个人中心
文章发布
退出
作者热门文章
- html - 出于某种原因,IE8 对我的 Sass 文件中继承的 html5 CSS 不友好?
- JMeter 在响应断言中使用 span 标签的问题
- html - 在 :hover and :active? 上具有不同效果的 CSS 动画
- html - 相对于居中的 html 内容固定的 CSS 重复背景?
25
4
我编写了以下 azure 函数..(问题的快速和简短版本)
using System;
using System.Net;
using System.Net.Http;
using System.Threading.Tasks;
using Microsoft.Azure.WebJobs;
using Microsoft.Azure.WebJobs.Extensions.Http;
using Microsoft.Azure.WebJobs.Host;
namespace GranadaCoder.AzurePoc.AzureFunctionsOne
{
public static class ClientCertificateTest
{
[FunctionName("ClientCertificateTestFunctionName")]
public static async Task<HttpResponseMessage> Run([HttpTrigger(AuthorizationLevel.Function, "post", Route = null)]HttpRequestMessage req, TraceWriter log)
{
try
{
System.Security.Cryptography.X509Certificates.X509Certificate2 cert = req.GetClientCertificate();
X509Certificate2 headerCert = null;
System.Net.Http.Headers.HttpRequestHeaders headers = req.Headers;
if (headers.Any(x => x.Key.Equals("X-ARR-ClientCert", StringComparison.OrdinalIgnoreCase)))
{
IEnumerable<string> headerValues = headers.GetValues("X-ARR-ClientCert");
if (null != headerValues)
{
var certHeader = headerValues.FirstOrDefault();
byte[] clientCertBytes = Convert.FromBase64String(certHeader);
headerCert = new X509Certificate2(clientCertBytes);
}
}
string msg = (null == cert ? "NO CERT :(" : string.Format("We got a cert! '{0}'", cert.Subject)) + " " + (null == headerCert ? "NO headerCert :(" : string.Format("We got a headerCert! '{0}'", headerCert.Subject));
HttpContent content = req.Content;
string contentString = content.ReadAsStringAsync().Result;
msg += String.IsNullOrEmpty(contentString) ? ", no content" : ", " + contentString;
return req.CreateResponse(HttpStatusCode.OK, msg);
}
catch (Exception ex)
{
string errorMsg = ex.Message; // ExceptionHelper.GenerateFullFlatMessage(ex);
log.Error(errorMsg);
return req.CreateResponse(HttpStatusCode.BadRequest, errorMsg);
}
}
}
}
我编写了以下“客户端”代码。
using System;
using System.Collections.Generic;
using System.IO;
using System.Linq;
using System.Net;
using System.Net.Http;
using System.Security.Cryptography.X509Certificates;
using System.Text;
using System.Threading.Tasks;
namespace GranadaCoder.SendWebRequests.ConsoleOne
{
class Program
{
static void Main(string[] args)
{
try
{
Console.WriteLine("START : {0}", System.Diagnostics.Process.GetCurrentProcess().ProcessName);
X509Certificate2 clientCert = GetClientCertificate("MySelfSignedCertificatePrivateKeyVersion");
WebRequestHandler requestHandler = new WebRequestHandler();
requestHandler.ClientCertificates.Add(clientCert);
HttpClient client = new HttpClient(requestHandler)
{
BaseAddress = new Uri("http://localhost:7071/")
};
var pairs = new List<KeyValuePair<string, string>>
{
new KeyValuePair<string, string>("login", "abc")
};
var postContent = new FormUrlEncodedContent(pairs);
HttpResponseMessage hrm = client.PostAsync("api/ClientCertificateTestFunctionName", postContent).Result;
hrm.EnsureSuccessStatusCode();
if (hrm.IsSuccessStatusCode)
