如何使用自托管 ASP.NET Core 2 应用程序 (httpsys) 进行 HTTPS (SSL)

How to HTTPS (SSL) with self-hosted ASP.NET Core 2 app (httpsys)(如何使用自托管 ASP.NET Core 2 应用程序 (httpsys) 进行 HTTPS (SSL))

本文介绍了如何使用自托管 ASP.NET Core 2 应用程序 (httpsys) 进行 HTTPS (SSL)的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

我写了一个小的 ASP.NET Core 2 应用程序.它作为服务运行,因此没有 IIS.它在装有 Windows 7 SP1 的 PC 上运行.

var host = WebHost.CreateDefaultBuilder(args).UseContentRoot(pathToContentRoot).UseHttpSys(选项 =>{options.Authentication.Schemes = AuthenticationSchemes.None;options.Authentication.AllowAnonymous = true;选项.MaxConnections = null;选项.MaxRequestBodySize = 30000000;options.UrlPrefixes.Add("http://*:5050");}).UseStartup<启动>().UseApplicationInsights().建造();如果(是服务){主机.RunAsService();}别的{主机.运行();}

如您所见,我想在端口 5050 上监听.没有 SSL 也可以正常工作.

我的问题是,如何为我的应用程序启用 https?再次:没有 IIS,没有域名(没有互联网连接).通信只是在内部网络内部,所以我想使用自签名证书.

我阅读了文档(HTTP.sys 文档;Netsh 命令;New-SelfSignedCertificate),但我的情况总是有所不同(他们使用 Krestel,或者是使用 IIS).另外,我不知道如何为我的应用程序获取 App-ID(netsh 需要).我试过这个:StackOverflow 获取 GUID 但它不起作用.

var assembly = typeof(Program).Assembly;//以下行产生:System.IndexOutOfRangeExceptionvar 属性 = (GuidAttribute)assembly.GetCustomAttributes(typeof(GuidAttribute), true)[0];var id = 属性值;Console.WriteLine(id);

所以我对所有的可能性和不同的配置有点困惑.而且文档没有考虑我的具体情况.

我创建了一个证书,我想我需要将它存储在我的"商店中.(那在哪里?cert:LocalMachineMy)然后我需要为其分配我的 Applicaion ID 和端口.

但我不知道该怎么做.有人可以帮忙吗?

解决方案

所以我通过以下方式解决问题:

首先,如果您想知道自己的 GUID,您将通过以下代码获得它:

var id = typeof(RuntimeEnvironment).GetTypeInfo().Assembly.GetCustomAttribute().Value;

创建自签名证书

现在创建一个 SelfSigned-Certificate(如果您已经获得或购买了,请跳过此步骤)

  1. 运行以下 OpenSSL 命令以生成您的私钥和公共证书.回答问题并在出现提示时输入通用名称.

<块引用>

openssl req -newkey rsa:2048 -nodes -keyout key.pem -x509 -days 365 -out certificate.pem

  1. 将您的密钥和证书组合到一个 PKCS#12 (P12) 捆绑包中:

<块引用>

openssl pkcs12 -inkey key.pem -in certificate.pem -export -out certificate.p12

在客户端安装证书:

对于 Windows 8 及更高版本:

使用 PowerShell

将证书添加到 Windows Cert Store<块引用>

PS C:> $certpwd = ConvertTo-SecureString -String "passwort" -Force –AsPlainText

PS C:> Import-PfxCertificate –FilePath D:datacertcertificate.p12 cert:localMachinemy -Password $certpwd

获取证书的指纹(哈希)

<块引用>

PS C:WINDOWSsystem32> dir Cert:LocalMachinemy

安装证书(用您的值替换哈希、IP 和端口)

<块引用>

PS C:WINDOWSsystem32> $guid = [guid]::NewGuid()

PS C:WINDOWSsystem32> $certHash =A1D...B672E"

PS C:WINDOWSsystem32> $ip = "0.0.0.0"

PS C:WINDOWSsystem32> $port = "5050"

PS C:WINDOWSsystem32> "http 添加 sslcert ipport=$($ip):$portcertash=$certHash appid={$guid}" | netsh

你已经完成了.

