当前位置: 文江博客话题详情

使用证书文件通过 SSL 连接到 Web 服务

发布于 2024-12-25 04:03:56 字数 210 浏览 2 评论 0原文

我正在用 C# 开发 Windows 服务,它调用 Web 服务方法。我必须使用 SSL 连接到 Web 服务。我已从出版商处收到带有证书的 p12 文件。该文件受密码保护。使用导入方法来使用此证书。一切工作正常,但我不喜欢这种方法 - 我在我的应用程序中对密码进行了编码。当发布者更改证书时,我必须重写代码(将密码更改为新密码)。有没有办法不将密码编码到 .p12 文件或使用其他选项(.cer 文件)?

原文

I am developing windows service in C# which invokes webservice methods. I must use SSL to connect to webservice. I have recieved from publisher p12 file with certificate. The file is password protected. To use Import method to use this certificate. Everything is working fine, but I do not like this method - I have password harcoded in my app. When publisher changes certificate I must rewrite code(changing the password to new one). Is there any way not to harcode password to .p12 file or use other option(.cer file)?

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(2

白芷 2025-01-01 04:03:56

您可以执行以下操作:

  1. 将 SSL 证书安装到本地计算机证书存储中(使用 Microsoft 管理控制台“MMC”)
  2. 提取证书指纹(例如“748681ca3646ccc7c4facb7360a0e3baa0894cb5”)
  3. 使用从本地获取证书的函数给定指纹的证书存储。
  4. 调用 Web 服务时提供 SSL 证书。
private static X509Certificate2 GetCertificateByThumbprint(string certificateThumbPrint, StoreLocation certificateStoreLocation) {
    X509Certificate2 certificate = null;

    X509Store certificateStore = new X509Store(certificateStoreLocation);
    certificateStore.Open(OpenFlags.ReadOnly);


    X509Certificate2Collection certCollection = certificateStore.Certificates;
    foreach (X509Certificate2 cert in certCollection)
    {
        if (cert.Thumbprint != null && cert.Thumbprint.Equals(certificateThumbPrint, StringComparison.OrdinalIgnoreCase))
        {
            certificate = cert;
            break;
        }
    }

    if (certificate == null)
    {
        Log.ErrorFormat(CultureInfo.InvariantCulture, "Certificate with thumbprint {0} not found", certificateThumbPrint);
    }

    return certificate;
}

public string GetServiceResponse() {
    string WebSvcEndpointConfigurationName = "WebServiceEndpoint";
    Uri webSvcEndpointAddress = new Uri("http://www.example.com/YourWebService.svc");
    string webSvcCertificateThumbPrint = "748681ca3646ccc7c4facb7360a0e3baa0894cb5";

    string webSvcResponse = null;
    SomeWebServiceClient webServiceClient = null;

    try
    {
        webServiceClient = new SomeWebServiceClient(WebSvcEndpointConfigurationName, new EndpointAddress(webSvcEndpointAddress));
        webServiceClient.ClientCredentials.ClientCertificate.Certificate = GetCertificateByThumbprint(webSvcCertificateThumbPrint, StoreLocation.LocalMachine);

        webSvcResponse = webServiceClient.GetServiceResponse();
    }
    catch (Exception ex)
    {
    }
    finally
    {
        if (webServiceClient != null)
        {
            webServiceClient.Close();
        }
    }
    return webSvcResponse;
}

What you could do is something like this:

  1. Install the SSL certificate into your local machine certificate store (using the Microsoft Management Console "MMC")
  2. Extract the certificates thumbprint (e.g. "748681ca3646ccc7c4facb7360a0e3baa0894cb5")
  3. Use a function which fetches you the certificate from the local certificate store for the given thumbprint.
  4. Provide the SSL certificate when calling your web service.
private static X509Certificate2 GetCertificateByThumbprint(string certificateThumbPrint, StoreLocation certificateStoreLocation) {
    X509Certificate2 certificate = null;

    X509Store certificateStore = new X509Store(certificateStoreLocation);
    certificateStore.Open(OpenFlags.ReadOnly);


    X509Certificate2Collection certCollection = certificateStore.Certificates;
    foreach (X509Certificate2 cert in certCollection)
    {
        if (cert.Thumbprint != null && cert.Thumbprint.Equals(certificateThumbPrint, StringComparison.OrdinalIgnoreCase))
        {
            certificate = cert;
            break;
        }
    }

    if (certificate == null)
    {
        Log.ErrorFormat(CultureInfo.InvariantCulture, "Certificate with thumbprint {0} not found", certificateThumbPrint);
    }

    return certificate;
}

public string GetServiceResponse() {
    string WebSvcEndpointConfigurationName = "WebServiceEndpoint";
    Uri webSvcEndpointAddress = new Uri("http://www.example.com/YourWebService.svc");
    string webSvcCertificateThumbPrint = "748681ca3646ccc7c4facb7360a0e3baa0894cb5";

    string webSvcResponse = null;
    SomeWebServiceClient webServiceClient = null;

    try
    {
        webServiceClient = new SomeWebServiceClient(WebSvcEndpointConfigurationName, new EndpointAddress(webSvcEndpointAddress));
        webServiceClient.ClientCredentials.ClientCertificate.Certificate = GetCertificateByThumbprint(webSvcCertificateThumbPrint, StoreLocation.LocalMachine);

        webSvcResponse = webServiceClient.GetServiceResponse();
    }
    catch (Exception ex)
    {
    }
    finally
    {
        if (webServiceClient != null)
        {
            webServiceClient.Close();
        }
    }
    return webSvcResponse;
}
回复 原文
善良天后 2025-01-01 04:03:56

向您提供 PKCS#12 文件是因为它是与私钥一起传输证书的自然方式。您可以使用以下方法之一:

  • 将其转换为您喜欢的格式并以您喜欢的方式存储
  • 将其转换为无密码 PFX
  • 将其导入计算机的证书存储并以这种方式使用

但所有这些方法(连同保留硬编码密码)都没有提供对私钥的真正保护,因此如果您将应用程序分发到组织外部,则无法使用。

PKCS#12 file is provided to you as it is a natural way to transport certificates together with private keys. You can use one of the following:

  • convert it to format you like and store the way you like
  • convert it to passwordless PFX
  • import it to computer's certificate storage and use it this way

But all those methods (together with keeping a hardcoded password) provide no real protection to the private key and thus are not usable if you distribute the application to outside of your organization.

回复 原文
~没有更多了~

关于作者

千纸鹤

暂无简介

文章
评论
26 人气
发私信

相关话题

更多

热门标签

操作系统 程序设计 IT运维 Linux系统管理 JavaScript 服务器应用 solaris C/C++ PHP Shell BSD Vue.js aix Oracle Python HTML 系统管理 HTML5 CSS 前端
更多

推荐作者

饮湿

文章 0 评论 0

明月

文章 0 评论 0

02

文章 0 评论 0

hs1283

文章 0 评论 0

风向决定发型

文章 0 评论 0

落花浅忆

文章 0 评论 0

更多

友情链接

文江博客
    我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
    原文