{
}
HttpContent content = hrm.Content;
string contentString = content.ReadAsStringAsync().Result;
Console.WriteLine(hrm);
Console.WriteLine(contentString);
}
catch(Exception ex)
{
string errorMsg = GenerateFullFlatMessage(ex, true);
Console.WriteLine(errorMsg);
}
Console.WriteLine("END : {0}", System.Diagnostics.Process.GetCurrentProcess().ProcessName);
Console.WriteLine(string.Empty);
Console.WriteLine("Press ENTER to exit");
Console.ReadLine();
}
private static X509Certificate2 GetClientCertificate(string subjectName)
{
X509Store userCaStore = new X509Store(StoreName.My, StoreLocation.LocalMachine);
try
{
userCaStore.Open(OpenFlags.ReadOnly);
X509Certificate2Collection certificatesInStore = userCaStore.Certificates;
X509Certificate2Collection findResult = certificatesInStore.Find(X509FindType.FindBySubjectName, subjectName, true);
X509Certificate2 clientCertificate = null;
if (findResult.Count == 1)
{
clientCertificate = findResult[0];
}
else
{
throw new Exception("Unable to locate the correct client certificate.");
}
return clientCertificate;
}
catch
{
throw;
}
finally
{
userCaStore.Close();
}
}
private static string GenerateFullFlatMessage(Exception ex, bool showStackTrace)
{
string returnValue;
StringBuilder sb = new StringBuilder();
Exception nestedEx = ex;
while (nestedEx != null)
{
if (!string.IsNullOrEmpty(nestedEx.Message))
{
sb.Append(nestedEx.Message + System.Environment.NewLine);
}
if (showStackTrace && !string.IsNullOrEmpty(nestedEx.StackTrace))
{
sb.Append(nestedEx.StackTrace + System.Environment.NewLine);
}
nestedEx = nestedEx.InnerException;
}
returnValue = sb.ToString();
return returnValue;
}
}
}
客户端代码正确获取证书。 MySelfSignedCertificatePrivateKeyVersion 是自签名的,它具有私钥。签署此自签名证书的 CA 位于我的信任根颁发机构中。
Azure Function 看不到客户端证书。
我的客户回复是:
“无 CERT :(,login=abc”
为什么 HttpRequestMessage.GetClientCertificate() 失败?
我知道有些东西正在工作,因为我在 azure 函数和响应上看到了“abc”。
请注意,我正在 Visual Studio 2017 中以 Debug模式运行我的 azure 函数。
附加:
根据 Tom-Sun 的回答,当该函数存在于 azure 中时,我能够使其工作。
这是我稍微修改过的客户端代码。
using System;
using System.Collections.Generic;
using System.IO;
using System.Linq;
using System.Net;
using System.Net.Http;
using System.Security.Cryptography.X509Certificates;
using System.Text;
using System.Threading.Tasks;
namespace GranadaCoder.SendWebRequests.ConsoleOne
{
class Program
{
static void Main(string[] args)
{
try
{
////ServicePointManager.SecurityProtocol = SecurityProtocolType.Ssl3 | SecurityProtocolType.Tls | SecurityProtocolType.Tls11 | SecurityProtocolType.Tls12;
/////////* Use the below to debug failed verification. */
////////ServicePointManager.ServerCertificateValidationCallback =
//////// new System.Net.Security.RemoteCertificateValidationCallback((
//////// sender,
//////// cert,
//////// chain,
//////// ssl) =>
////////{
//////// Console.WriteLine("ServerCertificateValidationCallback for Cert.Subject : '{0}'", cert.Subject);
//////// System.Net.HttpWebRequest hwr = sender as System.Net.HttpWebRequest;
//////// if (null != hwr)
//////// {
