大佬教程收集整理的这篇文章主要介绍了客户端认证通过X509证书在asp.net,大佬教程大佬觉得挺不错的,现在分享给大家,也给大家做个参考。
<add key="ClientCertificateIssuerThumbprints" value="4901f5b87d736cd88792bd5ef7caee91bf7d1a2b,0113e31aa85d7fb02740a1257f8bfa534fb8549e,c9321de6b5a82666cf6971a18a56f2d3a8675602"/>@H_801_2@步骤3:创建一个经典的用户名/密码登录页面。验证用户名/密码。 @H_801_2@步骤4:将以下代码添加到您的登录页面:
var x509 = new X509Certificate2(this.request.ClientCertificate.CertificatE); var chain = new X509Chain(true); chain.ChainPolicy.RevocationMode = X509RevocationMode.offline; chain.build(x509); var validThumbprints = new HashSet<String>( System.Configuration.ConfigurationManager.AppSetTings["ClientCertificateIssuerThumbprints"] .replace(" ","").Split(',',';'),StringComparer.ordinalIgnoreCasE); // if the certificate is self-signed,verify itself. for (int i = chain.ChainElements.Count > 1 ? 1 : 0; i < chain.ChainElements.Count; i++) { if (!validThumbprints.Contains(chain.ChainElements[i].Certificate.Thumbprint)) throw new UnauthorizedAccessException("The client certificate SELEcted is not authorized for this system. Please restart the browser and pick the certificate issued by XXXXX"); } // certificate Subject would contain some identifier of the user (an id number,SIN number or anything else uniquE). here it is assumed that it contains the login name and nothing else if (!String.Equals("CN=" + login,x509.Subject,StringComparison.ordinalIgnoreCasE)) throw new UnauthorizedAccessException("The client certificate SELEcted is authorized for another user. Please restart the browser and pick another certificate.");@H_801_2@只有当密码和证书都已经被检查时,才允许用户在系统中被允许。
以上是大佬教程为你收集整理的客户端认证通过X509证书在asp.net全部内容,希望文章能够帮你解决客户端认证通过X509证书在asp.net所遇到的程序开发问题。
如果觉得大佬教程网站内容还不错,欢迎将大佬教程推荐给程序员好友。
本图文内容来源于网友网络收集整理提供,作为学习参考使用,版权属于原作者。
如您有任何意见或建议可联系处理。小编QQ:384754419,请注明来意。