如果 SSL 证书不能在 IIS 中工作，但在本地工作，我该怎么办

Question

我有两个项目：Web Api（背面）和 MVC（正面）。 Web Api(back) 有一个使用 SSL 证书的方法。如果在本地运行 Web Api(back)，则该方法有效，但如果在 IIS 中运行 Web Api(back) 并将 MVC(front) 中的 post 发送到该方法，则它会捕获一个错误“发生一个或多个错误” . （无法建立 SSL 连接，请参阅内部异常。）。 Web API（返回）代码

public decimal GetIdentification(IdentificationModel identification, int key)
    {
        try
        { 
        var handler = new HttpClientHandler();
        var path = Path.Combine(AppDomain.CurrentDomain.BaseDirectory,"cert\\hgg.p12");
        handler.ClientCertificates.Add(new X509Certificate2(path, _certPassword));

        using (var httpClient = new HttpClient(handler))
        {
            using (var request = new HttpRequestMessage(new HttpMethod("POST"), _identityUrl + "iin=" + identification.IIN + "&vendor=" + _vendor))
            {
                string token = GetToken();
                request.Headers.TryAddWithoutValidation("Authorization", "Bearer " + token);
                request.Headers.TryAddWithoutValidation("x-idempotency-key", "key:" + "hggKey-" + key);
                request.Method = new HttpMethod("POST");
                //request.Content = new StringContent(identification.Photo);
                request.Content = new StreamContent(new MemoryStream(Convert.FromBase64String(identification.Photo)));
                request.Content.Headers.ContentType = MediaTypeHeaderValue.Parse("image/png");

                var response = httpClient.SendAsync(request);
                string data = response.Result.Content.ReadAsStringAsync().Result;
                return JsonConvert.DeserializeObject<dynamic>(data).result;
            }
        }
        }
        catch (Exception e)
        {
            throw new Exception("GetIdentification" + e.Message);
        }
    }
    public string GetToken()
    {
        var handler = new HttpClientHandler();
        var path = Path.Combine(AppDomain.CurrentDomain.BaseDirectory, "cert\\hgg.p12");
        handler.ClientCertificates.Add(new X509Certificate2(path, _certPassword));
        try
        {
            

            using (var httpClient = new HttpClient(handler))
            {
                using (var request = new HttpRequestMessage(new HttpMethod("POST"), _tokenUrl))
                {
                    request.Headers.TryAddWithoutValidation("Authorization", "Basic " + _token);
                    request.Method = new HttpMethod("POST");
                    request.Content = new StringContent("grant_type=password&username=" + _username + "&password=" + _password + "&scope=identkey");
                    request.Content.Headers.ContentType = MediaTypeHeaderValue.Parse("application/x-www-form-urlencoded");

                    var response = httpClient.SendAsync(request);

                    return JsonConvert.DeserializeObject<dynamic>(response.Result.Content.ReadAsStringAsync().Result).access_token;
                }
            }
        }
        catch(Exception e)
        {
            throw new Exception("GetToken" + e.Message + path + " " +_certPassword);
        }
    }
}

MVC（前）

public string Identity(RequestClass<IdentificationModel> request)
    {            
        ResponseClass<decimal> response = new ResponseClass<decimal>();
        using (var httpClient = new HttpClient())
        {
            var json = JsonConvert.SerializeObject(request);
            var data = new StringContent(json, Encoding.UTF8, "application/json");
            var httpResponse =
                    httpClient.PostAsync(_apiUrl + $"Identification", data).Result;
            string responseContent = httpResponse.Content.ReadAsStringAsync().Result;
            
            return responseContent;
        }
    }

Answer 1

ApplicationPoolIdentity 没有 certmgr.msc 的权限