//////// SecurityShower.ShowHttpWebRequest(hwr);
//////// }
//////// //SecurityShower.ShowCertAndChain(cert, chain);
//////// return true;
////////});
Console.WriteLine("START : {0}", System.Diagnostics.Process.GetCurrentProcess().ProcessName);
/* the kind of cert matters this one works, this kind of certificate worked
X509Extension.X509KeyUsageExtension.KeyUsages = 'CrlSign, KeyCertSign' */
string thumbPrint = "0123456789012345678901234567890123456789";
/* certicate that would not work */
/*X509Extension.X509KeyUsageExtension.KeyUsages = 'KeyEncipherment, DigitalSignature' */
//thumbPrint = "1234567890123456789012345678901234567890";
X509Certificate2 clientCert = GetClientCertificate(thumbPrint);
WebRequestHandler requestHandler = new WebRequestHandler();
requestHandler.ClientCertificates.Add(clientCert);
/* local not working */
string baseUrl = "http://localhost:7071/";
string suffixUrl = "api/ClientCertificateTestFunctionName";
/* remote (azure published */
baseUrl = "https://yourFunctionNameHere.azurewebsites.net/";
suffixUrl = "api/ClientCertificateTestFunctionName";
/* some vodoo to create the queryString, the "code" value is gotten via the azure-portal "Get function URL" while on the properties page of the azure function... NOTE, I had to get this value before I change clientCertEnabled to true (aka, when it was clientCertEnabled was false) after I changed clientCertEnabled to true, the "extra" querystring of the azure function was not showing */
var builder = new UriBuilder("http://www.wontactuallybeused.com");
builder.Port = -1;
var query = System.Web.HttpUtility.ParseQueryString(builder.Query);
query["code"] = "NotForYouToSee0123456789012345678901234567890123456789==";
builder.Query = query.ToString();
string url = builder.ToString();
suffixUrl += builder.Query;
HttpClient client = new HttpClient(requestHandler)
{
BaseAddress = new Uri(baseUrl)
};
var pairs = new List<KeyValuePair<string, string>>
{
new KeyValuePair<string, string>("login", "abc")
};
var postContent = new FormUrlEncodedContent(pairs);
HttpResponseMessage hrm = client.PostAsync(suffixUrl, postContent).Result;
//hrm.EnsureSuccessStatusCode();
if (hrm.IsSuccessStatusCode)
{
}
HttpContent content = hrm.Content;
string contentString = content.ReadAsStringAsync().Result;
Console.WriteLine(hrm);
Console.WriteLine(contentString);
}
catch(Exception ex)
{
string errorMsg = GenerateFullFlatMessage(ex, true);
Console.WriteLine(errorMsg);
}
Console.WriteLine("END : {0}", System.Diagnostics.Process.GetCurrentProcess().ProcessName);
Console.WriteLine(string.Empty);
Console.WriteLine("Press ENTER to exit");
Console.ReadLine();
}
private static X509Certificate2 GetClientCertificate(string thumbprintValue)
{
thumbprintValue = System.Text.RegularExpressions.Regex.Replace(thumbprintValue, @"[^\da-zA-z]", string.Empty).ToUpper();
X509Store userCaStore = new X509Store(StoreName.My, StoreLocation.LocalMachine);
try
{
userCaStore.Open(OpenFlags.ReadOnly);
X509Certificate2Collection certificatesInStore = userCaStore.Certificates;
