當在 Web 服務器需要一個使用 HttpWebRequest 和 HttpWebResponse 類時,您可以發送客戶端證書。若要獲取可用於通過使用HttpWebRequest 類發送客戶端證書的證書,使用下列方法之一:
如果您要獲取某個特定證書,必須更改類代碼使用 CertFindCertificateInStore 函數獲取特定的證書。此函數被聲明 Wincrypt.h 文件中。 或者,您可以枚舉 X509CertificateCollection 函數來查找所需的證書。
下面的代碼示例使用從 CertEnumCertificatesInStore 函數返回的集合中的第一個證書
方法 1
使用 x509 證書 類來讀取該證書從一個.cer 文件,然後設置 ClientCertificates 屬性。方法 2
使用 CryptoAPI 調用來獲得證書從證書存儲區,然後將 x509 證書 類設置爲您接收到來自證書存儲區的證書。然後,您可以設置ClientCertificates 屬性。發送客戶端證書的要求
在使用 ASP.NET 應用程序,請確保完成以下要求:- LOCAL_MACHINE 註冊表配置單元中,而不是在 CURRENT_USER 註冊表配置單元,必須安裝客戶端證書。若要確認客戶端證書的安裝位置,請按照下列步驟操作:
- 單擊 開始、 單擊 運行,鍵入 mmc,然後單擊 確定。
- 在 文件 菜單上單擊 添加/刪除管理單元。
- 在 添加/刪除管理單元 對話框中單擊 添加。
- 在 添加獨立管理單元 對話框中單擊 證書,然後單擊 添加。
- 在 證書管理單元 對話框中單擊 計算機帳戶,然後單擊 下一步
- 選擇計算機 對話框中單擊 完成。
- 在 添加獨立管理單元 對話框中單擊 關閉,然後單擊 確定。
- 展開 證書 (本地計算機),展開 個人,然後單擊 證書。
- 您必須授予 ASP.NET 用戶私人密鑰以便客戶端證書的帳戶權限。若要爲 ASP.NET 用戶帳戶權限的客戶端證書的私鑰,使用 $ WinHttpCertCfg.exe 工具。有關詳細的信息請單擊下面的文章編號,以查看 Microsoft 知識庫中相應的文章:
823193 (http://support.microsoft.com/kb/823193/ ) 如何獲得 Windows HTTP 5.1 證書和跟蹤工具有關如何使用此工具,請訪問下面的 Microsoft 開發人員網絡 (MSDN) 的網站的詳細信息:WinHttpCertCfg.exe,證書配置工具 http://msdn2.microsoft.com/en-us/library/aa384088.aspx (http://msdn2.microsoft.com/en-us/library/aa384088.aspx)
使用.cer 文件
方法 1 會更易於使用,但方法要求您擁有一個.cer 文件。如果您沒有安裝的.cer 文件,使用 Microsoft Internet 資源管理器導出.cer 文件。
下面的源代碼介紹如何獲取證書的.cer 文件可以使用與 HttpWebRequest class.
//Uncomment the following code if you need a proxy. The boolean true is used to bypass the local address.
//WebProxy proxyObject = new WebProxy("Your Proxy value",true);
//GlobalProxySelection.Select = proxyObject;
// Obtain the certificate.
try
{
//You must change the path to point to your .cer file location.
X509Certificate Cert = X509Certificate.CreateFromCertFile("C://mycert.cer");
// Handle any certificate errors on the certificate from the server.
ServicePointManager.CertificatePolicy = new CertPolicy();
// You must change the URL to point to your Web server.
HttpWebRequest Request = (HttpWebRequest)WebRequest.Create("https://YourServer/sample.asp");
Request.ClientCertificates.Add(Cert);
Request.UserAgent = "Client Cert Sample";
Request.Method = "GET";
HttpWebResponse Response = (HttpWebResponse)Request.GetResponse();
// Print the repsonse headers.
Console.WriteLine("{0}",Response.Headers);
Console.WriteLine();
// Get the certificate data.
