All geek questions in one place

How ASP.NET Core 1.0.1 HTTPS API with Kestrel

we want to implement ASP.NET Core API (1.0.1) on the IIS web server (as a proxy), which runs on the Kestrel server. Clients launching the API must do this using the Certificate used by our CA company. The user, what should be authenticated "Active Directory Client Certificate Authentication".

We are developing Visual Studio 2015 (Update 3) for the development client (and not for the web server).

After reading an attempt to understand the mechanisms, I just worked a bit on the code. Unfortunately, the attempt and error did not help much :)

Subsequently, I tried to find several tutorials on the Internet, but most of them just cover parts of the solution, and in addition, most of them focus on ASP.NET 5.

So what is my question?

  • Is there a good guide for my script?
  • Is there any directory on SSL with a real CA company (and not just self-created CA certificates for developers).
  • Can I enable SSL in IIS Express for debugging?
  • How can I read a client certificate in code; GetClientCertificateAsync () ALWAYS is null.
  • Do I have a problem with understanding?

Client - (SSL Cert) → https: // API (IIS → Kestrel)

Should Kestrel be used "Microsoft.AspNetCore.Server.Kestrel.Https": "1.0.1"when I just want to authenticate a client certificate through AD and read the certificate in my API in order to get the UPN?

What have i tried?

First I added "Microsoft.AspNetCore.Server.Kestrel.Https": "1.0.1",to the project.json file.

In the Startup.cs file, I added the following code to the function ConfigureServices:

 services.Configure<KestrelServerOptions>(options =>
        {
            options.ThreadCount = 4;
            options.UseConnectionLogging();

            HttpsConnectionFilterOptions https = new HttpsConnectionFilterOptions();
            https.ClientCertificateMode = ClientCertificateMode.AllowCertificate;
            https.ServerCertificate = GetCetificate();
            https.CheckCertificateRevocation = false;

            options.UseHttps(https);
        });

GetCetificate() ( , ?)

:

"server.urls": "http://localhost:6000;https://localhost:6001;"

ValuesController, . API- (NOT IIS Express) http://localhost:6000/api/values json. https://localhost:6001/api/values, :

fail: Microsoft.AspNetCore.Server.Kestrel [0]       ConnectionFilter.OnConnection System.AggregateException: . ( SSL .) --- > System.NotSupportedException: SSL . System.Net.Security.SecureChannel.AcquireServerCredentials( [] & thumbPrint) System.Net.Security.SecureChannel.GenerateToken(Byte [] input, Int32 offset, Int32 count, Byte [] & ) System.Net.Security.SecureChannel.NextMessage(Byte [] incoming, Int32 , Int32) System.Net.Security.SslState.StartSendBlob( [] , Int32 count, AsyncProtocolRequest asyncRequest) System.Net.Security.SslState.ProcessReceivedBlob( [] buffer, Int32 count, AsyncProtocolRequest asyncRequest) System.Net.Security.SslState.StartReadFrame( Byte [], Int32 readBytes, AsyncProtocolRequest asyncRequest) System.Net.Security.SslState.PartialFrameCallback(AsyncProtocolRequest AsyncRequest) --- , - System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() at System.Net.Security.SslState.InternalEndProcessAuthentication(LazyAsyncResult lazyResult) System.Net.Security.SslState.EndProcessAuthentication(IAsyncResult ) System.Net.Security.SslStream.EndAuthenticateAsServer(IAsyncResult asyncResult) System.Threading.Tasks.TaskFactory 1.FromAsyncCoreLogic(IAsyncResult iar, Func 2 endFunction, Action 1 endAction, Task 1 prom, Boolean requiresSynchronization) --- , - System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task ) System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task ) Microsoft.AspNetCore.Server.Kestrel.Https.HttpsConnectionFilter.d__3.MoveNext() --- --- --- > ( # 0) System.NotSupportedException: SSL . System.Net.Security.SecureChannel.AcquireServerCredentials( [] & thumbPrint) System.Net.Security.SecureChannel.GenerateToken(Byte [] input, Int32 offset, Int32 count, Byte [] & ) System.Net.Security.SecureChannel.NextMessage(Byte [] incoming, Int32 , Int32) System.Net.Security.SslState.StartSendBlob( [] , Int32 count, AsyncProtocolRequest asyncRequest) System.Net.Security.SslState.ProcessReceivedBlob( [] buffer, Int32 count, AsyncProtocolRequest asyncRequest) System.Net.Security.SslState.StartReadFrame( Byte [], Int32 readBytes, AsyncProtocolRequest asyncRequest) System.Net.Security.SslState.PartialFrameCallback(AsyncProtocolRequest AsyncRequest) --- , - System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() at System.Net.Security.SslState.InternalEndProcessAuthentication(LazyAsyncResult lazyResult) System.Net.Security.SslState.EndProcessAuthentication(IAsyncResult ) System.Net.Security.SslStream.EndAuthenticateAsServer(IAsyncResult asyncResult) System.Threading.Tasks.TaskFactory 1.FromAsyncCoreLogic(IAsyncResult iar, Func 2 endFunction, Action 1 endAction, Task 1 prom, Boolean requiresSynchronization) --- , - System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task ) System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task ) Microsoft.AspNetCore.Server.Kestrel.Https.HttpsConnectionFilter.d__3.MoveNext() < ---

IIS Express, , ( http://localhost:31943/ https://localhost:44317/, launchSettings.json) ClientCertificate.

+4

:

Source: https://habr.com/ru/post/1657500/

More articles:


All Articles