X509Certificate2Collection findResult = certificatesInStore.Find(X509FindType.FindByThumbprint, thumbprintValue, true);
X509Certificate2 clientCertificate = null;
if (findResult.Count == 1)
{
clientCertificate = findResult[0];
}
else
{
throw new Exception("Unable to locate the correct client certificate.");
}
return clientCertificate;
}
catch
{
throw;
}
finally
{
userCaStore.Close();
}
}
private static string GenerateFullFlatMessage(Exception ex, bool showStackTrace)
{
string returnValue;
StringBuilder sb = new StringBuilder();
Exception nestedEx = ex;
while (nestedEx != null)
{
if (!string.IsNullOrEmpty(nestedEx.Message))
{
sb.Append(nestedEx.Message + System.Environment.NewLine);
}
if (showStackTrace && !string.IsNullOrEmpty(nestedEx.StackTrace))
{
sb.Append(nestedEx.StackTrace + System.Environment.NewLine);
}
nestedEx = nestedEx.InnerException;
}
returnValue = sb.ToString();
return returnValue;
}
}
}
和一个可选的助手
using System;
using System.Collections.Generic;
using System.Linq;
using System.Security.Cryptography;
using System.Security.Cryptography.X509Certificates;
using System.Text;
namespace MyNamespace
{
public static class SecurityShower
{
public static void ShowHttpWebRequest(System.Net.HttpWebRequest hwr)
{
StringBuilder sb = new StringBuilder();
if (null != hwr)
{
sb.Append("-----------------------------------------------HttpWebRequest" + System.Environment.NewLine);
sb.Append(string.Format("HttpWebRequest.Address.AbsolutePath='{0}'", hwr.Address.AbsolutePath) + System.Environment.NewLine);
sb.Append(string.Format("HttpWebRequest.Address.AbsoluteUri='{0}'", hwr.Address.AbsoluteUri) + System.Environment.NewLine);
sb.Append(string.Format("HttpWebRequest.Address='{0}'", hwr.Address) + System.Environment.NewLine);
sb.Append(string.Format("HttpWebRequest.RequestUri.AbsolutePath='{0}'", hwr.RequestUri.AbsolutePath) + System.Environment.NewLine);
sb.Append(string.Format("HttpWebRequest.RequestUri.AbsoluteUri='{0}'", hwr.RequestUri.AbsoluteUri) + System.Environment.NewLine);
sb.Append(string.Format("HttpWebRequest.RequestUri='{0}'", hwr.RequestUri) + System.Environment.NewLine);
foreach (X509Certificate cert in hwr.ClientCertificates)
{
sb.Append("START*************************************************");
ShowX509Certificate(sb, cert);
sb.Append("END*************************************************");
}
}
string result = sb.ToString();
Console.WriteLine(result);
}
public static void ShowCertAndChain(X509Certificate2 cert)
{
X509Chain chain = new X509Chain();
chain.ChainPolicy.RevocationFlag = X509RevocationFlag.EntireChain;
chain.ChainPolicy.RevocationMode = X509RevocationMode.Offline;
chain.ChainPolicy.VerificationFlags = X509VerificationFlags.AllFlags;
////chain.ChainPolicy.VerificationFlags = X509VerificationFlags.IgnoreCtlSignerRevocationUnknown &&
////X509VerificationFlags.IgnoreRootRevocationUnknown &&
////X509VerificationFlags.IgnoreEndRevocationUnknown &&
////X509VerificationFlags.IgnoreCertificateAuthorityRevocationUnknown &&
