogData>.Logger; 

      try 
      { 
       if (string.IsNullOrEmpty(packageInfo.Partner)) 
       { 
        throw new ArgumentException("Partner undefined"); 
       } 

       if (string.IsNullOrEmpty(packageInfo.ServiceEnvironment)) 
       { 
        throw new ArgumentException("ServiceEnvironment undefined"); 
       } 

       if (string.IsNullOrEmpty(packageInfo.StorageEnvironment)) 
       { 
        throw new ArgumentException("StorageEnvironment undefined"); 
       } 

       var cert1 = Request.GetClientCertificate();// this is always null 
} 

有我缺少的東西，或者如果這是天藍色模擬器設計的東西。在我部署到雲服務之前，我想澄清這一點，以確保這裏沒有任何缺失。任何建議來解決這將是非常有益的。

Answer 1

基於我的測試，我可以訪問ASP.NET Web API（託管在Azure工作者角色中）控制器操作中的客戶端證書。以下示例代碼供您參考。

TestController.cs

public class TestController : ApiController 
{ 
    public HttpResponseMessage Get() 
    { 
     return new HttpResponseMessage() 
     { 
      Content = new StringContent("Hello from OWIN!") 
     }; 
    } 
    public HttpResponseMessage Get(int id) 
    { 
     var Thumbprint = Request.GetClientCertificate().Thumbprint.ToString(); 
     string msg = String.Format("Hello from OWIN (id = {0})", id); 
     return new HttpResponseMessage() 
     { 
      Content = new StringContent(msg) 
     }; 
    } 
} 

在一個控制檯應用程序

X509Certificate2 certificate = new X509Certificate2(certName, password); 

var Thumbprint = certificate.Thumbprint.ToString(); 

Console.WriteLine($"client certificate Thumbprint: {Thumbprint}"); 

WebRequestHandler requestHandler = new WebRequestHandler(); 

requestHandler = new WebRequestHandler { ClientCertificateOptions = ClientCertificateOption.Manual }; 
requestHandler.ServerCertificateValidationCallback = new RemoteCertificateValidationCallback(ValidateServerCertificate); 

requestHandler.ClientCertificates.Add(certificate); 


using (var client = new HttpClient(requestHandler)) 
{ 
    HttpResponseMessage response = await client.GetAsync("https://127.0.0.1:9527/test/5"); 

    if (response.IsSuccessStatusCode) 
    { 
     string content = await response.Content.ReadAsStringAsync(); 
     Console.WriteLine($"Received response: {content}"); 
    } 
    else 
    { 
     Console.WriteLine($"Error, received status code {response.StatusCode}: {response.ReasonPhrase}"); 
    } 
} 

可以在網頁API控制器動作訪問客戶端證書發送請求

控制檯應用程序輸出