IdentityServer3 pass请求.来自客户机请求上下文的ClientCertificate

本文关键字:请求 上下文 客户机 ClientCertificate pass IdentityServer3 | 更新日期: 2023-09-27 18:12:40

我有以下配置:一些web应用程序托管在iis与"需要SSL"参数设置。我也有基于IdentityServer3的认证服务。

我需要将Request.ClientCertificate.SerialNumber从我的web应用程序传递到身份验证流中的IdentityServer。

这是我的客户端配置的一部分:

Notifications = new OpenIdConnectAuthenticationNotifications
            {
                RedirectToIdentityProvider = n =>
                {
                    // if signing in, send certificate parameters
                    if(n.ProtocolMessage.RequestType == OpenIdConnectRequestType.AuthenticationRequest)
                    {
                        // here i would like to get client certificate
                        var req = n.OwinContext.Request;
                        // and pass it's serial number to IdentityServer someway
                        n.ProtocolMessage.AcrValues = req.ClientCertificate.SerialNumber
                    }
                    return Task.FromResult(0);
                },
          }

有可能吗?我怎样才能得到当前请求的ClientCertificate?

IdentityServer3 pass请求.来自客户机请求上下文的ClientCertificate

最后,我让这个工作:

Notifications = new OpenIdConnectAuthenticationNotifications
{
    RedirectToIdentityProvider = n =>
    {
        // if signing in, send certificate parameters
        if(n.ProtocolMessage.RequestType == OpenIdConnectRequestType.AuthenticationRequest)
        {
            var RequestContext = n.OwinContext.Environment["System.Web.Routing.RequestContext"] as System.Web.Routing.RequestContext;
            if (RequestContext != null)
            {
                var clientCert = RequestContext.HttpContext.Request.ClientCertificate;
                // if client authenticated with certificate then extract certificate info and pass it to identity server
                if (!string.IsNullOrEmpty(clientCert.SerialNumber))
                {
                    var sn = clientCert.SerialNumber.Replace("-", "");
                    // Acr on IdentityServer side explodes by spaces. To prevent splitting values with spaces made some replaces
                    n.ProtocolMessage.AcrValues = "cert:" + sn + " " + clientCert.Subject.Replace(" ","_*_").Replace(",_*_"," ");
                }
            }
        }
        return Task.FromResult(0);
    },
}