////X509VerificationFlags.IgnoreCtlNotTimeValid;
chain.Build(cert);
ShowCertAndChain(cert, chain);
}
public static void ShowCertAndChain(X509Certificate cert, X509Chain chain)
{
StringBuilder sb = new StringBuilder();
if (null != cert)
{
ShowX509Certificate(sb, cert);
}
if (null != chain)
{
sb.Append("-X509Chain(Start)-" + System.Environment.NewLine);
////sb.Append(string.Format("Cert.ChainStatus='{0}'", string.Join(",", chain.ChainStatus.ToList())) + System.Environment.NewLine);
foreach (X509ChainStatus cstat in chain.ChainStatus)
{
sb.Append(string.Format("X509ChainStatus::'{0}'-'{1}'", cstat.Status.ToString(), cstat.StatusInformation) + System.Environment.NewLine);
}
X509ChainElementCollection ces = chain.ChainElements;
ShowX509ChainElementCollection(sb, ces);
sb.Append("-X509Chain(End)-" + System.Environment.NewLine);
}
string result = sb.ToString();
Console.WriteLine(result);
}
private static void ShowX509Extension(StringBuilder sb, int x509ExtensionCount, X509Extension ext)
{
sb.Append(string.Empty + System.Environment.NewLine);
sb.Append(string.Format("--------X509ExtensionNumber(Start):{0}", x509ExtensionCount) + System.Environment.NewLine);
sb.Append(string.Format("X509Extension.Critical='{0}'", ext.Critical) + System.Environment.NewLine);
AsnEncodedData asndata = new AsnEncodedData(ext.Oid, ext.RawData);
sb.Append(string.Format("Extension type: {0}", ext.Oid.FriendlyName) + System.Environment.NewLine);
sb.Append(string.Format("Oid value: {0}", asndata.Oid.Value) + System.Environment.NewLine);
sb.Append(string.Format("Raw data length: {0} {1}", asndata.RawData.Length, Environment.NewLine) + System.Environment.NewLine);
sb.Append(asndata.Format(true) + System.Environment.NewLine);
X509BasicConstraintsExtension basicEx = ext as X509BasicConstraintsExtension;
if (null != basicEx)
{
sb.Append("-X509BasicConstraintsExtension-" + System.Environment.NewLine);
sb.Append(string.Format("X509Extension.X509BasicConstraintsExtension.CertificateAuthority='{0}'", basicEx.CertificateAuthority) + System.Environment.NewLine);
}
X509EnhancedKeyUsageExtension keyEx = ext as X509EnhancedKeyUsageExtension;
if (null != keyEx)
{
sb.Append("-X509EnhancedKeyUsageExtension-" + System.Environment.NewLine);
sb.Append(string.Format("X509Extension.X509EnhancedKeyUsageExtension.EnhancedKeyUsages='{0}'", keyEx.EnhancedKeyUsages) + System.Environment.NewLine);
foreach (Oid oi in keyEx.EnhancedKeyUsages)
{
sb.Append(string.Format("------------EnhancedKeyUsages.Oid.FriendlyName='{0}'", oi.FriendlyName) + System.Environment.NewLine);
sb.Append(string.Format("------------EnhancedKeyUsages.Oid.Value='{0}'", oi.Value) + System.Environment.NewLine);
}
}
X509KeyUsageExtension usageEx = ext as X509KeyUsageExtension;
if (null != usageEx)
{
sb.Append("-X509KeyUsageExtension-" + System.Environment.NewLine);
sb.Append(string.Format("X509Extension.X509KeyUsageExtension.KeyUsages='{0}'", usageEx.KeyUsages) + System.Environment.NewLine);
