【发布时间】:2019-02-03 09:34:48
【问题描述】:
我已经查看了这些问题及其答案:
How do I create client certificates for local testing of two-way authentication over SSL?
Invalid provider type specified. CryptographicException
还有第二个问题引用的这个博客。
我怀疑证书颁发者有问题,但我可能错了。
前言
我是身份验证的新手(您可以将其视为白痴)。当前项目是将使用 Visual Studio 2013 .Net 4.5.1 编写的现有网站和 Web 应用程序升级到 Visual Studio 2017 2017 .Net 版本 4.6.1,以满足新消息代理的要求。
环境
视窗 10
Visual Studio 2017 (15.8.1)
IIS 10
微软 SQL Server 2017
问题描述
用 C# 编写的 Web 服务器在身份验证期间抛出此错误
{"IDX10614: AsymmetricSecurityKey.GetSignatureFormater( 'http://www.w3.org/2001/04/xmldsig-more#rsa-sha256' ) threw an exception.
Key:
'System.IdentityModel.Tokens.X509AsymmetricSecurityKey'\nSignatureAlgorithm: 'http://www.w3.org/2001/04/xmldsig-more#rsa-sha256', check to make sure the SignatureAlgorithm is supported.\nException:'System.Security.Cryptography.CryptographicException: Invalid provider type specified.
at System.Security.Cryptography.Utils.CreateProvHandle(CspParameters parameters, Boolean randomKeyContainer)
at System.Security.Cryptography.Utils.GetKeyPairHelper(CspAlgorithmType keyType, CspParameters parameters, Boolean randomKeyContainer, Int32 dwKeySize, SafeProvHandle& safeProvHandle, SafeKeyHandle& safeKeyHandle)\r\n at System.Security.Cryptography.RSACryptoServiceProvider.GetKeyPair()
at System.Security.Cryptography.RSACryptoServiceProvider..ctor(Int32 dwKeySize, CspParameters parameters, Boolean useDefaultKeySize)
at System.Security.Cryptography.X509Certificates.X509Certificate2.get_PrivateKey()
at System.IdentityModel.Tokens.X509AsymmetricSecurityKey.get_PrivateKey()\r\n at System.IdentityModel.Tokens.X509AsymmetricSecurityKey.GetSignatureFormatter(String algorithm)
at System.IdentityModel.Tokens.AsymmetricSignatureProvider..ctor(AsymmetricSecurityKey key, String algorithm, Boolean willCreateSignatures)'.
If you only need to verify signatures the parameter 'willBeUseForSigning' should be false if the private key is not be available."}
采取的步骤
最初没有要检查的证书,因此产生了不同的错误。
在以管理员身份运行的 PowerShell 中
New-SelfSignedCertificate -Subject "CN= XxxxxxxXXCA" -DnsName "localhost" -FriendlyName "XxxxxxxXXCA" -KeyUsage DigitalSignature -KeyUsageProperty ALL -KeyAlgorithm RSA -KeyLength 2048 -CertStoreLocation "Cert:\CurrentUser\My"
启动 MMC
将创建的证书复制到本地机器个人
将证书复制到本地机器受信任的根证书颁发机构
将证书复制到本地机器受信任的发布者
在 IIS 中启动网站
在 Visual Studio 2017 中运行 Web 服务器
使用高级 REST 客户端 (ARC) 从客户端向服务器发送登录请求。
在下面的代码中浏览 Visual Studio 2017 调试器中的身份验证代码:
在return语句中抛出异常。
public string GenerateToken(string email)
{
X509Store store = new X509Store(StoreLocation.LocalMachine);
store.Open(OpenFlags.ReadOnly);
var certs = store.Certificates;
X509Certificate2 signingCert =
certs.Cast<X509Certificate2>().FirstOrDefault(cert => cert.FriendlyName == "XxxxxxxXXCA");
SigningCredentials signingCredentials = new X509SigningCredentials(signingCert);
var tokenHandler = new JwtSecurityTokenHandler();
var now = DateTime.UtcNow;
var customer = _customerService.GetCustomerByEmail(email);
var emailClaim = new Claim(ClaimTypes.Email, customer.Email, ClaimValueTypes.String);
var userIdClaim = new Claim(ClaimTypes.NameIdentifier, customer.Id.ToString(), ClaimValueTypes.Integer);
var roleClaim = new Claim(ClaimTypes.Role, "customer", ClaimValueTypes.String);
var claimsList = new List<Claim> { emailClaim, userIdClaim, roleClaim };
var tokenDescriptor = new SecurityTokenDescriptor()
{
AppliesToAddress = "http://localhost/api",
SigningCredentials = signingCredentials,
TokenIssuerName = "http://localhost",
Lifetime = new Lifetime(now, now.AddDays(30)),
//Lifetime = new Lifetime(now, now.AddDays(1)),
Subject = new ClaimsIdentity(claimsList)
};
store.Close();
return tokenHandler.WriteToken(tokenHandler.CreateToken(tokenDescriptor));
}
【问题讨论】:
标签: c# visual-studio authentication iis x509certificate