经验首页 前端设计 程序设计 Java相关 移动开发 数据库/运维 软件/图像 大数据/云计算 其他经验
当前位置:技术经验 » 程序设计 » ASP.net » 查看文章
【Azure App Service】.NET代码实验App Service应用中获取TLS/SSL 证书 (App Service Linux/Linux Container)
来源:cnblogs  作者:路边两盏灯  时间:2024/6/1 9:26:19  对本文有异议

 

在前一篇文章中,我们是把.NET 8应用读取SSL证书(X509)示例部署在App Service Windows环境中,那么如果部署在Linux环境,以及Linux Container中呢?

根据前文中的第一种方法,直接在把证书文件包含在源文件中,通过相对路径读取证书文件的方式,经测试,可以正常工作。

但是,对于第二种“通过指纹在系统证书库中查找证书 ”的方式,在Linux系统中,是不能使用 X509Store(StoreName.My, StoreLocation.CurrentUser) 中查找的方式。

经过测试验证,在App Service Linux( 包含Linux Container)证书页面上传的证书后,系统会把证书保存为文件。存储在 /var/ssl/ 文件夹中,可以通过ssh 方式查看:

  1. 进入App Service Kudu(高级工具)页面: https://<yourwebappname>.scm.chinacloudsites.cn/webssh/host 
  2. 点击SSH目录,输入cd 目录命令: cd /var/ssl/private 后,列举全部文件: ls -ll

 

在.NET 8代码中的正确读取私有证书 (.pfx)的代码示例:

  1. public static string FindPfxbyThubmprintinLinux(string thumbprint)
  2. {
  3. if (string.IsNullOrEmpty(thumbprint))
  4. return $"Certificate with thumbprint {thumbprint} was not found";
  5. string finalPath = $"/var/ssl/private/{thumbprint}.p12";
  6. var bytes2 = File.ReadAllBytes(finalPath);
  7. var cert = new X509Certificate2(bytes2);
  8. return cert.ToString();
  9. }

注意:

  • WEBSITE_LOAD_CERTIFICATES  配置不可少
  • 门户上的证书添加后,需要重启站点,等待实例中出现证书文件。(通常在15分钟左右后才能在目录中看见 thumbprint.p12文件)

 

附录:示例代码(.NET 8.0 顶级语句 program.cs)

  1. using Microsoft.AspNetCore.Mvc;
  2. using Microsoft.Extensions.FileProviders;
  3. using System.Security.Cryptography.X509Certificates;
  4. var builder = WebApplication.CreateBuilder(args);
  5. // Add services to the container.
  6.  
  7. var app = builder.Build();
  8. // Configure the HTTP request pipeline.
  9. app.UseHttpsRedirection();
  10. app.UseStaticFiles(new StaticFileOptions()
  11. {
  12. FileProvider = new PhysicalFileProvider(Path.Combine(Directory.GetCurrentDirectory(), "Images")),
  13. RequestPath = new PathString("/Images")
  14. });
  15. app.MapGet("/loadpfxbyname", ([FromQuery(Name = "name")] string filename, [FromQuery(Name = "pwd")] string pwd) =>
  16. {
  17. var content = pfxTesting.LoadPfx(filename, pwd);
  18. return content;
  19. });
  20. app.MapGet("/loadpfx/{pwd}", (string pwd) =>
  21. {
  22. var content = pfxTesting.LoadPfx(null, pwd);
  23. return content;
  24. });
  25. app.MapGet("/findpfx/{certThumbprint}", (string certThumbprint) =>
  26. {
  27. var content = pfxTesting.FindPfx(certThumbprint);
  28. return content;
  29. });
  30. app.Run();
  31. class pfxTesting
  32. {
  33. public static string LoadPfx(string? filename, string password = "")
  34. {
  35. try
  36. {
  37. if (filename == null) filename = "contoso.com.pfx";
  38. var bytes = File.ReadAllBytes(filename);
  39. var cert = new X509Certificate2(bytes, password);
  40. return cert.ToString();
  41. }
  42. catch (Exception ex)
  43. {
  44. return ex.Message;
  45. }
  46. }
  47. public static string FindPfx(string certThumbprint = "")
  48. {
  49. try
  50. {
  51. bool validOnly = false;
  52. using (X509Store certStore = new X509Store(StoreName.My, StoreLocation.CurrentUser))
  53. {
  54. certStore.Open(OpenFlags.ReadOnly);
  55. X509Certificate2Collection certCollection = certStore.Certificates.Find(
  56. X509FindType.FindByThumbprint,
  57. // Replace below with your certificate's thumbprint
  58. certThumbprint,
  59. validOnly);
  60. // Get the first cert with the thumbprint
  61. X509Certificate2 cert = certCollection.OfType<X509Certificate2>().FirstOrDefault();
  62. if (cert is null)
  63. return FindPfxbyThubmprintinLinux(certThumbprint);
  64. //throw new Exception($"Certificate with thumbprint {certThumbprint} was not found");
  65.  
  66. return cert.ToString();
  67. }
  68. }
  69. catch (Exception ex) { return ex.Message; }
  70. }
  71. public static string FindPfxbyThubmprintinLinux(string thumbprint)
  72. {
  73. if (string.IsNullOrEmpty(thumbprint))
  74. return $"Certificate with thumbprint {thumbprint} was not found";
  75. string finalPath = $"/var/ssl/private/{thumbprint}.p12";
  76. var bytes2 = File.ReadAllBytes(finalPath);
  77. var cert = new X509Certificate2(bytes2);
  78. return cert.ToString();
  79. }
  80. }

 

 

参考资料

在 Linux/Windows 容器中加载证书 : https://docs.azure.cn/zh-cn/app-service/configure-ssl-certificate-in-code#load-certificate-in-linuxwindows-containers

GetX509CertificateLinux(string thumbprint)  :

https://learn.microsoft.com/en-us/answers/questions/1055731/application-error-on-linux-running-net-core

Load Certificate on Linux Web App #19305 : https://github.com/MicrosoftDocs/azure-docs/issues/19305

 

【END】

 

原文链接:https://www.cnblogs.com/lulight/p/18225557

 友情链接:直通硅谷  点职佳  北美留学生论坛

本站QQ群:前端 618073944 | Java 606181507 | Python 626812652 | C/C++ 612253063 | 微信 634508462 | 苹果 692586424 | C#/.net 182808419 | PHP 305140648 | 运维 608723728

W3xue 的所有内容仅供测试,对任何法律问题及风险不承担任何责任。通过使用本站内容随之而来的风险与本站无关。
关于我们  |  意见建议  |  捐助我们  |  报错有奖  |  广告合作、友情链接(目前9元/月)请联系QQ:27243702 沸活量
皖ICP备17017327号-2 皖公网安备34020702000426号