sb.Append(string.Format("X509KeyUsageExtension.KeyUsages.X509KeyUsageFlags.CrlSign='{0}'", (usageEx.KeyUsages & X509KeyUsageFlags.CrlSign) != 0) + System.Environment.NewLine);
sb.Append(string.Format("X509KeyUsageExtension.KeyUsages.X509KeyUsageFlags.DataEncipherment='{0}'", (usageEx.KeyUsages & X509KeyUsageFlags.DataEncipherment) != 0) + System.Environment.NewLine);
sb.Append(string.Format("X509KeyUsageExtension.KeyUsages.X509KeyUsageFlags.DecipherOnly='{0}'", (usageEx.KeyUsages & X509KeyUsageFlags.DecipherOnly) != 0) + System.Environment.NewLine);
sb.Append(string.Format("X509KeyUsageExtension.KeyUsages.X509KeyUsageFlags.DigitalSignature='{0}'", (usageEx.KeyUsages & X509KeyUsageFlags.DigitalSignature) != 0) + System.Environment.NewLine);
sb.Append(string.Format("X509KeyUsageExtension.KeyUsages.X509KeyUsageFlags.EncipherOnly='{0}'", (usageEx.KeyUsages & X509KeyUsageFlags.EncipherOnly) != 0) + System.Environment.NewLine);
sb.Append(string.Format("X509KeyUsageExtension.KeyUsages.X509KeyUsageFlags.KeyAgreement='{0}'", (usageEx.KeyUsages & X509KeyUsageFlags.KeyAgreement) != 0) + System.Environment.NewLine);
sb.Append(string.Format("X509KeyUsageExtension.KeyUsages.X509KeyUsageFlags.KeyCertSign='{0}'", (usageEx.KeyUsages & X509KeyUsageFlags.KeyCertSign) != 0) + System.Environment.NewLine);
sb.Append(string.Format("X509KeyUsageExtension.KeyUsages.X509KeyUsageFlags.KeyEncipherment='{0}'", (usageEx.KeyUsages & X509KeyUsageFlags.KeyEncipherment) != 0) + System.Environment.NewLine);
sb.Append(string.Format("X509KeyUsageExtension.KeyUsages.X509KeyUsageFlags.None='{0}'", (usageEx.KeyUsages & X509KeyUsageFlags.None) != 0) + System.Environment.NewLine);
sb.Append(string.Format("X509KeyUsageExtension.KeyUsages.X509KeyUsageFlags.NonRepudiation='{0}'", (usageEx.KeyUsages & X509KeyUsageFlags.NonRepudiation) != 0) + System.Environment.NewLine);
}
X509SubjectKeyIdentifierExtension skIdEx = ext as X509SubjectKeyIdentifierExtension;
if (null != skIdEx)
{
sb.Append("-X509SubjectKeyIdentifierExtension-" + System.Environment.NewLine);
sb.Append(string.Format("X509Extension.X509SubjectKeyIdentifierExtension.Oid='{0}'", skIdEx.Oid) + System.Environment.NewLine);
sb.Append(string.Format("X509Extension.X509SubjectKeyIdentifierExtension.SubjectKeyIdentifier='{0}'", skIdEx.SubjectKeyIdentifier) + System.Environment.NewLine);
}
sb.Append(string.Format("--------X509ExtensionNumber(End):{0}", x509ExtensionCount) + System.Environment.NewLine);
}
private static void ShowX509Extensions(StringBuilder sb, string cert2SubjectName, X509ExtensionCollection extColl)
{
int x509ExtensionCount = 0;
sb.Append(string.Format("--------ShowX509Extensions(Start):for:{0}", cert2SubjectName) + System.Environment.NewLine);
foreach (X509Extension ext in extColl)
{
ShowX509Extension(sb, ++x509ExtensionCount, ext);
}
sb.Append(string.Format("--------ShowX509Extensions(End):for:{0}", cert2SubjectName) + System.Environment.NewLine);
}
private static void ShowX509Certificate2(StringBuilder sb, X509Certificate2 cert2)