适用于 Windows 7

将证书添加到 Windows 证书存储(注意:此操作使用 .pem 文件,因为 certutil 似乎不支持 .p12 文件)

<块引用>

.certutil.exe -addstore -enterprise -f "Root" C:lwecertcertificate.pem

如果他的行抛出以下错误:

<块引用>

SSL 证书添加失败,错误 1312指定的登录会话不存在.它可能已经被终止了.

您必须手动执行这些步骤(手动执行时请插入 .p12 文件,而不是 .pem):

运行 mmc.exe

  • 转到文件-> 添加/删除管理单元

  • 选择证书管理单元.

  • 选择计算机帐户

  • 导航至:证书(本地计算机)个人证书

  • 右键单击证书文件夹并选择所有任务 -> 导入.

  • 按照向导说明选择证书.确保在向导期间选中导出复选框.

要获取您证书的哈希值,请运行 Internet Explorer,按 Alt + X 并转到 Internet 选项 -> 内容 -> 证书.搜索您的证书并读取哈希值.

现在您可以运行与 Windows 8+ 相同的命令:

安装证书(用您的值替换哈希、IP 和端口)

<块引用>

PS C:WINDOWSsystem32> $guid = [guid]::NewGuid()

PS C:WINDOWSsystem32> $certHash =A1D...B672E"

PS C:WINDOWSsystem32> $ip = "0.0.0.0"

PS C:WINDOWSsystem32> $port = "5050"

PS C:WINDOWSsystem32> "http 添加 sslcert ipport=$($ip):$portcertash=$certHash appid={$guid}" | netsh

编辑您的代码

毕竟,您必须将 UrlPrefixes 设置为 https.因此,在您的 Program.cs 文件中,您需要:

var host = WebHost.CreateDefaultBuilder(args).UseContentRoot(pathToContentRoot).UseHttpSys(选项 =>{options.Authentication.Schemes = AuthenticationSchemes.None;options.Authentication.AllowAnonymous = true;选项.MaxConnections = null;选项.MaxRequestBodySize = 30000000;options.UrlPrefixes.Add("https://*:5050");}).UseStartup<启动>().UseApplicationInsights().建造();

I wrote a little ASP.NET Core 2 application. It runs as a service, so no IIS. It runs on a PC with Windows 7 SP1.

var host = WebHost.CreateDefaultBuilder(args)
            .UseContentRoot(pathToContentRoot)
            .UseHttpSys(options =>
            {
                options.Authentication.Schemes = AuthenticationSchemes.None;
                options.Authentication.AllowAnonymous = true;
                options.MaxConnections = null;
                options.MaxRequestBodySize = 30000000;
                options.UrlPrefixes.Add("http://*:5050");
            })
            .UseStartup<Startup>()
            .UseApplicationInsights()
            .Build();

if (isService)
{
    host.RunAsService();
}
else
{
    host.Run();
} 

As you can see, I want to listen on port 5050. This is working fine without SSL.

My question is, how can I enable https for my application? Again: No IIS, no Domain-Name (no internet connection). Communication is just inside the internal network, so I want to use a self-signed certificate.

I read the documentation (HTTP.sys documentation;Netsh Commands;New-SelfSignedCertificate), but there is always something different to my situation (they use Krestel, or it is for using IIS). Also, I dont know how to get the App-ID (needed for netsh) for my Application. I tryed this: StackOverflow Get GUID but it doesn't work.

var assembly = typeof(Program).Assembly;

// following line produces: System.IndexOutOfRangeException
var attribute = (GuidAttribute)assembly.GetCustomAttributes(typeof(GuidAttribute), true)[0];

var id = attribute.Value;
Console.WriteLine(id);

So I am a bit confused about all the possabilitys and different configurations. And the docs don't consider my specific case.

I created a certificate, and I guess I need to store it on the "my" Store. (Where is that? cert:LocalMachineMy) And then I need to assign my Applicaion ID and Port to it.

But I have no idea how to do that exactly. Can anyone help?

