在 MVC 应用程序中,我需要验证客户端证书是否由特定 CA 签名/颁发。
我知道如何获取Request.ClientCertificate和X509Certificate2从中获取,但我不知道如何检查发行人。
Request.ClientCertificate.Issuer给出了 Issuer 的主题,但我认为这还不够安全。
我希望能够检查颁发者指纹,那么如何从客户端证书中检索它?
问问题
1820 次
1 回答
3
// get the X509 from HTTP client certificate
var x509 = new X509Certificate2(this.Request.ClientCertificate.Certificate);
// create the certificate chain by using the machine store
var chain = new X509Chain(true);
chain.ChainPolicy.RevocationMode = X509RevocationMode.Offline;
chain.Build(x509);
// at this point chain.ChainElements[0] will contain the original
// certificate, the higher indexes are the issuers.
// note that if the certificate is self-signed, there will be just one entry.
var issuer = chain.ChainElements[1].Certificate.Thumbprint;
于 2013-02-17T15:48:08.517 回答