{
if (null != cert2)
{
sb.Append(string.Format("X509Certificate2.SubjectName.Name='{0}'", cert2.SubjectName.Name) + System.Environment.NewLine);
sb.Append(string.Format("X509Certificate2.Subject='{0}'", cert2.Subject) + System.Environment.NewLine);
sb.Append(string.Format("X509Certificate2.Thumbprint='{0}'", cert2.Thumbprint) + System.Environment.NewLine);
sb.Append(string.Format("X509Certificate2.HasPrivateKey='{0}'", cert2.HasPrivateKey) + System.Environment.NewLine);
sb.Append(string.Format("X509Certificate2.Version='{0}'", cert2.Version) + System.Environment.NewLine);
sb.Append(string.Format("X509Certificate2.NotBefore='{0}'", cert2.NotBefore) + System.Environment.NewLine);
sb.Append(string.Format("X509Certificate2.NotAfter='{0}'", cert2.NotAfter) + System.Environment.NewLine);
sb.Append(string.Format("X509Certificate2.PublicKey.Key.KeySize='{0}'", cert2.PublicKey.Key.KeySize) + System.Environment.NewLine);
////List<X509KeyUsageExtension> keyUsageExtensions = cert2.Extensions.OfType<X509KeyUsageExtension>().ToList();
////List<X509Extension> extensions = cert2.Extensions.OfType<X509Extension>().ToList();
ShowX509Extensions(sb, cert2.Subject, cert2.Extensions);
}
}
private static void ShowX509ChainElementCollection(StringBuilder sb, X509ChainElementCollection ces)
{
int x509ChainElementCount = 0;
foreach (X509ChainElement ce in ces)
{
sb.Append(string.Empty + System.Environment.NewLine);
sb.Append(string.Format("----X509ChainElementNumber:{0}", ++x509ChainElementCount) + System.Environment.NewLine);
sb.Append(string.Format("X509ChainElement.Cert.SubjectName.Name='{0}'", ce.Certificate.SubjectName.Name) + System.Environment.NewLine);
sb.Append(string.Format("X509ChainElement.Cert.Issuer='{0}'", ce.Certificate.Issuer) + System.Environment.NewLine);
sb.Append(string.Format("X509ChainElement.Cert.Thumbprint='{0}'", ce.Certificate.Thumbprint) + System.Environment.NewLine);
sb.Append(string.Format("X509ChainElement.Cert.HasPrivateKey='{0}'", ce.Certificate.HasPrivateKey) + System.Environment.NewLine);
X509Certificate2 cert2 = ce.Certificate as X509Certificate2;
ShowX509Certificate2(sb, cert2);
ShowX509Extensions(sb, cert2.Subject, ce.Certificate.Extensions);
}
}
private static void ShowX509Certificate(StringBuilder sb, X509Certificate cert)
{
sb.Append("-----------------------------------------------" + System.Environment.NewLine);
sb.Append(string.Format("Cert.Subject='{0}'", cert.Subject) + System.Environment.NewLine);
sb.Append(string.Format("Cert.Issuer='{0}'", cert.Issuer) + System.Environment.NewLine);
sb.Append(string.Format("Cert.GetPublicKey().Length='{0}'", cert.GetPublicKey().Length) + System.Environment.NewLine);
X509Certificate2 cert2 = cert as X509Certificate2;
ShowX509Certificate2(sb, cert2);
}
}
}
读得好
http://www.razibinrais.com/secure-web-api-with-client-certificate/
最佳答案
Why is HttpRequestMessage.GetClientCertificate() failing?
我在我这边测试你的代码。我发现,如果我在本地调试它,那么我可以在 Azure 平台上重现您提到的内容,如果我将 clientCertEnabled 更改为 true 那么它会按预期工作。更多详情请引用Configure Web App for Client Certificate Authentication 。如果有人知道如何在本地启用 clientCertEnabled,请添加评论。