StreamReader sr = new StreamReader(Response.GetResponseStream(), Encoding.Default);
int count;
char [] ReadBuf = new char[1024];
do
{
count = sr.Read(ReadBuf, 0, 1024);
if (0 != count)
{
Console.WriteLine(new string(ReadBuf));
}
}while(count > 0);
}
catch(Exception e)
{
Console.WriteLine(e.Message);
}
//Implement the ICertificatePolicy interface.
class CertPolicy: ICertificatePolicy
{
public bool CheckValidationResult(ServicePoint srvPoint,
X509Certificate certificate, WebRequest request, int certificateProblem)
{
// You can do your own certificate checking.
// You can obtain the error values from WinError.h.
// Return true so that any certificate will work with this sample.
return true;
}
}
//WebProxy proxyObject = new WebProxy("Your Proxy value",true);
//GlobalProxySelection.Select = proxyObject;
// Obtain the certificate.
try
{
//You must change the path to point to your .cer file location.
X509Certificate Cert = X509Certificate.CreateFromCertFile("C://mycert.cer");
// Handle any certificate errors on the certificate from the server.
ServicePointManager.CertificatePolicy = new CertPolicy();
// You must change the URL to point to your Web server.
HttpWebRequest Request = (HttpWebRequest)WebRequest.Create("https://YourServer/sample.asp");
Request.ClientCertificates.Add(Cert);
Request.UserAgent = "Client Cert Sample";
Request.Method = "GET";
HttpWebResponse Response = (HttpWebResponse)Request.GetResponse();
// Print the repsonse headers.
Console.WriteLine("{0}",Response.Headers);
Console.WriteLine();
// Get the certificate data.
StreamReader sr = new StreamReader(Response.GetResponseStream(), Encoding.Default);
int count;
char [] ReadBuf = new char[1024];
do
{
count = sr.Read(ReadBuf, 0, 1024);
if (0 != count)
{
Console.WriteLine(new string(ReadBuf));
}
}while(count > 0);
}
catch(Exception e)
{
Console.WriteLine(e.Message);
}
//Implement the ICertificatePolicy interface.
class CertPolicy: ICertificatePolicy
{
public bool CheckValidationResult(ServicePoint srvPoint,
X509Certificate certificate, WebRequest request, int certificateProblem)
{
// You can do your own certificate checking.
// You can obtain the error values from WinError.h.
// Return true so that any certificate will work with this sample.
return true;
}
}
使用 CryptoAPI 調用
如果您必須獲取該證書從證書存儲區,CryptoAPI 函數用於獲取該的證書,然後將其存儲在 x509 證書 的類對象。X509CertificateCollection 類枚舉存儲區中的所有證書,然後將其置於 X509CertificateCollection 類對象中。如果您要獲取某個特定證書,必須更改類代碼使用 CertFindCertificateInStore 函數獲取特定的證書。此函數被聲明 Wincrypt.h 文件中。 或者,您可以枚舉 X509CertificateCollection 函數來查找所需的證書。
下面的代碼示例使用從 CertEnumCertificatesInStore 函數返回的集合中的第一個證書
using System;
using System.Net;
using System.IO;
using System.Text;
using System.Security.Cryptography;
using System.Security.Cryptography.X509Certificates;
using System.Runtime.InteropServices;
namespace SelectClientCert
{
/// Sample that describes how how to select client cetificate and send it to the server.
