IdentityServer3 从客户端请求上下文传递 Request.ClientCertificate
IdentityServer3 pass Request.ClientCertificate from client request context
我有以下配置:一些 Web 应用程序托管在 iis 上,设置了 "Require SSL" 参数。我还有基于 IdentityServer3 的身份验证服务。
我需要在身份验证流程中将 Request.ClientCertificate.SerialNumber 从我的 Web 应用程序传递到 IdentityServer。
这是我的客户端配置的一部分:
Notifications = new OpenIdConnectAuthenticationNotifications
{
RedirectToIdentityProvider = n =>
{
// if signing in, send certificate parameters
if(n.ProtocolMessage.RequestType == OpenIdConnectRequestType.AuthenticationRequest)
{
// here i would like to get client certificate
var req = n.OwinContext.Request;
// and pass it's serial number to IdentityServer someway
n.ProtocolMessage.AcrValues = req.ClientCertificate.SerialNumber
}
return Task.FromResult(0);
},
}
可能吗?如何获取当前请求的 ClientCertificate?
终于,我成功了:
Notifications = new OpenIdConnectAuthenticationNotifications
{
RedirectToIdentityProvider = n =>
{
// if signing in, send certificate parameters
if(n.ProtocolMessage.RequestType == OpenIdConnectRequestType.AuthenticationRequest)
{
var RequestContext = n.OwinContext.Environment["System.Web.Routing.RequestContext"] as System.Web.Routing.RequestContext;
if (RequestContext != null)
{
var clientCert = RequestContext.HttpContext.Request.ClientCertificate;
// if client authenticated with certificate then extract certificate info and pass it to identity server
if (!string.IsNullOrEmpty(clientCert.SerialNumber))
{
var sn = clientCert.SerialNumber.Replace("-", "");
// Acr on IdentityServer side explodes by spaces. To prevent splitting values with spaces made some replaces
n.ProtocolMessage.AcrValues = "cert:" + sn + " " + clientCert.Subject.Replace(" ","_*_").Replace(",_*_"," ");
}
}
}
return Task.FromResult(0);
},
}
我有以下配置:一些 Web 应用程序托管在 iis 上,设置了 "Require SSL" 参数。我还有基于 IdentityServer3 的身份验证服务。
我需要在身份验证流程中将 Request.ClientCertificate.SerialNumber 从我的 Web 应用程序传递到 IdentityServer。
这是我的客户端配置的一部分:
Notifications = new OpenIdConnectAuthenticationNotifications
{
RedirectToIdentityProvider = n =>
{
// if signing in, send certificate parameters
if(n.ProtocolMessage.RequestType == OpenIdConnectRequestType.AuthenticationRequest)
{
// here i would like to get client certificate
var req = n.OwinContext.Request;
// and pass it's serial number to IdentityServer someway
n.ProtocolMessage.AcrValues = req.ClientCertificate.SerialNumber
}
return Task.FromResult(0);
},
}
可能吗?如何获取当前请求的 ClientCertificate?
终于,我成功了:
Notifications = new OpenIdConnectAuthenticationNotifications
{
RedirectToIdentityProvider = n =>
{
// if signing in, send certificate parameters
if(n.ProtocolMessage.RequestType == OpenIdConnectRequestType.AuthenticationRequest)
{
var RequestContext = n.OwinContext.Environment["System.Web.Routing.RequestContext"] as System.Web.Routing.RequestContext;
if (RequestContext != null)
{
var clientCert = RequestContext.HttpContext.Request.ClientCertificate;
// if client authenticated with certificate then extract certificate info and pass it to identity server
if (!string.IsNullOrEmpty(clientCert.SerialNumber))
{
var sn = clientCert.SerialNumber.Replace("-", "");
// Acr on IdentityServer side explodes by spaces. To prevent splitting values with spaces made some replaces
n.ProtocolMessage.AcrValues = "cert:" + sn + " " + clientCert.Subject.Replace(" ","_*_").Replace(",_*_"," ");
}
}
}
return Task.FromResult(0);
},
}