To setup your web app to require client certificates you need to add the clientCertEnabled site setting for your web app and set it to true. This setting is not currently available through the management experience in the Portal, and the REST API will need to be used to accomplish this. You can use the ARMClient tool to make it easy to craft the REST API call. After you log in with the tool you will need to issue the following
ARMClient PUT subscriptions/{Subscription Id}/resourcegroups/{Resource Group Name}/providers/Microsoft.Web/sites/{Website Name}?api-version=2015-04-01 @enableclientcert.json -verbose
我将 clientCertEnabled 更改为 azure resources
使用客户端代码进行测试:
注意:目前,如果我们将 clientCertEnabled 设置为 true,则所有对 azure 函数的请求都需要认证
关于azure - HttpRequestMessage.GetClientCertificate() 不适用于 Azure 函数,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/46185952/
25
4
0
似乎有很多方法可以在 Azure 中自动使用 PowerShell。由于 ARM 模板是最新的,Azure 中的其他 PowerShell 选项是否已过时?这些工具/脚本之间有什么区别: Azure
我正在开发一个将托管在 Azure 中的 Web API。我想使用 Azure 诊断将错误记录到 Azure 表存储中。在经典门户中,我可以将日志配置为转到 Azure 表存储。 Classic Po
Azure 文件存储事件可以触发 Azure WebJob 或 Azure Function 吗? 例如,在文件夹“/todo/”中创建文件时。 最佳答案 我们目前没有任何 Azure 文件绑定(bi
我需要创建一个逻辑应用程序,我的要求是,我需要从 azure data Lake Gen2 文件夹迁移 json 文件,并根据某些值需要将该 json 转换为 xml,然后将其发送到 SQL。 因此,
我使用 VS Code 创建了 1 个 node.js 和 1 个 java Azure Function 当我使用 VS Code 将这两个函数部署到 Azure 时,我最终获得了这么多 Azure
收集 Azure 诊断数据时,暂存槽是否也会将诊断数据发送到 WadPerformanceCounters 表? 如果是这样,我该如何关闭它?或者在阅读诊断信息时如何区分暂存/生产。 我不想显示有关我
您好,我是 Azure 的新手。我有 VS 2012 和 Azure SDK 2.1,当我使用模拟器运行我的 Web 应用程序时一切正常。但是当我在 azure 上部署时出现错误消息: Could n
我很难区分 Azure 订阅和 Azure 租户有何不同?我尝试使用示例来弄清楚,但每次我得出的结论是它们在某种程度上是相同的?如果租户是组织在注册 Microsoft 云服务时接收并拥有的 Azur
如果我想在 Azure Insights 中设置自定义指标集合,并以(近)实时的方式可视化其中一些指标,并查看聚合的历史数据,我应该使用 Azure Metrics Explorer 还是 Azure
我想了解具有以下配置的 Azure 数据工厂 (ADF) 的现实示例/用例: Azure 集成运行时 (AIR) 默认值 自托管集成运行时(SHIR) 其他问题: 这两种配置(AIR 和 SHIR)是
请参阅下面来自 Azure 服务总线的指标。想要识别请求数量中的背景噪音|流量较低时的响应。假设振荡请求| session 中 amqp 握手的响应是潜在的。只是不明白这是什么类型的握手?从总线接收的
此问题与 Azure 事件中心和 Azure 服务总线之间的区别无关。 问题如下: 如果您将Azure Events Hub添加到您的应用程序中,那么您会注意到它依赖于Azure Service Bu
这两个事情是完全不同的,还是它们能完成的事情大致相同/相似? 最佳答案 Azure 辅助角色是“应用程序场”中您自己的一组虚拟机。您可以以分布式方式在它们上运行任何代码。通常,您编写业务代码以在这些服
我目前正在使用 Windows Azure 虚拟机来运行 RStudio, 我的虚拟机是 Windows Server R2 2012,它是 Azure 上的一项附加服务。 我还有一个 Azure 存
我们正在寻找托管一个网站(一些 css、js、一个 html 文件,但不是 aspx、一个通用处理程序)。 我们部署为: 1) Azure 网站 2) Azure 云服务 两种解决方案都有效。但有一个
我想从 Azure 表创建 blob。 AzCopy 支持此功能,但我找不到任何说明数据移动 API 也支持它的文档。此选项可用吗? https://azure.microsoft.com/en-us
This article表示 Azure 订阅所有者有权访问订阅中的所有资源。但是,要访问 Azure 数据库,必须是数据库中的用户,或者是 Azure Admin AD 组的成员。 无论 SQL 安
我尝试使用以下代码将 XML 文件上传到 Azure FTP 服务器: https://www.c-sharpcorner.com/article/upload-and-download-files-
除了 Azure 服务总线使用主题而 Azure 事件中心基于事件 - Azure 事件中心和 Azure 服务总线之间是否有任何根本区别? 对我来说,事件和消息之间没有真正的区别,因为两者只是不同类
我有一个通过虚拟网络网关连接到 Azure 虚拟网络的 Windows VPN 客户端。目标#1 是使用其内部 IP 地址连接到我的虚拟机。这有效。 第二个目标是使用其内部计算机名称进行连接(因为 I
我是一名优秀的程序员,十分优秀!