如何使用 ASP.NET 从个人存储加载客户端证书?
如何使用 ASP.NET 从个人存储加载客户端证书?
如果可能的话,我可以用它加密数据吗?
为此,我在 ASP.NET 2.0 中创建了一个应用程序,该应用程序检索客户端证书存储(个人)中安装的所有证书,以使用它创建数字签名。
但它不起作用,我不知道问题是什么
// ...
using System.Security.Cryptography.X509Certificates;
namespace WebApplication4
{
public partial class _Default : System.Web.UI.Page
{
public static string ToHexString(byte[] bytes)
{
// ...
}
protected void btnSignature_Click(object sender, EventArgs e)
{
X509Store store = new X509Store(StoreName.My, StoreLocation.CurrentUser);
store.Open(OpenFlags.OpenExistingOnly);
X509Certificate2Collection certificates = store.Certificates;
int a = certificates.Count;
lbCertCount.Text = System.Convert.ToString(a);
if (a > 0)
{
X509Certificate2 certificate = certificates[1];
string publicKey = certificate.GetPublicKeyString();
lbMypublicKey.Text = publicKey + "<br/>";
// AsymmetricAlgorithm privateKey = certificate.PrivateKey;
RSACryptoServiceProvider privateKey = certificate.PrivateKey as RSACryptoServiceProvider;
// test message
byte[] buffer = Encoding.Default.GetBytes("Welcome");
byte[] signature = privateKey.SignData(buffer, new SHA1Managed());
string me = ToHexString(signature);
lbSignature.Text = me;
RSACryptoServiceProvider publicKey1 = certificate.PublicKey.Key as RSACryptoServiceProvider;
bool verify = publicKey1.VerifyData(buffer, new SHA1Managed(), signature);
if (verify == true)
{
lbControl.Text = "Signature valid";
}
else
{
lbControl.Text = "Signature not Valid";
}
}
}
}
}
How can I load client certificates from personal store using ASP.NET?
If it is possible, can I a crypt data with it?
For that I created an application in ASP.NET 2.0 that retrieves all certificates installed in the client certificate store (personal) to create with it a digital signature.
but it does not work , and I don’t know what is the problem
// ...
using System.Security.Cryptography.X509Certificates;
namespace WebApplication4
{
public partial class _Default : System.Web.UI.Page
{
public static string ToHexString(byte[] bytes)
{
// ...
}
protected void btnSignature_Click(object sender, EventArgs e)
{
X509Store store = new X509Store(StoreName.My, StoreLocation.CurrentUser);
store.Open(OpenFlags.OpenExistingOnly);
X509Certificate2Collection certificates = store.Certificates;
int a = certificates.Count;
lbCertCount.Text = System.Convert.ToString(a);
if (a > 0)
{
X509Certificate2 certificate = certificates[1];
string publicKey = certificate.GetPublicKeyString();
lbMypublicKey.Text = publicKey + "<br/>";
// AsymmetricAlgorithm privateKey = certificate.PrivateKey;
RSACryptoServiceProvider privateKey = certificate.PrivateKey as RSACryptoServiceProvider;
// test message
byte[] buffer = Encoding.Default.GetBytes("Welcome");
byte[] signature = privateKey.SignData(buffer, new SHA1Managed());
string me = ToHexString(signature);
lbSignature.Text = me;
RSACryptoServiceProvider publicKey1 = certificate.PublicKey.Key as RSACryptoServiceProvider;
bool verify = publicKey1.VerifyData(buffer, new SHA1Managed(), signature);
if (verify == true)
{
lbControl.Text = "Signature valid";
}
else
{
lbControl.Text = "Signature not Valid";
}
}
}
}
}
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
对于所有 Google 员工:
将此添加到您的
Web.Config中:有关详细信息,请参阅 msdn 关于模拟。
For all Googlers:
Add this to your
Web.Config:For more information, see msdn on impersonation.
我猜您已经开发出了这个 ASP.NET 应用程序。作为测试工具,实际上您并不打算编写访问个人证书的生产应用程序。存储在网络服务器上?我根本没有研究或测试你的代码,但我会首先检查安全权限。我预计运行 ASP.Net 工作进程的帐户无权访问个人证书。店铺。
I'm guessing you have knocked up this ASP.NET app. as a test harness and it is not actually your intention to write a production application that accesses the personal cert. store on a web server? I haven't studied or tested your code at all but I would check security priviledges in the first instance. I expect the account under which the ASP.Net worker process is running does not have access to the personal cert. store.