解决方案

So I solve the problem in the following way:

First, if you want to know your own GUID, you will get it with the following code:

var id = typeof(RuntimeEnvironment).GetTypeInfo().Assembly.GetCustomAttribute<GuidAttribute>().Value;

Create a SelfSigned Certificate

Now create a SelfSigned-Certificate (Skip this if you already got one, or purchased one)

  1. Run the following OpenSSL command to generate your private key and public certificate. Answer the questions and enter the Common Name when prompted.

openssl req -newkey rsa:2048 -nodes -keyout key.pem -x509 -days 365 -out certificate.pem

  1. Combine your key and certificate in a PKCS#12 (P12) bundle:

openssl pkcs12 -inkey key.pem -in certificate.pem -export -out certificate.p12

Install the certificate on the client:

For Windows 8 and higher:

Add Certificate to Windows Cert Store with PowerShell

PS C:> $certpwd = ConvertTo-SecureString -String "passwort" -Force –AsPlainText

PS C:> Import-PfxCertificate –FilePath D:datacertcertificate.p12 cert:localMachinemy -Password $certpwd

Get Fingerprint (Hash) of certificate

PS C:WINDOWSsystem32> dir Cert:LocalMachinemy

Install certificate (replace Hash, IP and Port with your values)

PS C:WINDOWSsystem32> $guid = [guid]::NewGuid()

PS C:WINDOWSsystem32> $certHash = "A1D...B672E"

PS C:WINDOWSsystem32> $ip = "0.0.0.0"

PS C:WINDOWSsystem32> $port = "5050"

PS C:WINDOWSsystem32> "http add sslcert ipport=$($ip):$port certhash=$certHash appid={$guid}" | netsh

You are done.

For Windows 7

Add Certificate to Windows Cert Store (note: use .pem file for this operation, because .p12 file seems to be not supported from certutil)

.certutil.exe -addstore -enterprise -f "Root" C:lwecertcertificate.pem

If his line throws the following error:

SSL Certificate add failed, Error 1312 A specified logon session does not exist. It may already have been terminated.

You have to do the steps manually (please insert the .p12 file when doing it manually, not .pem) :

Run mmc.exe

  • Go to File-> Add/Remove Snap-In

  • Choose the Certificates snap-in.

  • Select Computer Account

  • Navigate to: Certificates (Local Computer)PersonalCertificates

  • Right click the Certificates folder and choose All Tasks -> Import.

  • Follow the wizard instructions to select the certificate. Be sure you check the export checkbox during wizard.

To get the hash of yor certificate, run the Internet Explorer, press Alt + X and go to Internet Options -> Content -> Certificates. Search your certificate and read the hash.

Now you can run the same commands as for Windows 8+:

Install certificate (replace Hash, IP and Port with your values)

PS C:WINDOWSsystem32> $guid = [guid]::NewGuid()

PS C:WINDOWSsystem32> $certHash = "A1D...B672E"

PS C:WINDOWSsystem32> $ip = "0.0.0.0"

PS C:WINDOWSsystem32> $port = "5050"

PS C:WINDOWSsystem32> "http add sslcert ipport=$($ip):$port certhash=$certHash appid={$guid}" | netsh

Edit your Code

After all, you have to set the UrlPrefixes to https. So in your Program.cs file you need to have:

var host = WebHost.CreateDefaultBuilder(args)
            .UseContentRoot(pathToContentRoot)
            .UseHttpSys(options =>
            {
                options.Authentication.Schemes = AuthenticationSchemes.None;
                options.Authentication.AllowAnonymous = true;
                options.MaxConnections = null;
                options.MaxRequestBodySize = 30000000;
                options.UrlPrefixes.Add("https://*:5050");
            })
            .UseStartup<Startup>()
            .UseApplicationInsights()
            .Build();

这篇关于如何使用自托管 ASP.NET Core 2 应用程序 (httpsys) 进行 HTTPS (SSL)的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持编程学习网!

本文标题为:如何使用自托管 ASP.NET Core 2 应用程序 (httpsys) 进行 HTTPS (SSL)

基础教程推荐