class MyCerts{
private static int CERT_STORE_PROV_SYSTEM = 10;
private static int CERT_SYSTEM_STORE_CURRENT_USER = (1 << 16);
///private static int CERT_SYSTEM_STORE_LOCAL_MACHINE = (2 << 16);
[DllImport("CRYPT32", EntryPoint="CertOpenStore", CharSet=CharSet.Unicode, SetLastError=true)]
public static extern IntPtr CertOpenStore(
int storeProvider, int encodingType,
int hcryptProv, int flags, string pvPara);
[DllImport("CRYPT32", EntryPoint="CertEnumCertificatesInStore", CharSet=CharSet.Unicode, SetLastError=true)]
public static extern IntPtr CertEnumCertificatesInStore(
IntPtr storeProvider,
IntPtr prevCertContext);
[DllImport("CRYPT32", EntryPoint="CertCloseStore", CharSet=CharSet.Unicode, SetLastError=true)]
public static extern bool CertCloseStore(
IntPtr storeProvider,
int flags);
X509CertificateCollection m_certs;
public MyCerts(){
m_certs = new X509CertificateCollection();
}
public int Init()
{
IntPtr storeHandle;
storeHandle = CertOpenStore(CERT_STORE_PROV_SYSTEM, 0, 0, CERT_SYSTEM_STORE_CURRENT_USER, "MY");
IntPtr currentCertContext;
currentCertContext = CertEnumCertificatesInStore(storeHandle, (IntPtr)0);
int i = 0;
while (currentCertContext != (IntPtr)0)
{
m_certs.Insert(i++, new X509Certificate(currentCertContext));
currentCertContext = CertEnumCertificatesInStore(storeHandle, currentCertContext);
}
CertCloseStore(storeHandle, 0);
return m_certs.Count;
}
public X509Certificate this [int index]
{
get
{
// Check the index limits.
if (index < 0 || index > m_certs.Count)
return null;
else
return m_certs[index];
}
}
};
class MyHttpResource
{
String m_url;
public MyHttpResource(string url){
m_url = url;
}
public void GetFile(){
HttpWebResponse result = null;
try{
HttpWebRequest req = (HttpWebRequest)WebRequest.Create(m_url);
req.Credentials = CredentialCache.DefaultCredentials;
///Method1
//req.ClientCertificates.Add(X509Certificate.CreateFromCertFile("D://Temp//cert//c1.cer"));
///Method2
///Uses interop services
MyCerts mycert = new MyCerts();
if(mycert.Init() > 0)
req.ClientCertificates.Add(mycert[0]);
result = (HttpWebResponse)req.GetResponse();
Stream ReceiveStream = result.GetResponseStream();
Encoding encode = System.Text.Encoding.GetEncoding("utf-8");
StreamReader sr = new StreamReader( ReceiveStream, encode );
Console.WriteLine("/r/nResponse stream received");
Char[] read = new Char[256];
int count = sr.Read( read, 0, 256 );
Console.WriteLine("HTTP Response.../r/n");
while (count > 0)
{
String str = new String(read, 0, count);
Console.Write(str);
count = sr.Read(read, 0, 256);
}
}
catch(WebException e)
{
Console.WriteLine("/r/nError:");
#if (DEBUG)
Console.WriteLine(e.ToString());
#else
Console.WriteLine(e.Message);
#endif
}
finally
{
if ( result != null ) {
result.Close();
}
}
}
}
class CertSample
{
static void Main(string[] args)
{
try
{
if (args.Length < 1)
{
Console.WriteLine("No url is entered to download, returning./n");
Console.WriteLine("Usage: CertSample <urltoget>/n");
Console.WriteLine(" e.g: CertSample https://servername /n");
return;
}
MyHttpResource hr = new MyHttpResource(args[0]);
hr.GetFile();
}
catch(Exception e)
{
Console.WriteLine(e.ToString());
}
return;
}
}
}
using System.Net;
using System.IO;
using System.Text;
using System.Security.Cryptography;
using System.Security.Cryptography.X509Certificates;
using System.Runtime.InteropServices;
namespace SelectClientCert
{
/// Sample that describes how how to select client cetificate and send it to the server.
class MyCerts{
private static int CERT_STORE_PROV_SYSTEM = 10;
private static int CERT_SYSTEM_STORE_CURRENT_USER = (1 << 16);
///private static int CERT_SYSTEM_STORE_LOCAL_MACHINE = (2 << 16);
[DllImport("CRYPT32", EntryPoint="CertOpenStore", CharSet=CharSet.Unicode, SetLastError=true)]
public static extern IntPtr CertOpenStore(
int storeProvider, int encodingType,
int hcryptProv, int flags, string pvPara);
[DllImport("CRYPT32", EntryPoint="CertEnumCertificatesInStore", CharSet=CharSet.Unicode, SetLastError=true)]
public static extern IntPtr CertEnumCertificatesInStore(
IntPtr storeProvider,
IntPtr prevCertContext);
[DllImport("CRYPT32", EntryPoint="CertCloseStore", CharSet=CharSet.Unicode, SetLastError=true)]
public static extern bool CertCloseStore(
IntPtr storeProvider,
int flags);
X509CertificateCollection m_certs;
public MyCerts(){
m_certs = new X509CertificateCollection();
}
public int Init()
{
IntPtr storeHandle;
storeHandle = CertOpenStore(CERT_STORE_PROV_SYSTEM, 0, 0, CERT_SYSTEM_STORE_CURRENT_USER, "MY");
IntPtr currentCertContext;
currentCertContext = CertEnumCertificatesInStore(storeHandle, (IntPtr)0);
int i = 0;
while (currentCertContext != (IntPtr)0)
{
m_certs.Insert(i++, new X509Certificate(currentCertContext));
currentCertContext = CertEnumCertificatesInStore(storeHandle, currentCertContext);
}
CertCloseStore(storeHandle, 0);
return m_certs.Count;
}
public X509Certificate this [int index]
{
get
{
// Check the index limits.
if (index < 0 || index > m_certs.Count)
return null;
else
return m_certs[index];
}
}
};
class MyHttpResource
{
String m_url;
public MyHttpResource(string url){
m_url = url;
}
public void GetFile(){
HttpWebResponse result = null;
try{
HttpWebRequest req = (HttpWebRequest)WebRequest.Create(m_url);
req.Credentials = CredentialCache.DefaultCredentials;
///Method1
//req.ClientCertificates.Add(X509Certificate.CreateFromCertFile("D://Temp//cert//c1.cer"));
///Method2
///Uses interop services
MyCerts mycert = new MyCerts();
if(mycert.Init() > 0)
req.ClientCertificates.Add(mycert[0]);
result = (HttpWebResponse)req.GetResponse();
Stream ReceiveStream = result.GetResponseStream();
Encoding encode = System.Text.Encoding.GetEncoding("utf-8");
StreamReader sr = new StreamReader( ReceiveStream, encode );
Console.WriteLine("/r/nResponse stream received");
Char[] read = new Char[256];
int count = sr.Read( read, 0, 256 );
Console.WriteLine("HTTP Response.../r/n");
while (count > 0)
{
String str = new String(read, 0, count);
Console.Write(str);
count = sr.Read(read, 0, 256);
}
}
catch(WebException e)
{
Console.WriteLine("/r/nError:");
#if (DEBUG)
Console.WriteLine(e.ToString());
#else
Console.WriteLine(e.Message);
#endif
}
finally
{
if ( result != null ) {
result.Close();
}
}
}
}
class CertSample
{
static void Main(string[] args)
{
try
{
if (args.Length < 1)
{
Console.WriteLine("No url is entered to download, returning./n");
Console.WriteLine("Usage: CertSample <urltoget>/n");
Console.WriteLine(" e.g: CertSample https://servername /n");
return;
}
MyHttpResource hr = new MyHttpResource(args[0]);
hr.GetFile();
}
catch(Exception e)
{
Console.WriteLine(e.ToString());
}
return;
}
}
}
有關更多的信息,請訪問下面的 Microsoft 開發人員網絡 (MSDN) 的網站:
x509 證書類
http://msdn2.microsoft.com/en-us/library/system.security.cryptography.x509certificates.x509certificate(vs.71).aspx(http://msdn2.microsoft.com/en-us/library/system.security.cryptography.x509certificates.x509certificate(vs.71).aspx)
http://msdn2.microsoft.com/en-us/library/system.security.cryptography.x509certificates.x509certificate(vs.71).aspx(http://msdn2.microsoft.com/en-us/library/system.security.cryptography.x509certificates.x509certificate(vs.71).aspx)
