我正在使用 ASP.NET Core 5.0 并希望ActionFilterAttribute在控制器中使用来检查证书指纹。
在Startup.cs我定义了一个“自定义”ClientCertificate-Forwarder 中,ClientCertificates 在标题中定义为X-ARR-ClientCert:
services.AddCertificateForwarding(options =>
{
options.CertificateHeader = "X-ARR-ClientCert";
options.HeaderConverter = (headerValue) =>
{
X509Certificate2 clientCertificate = null;
if (!string.IsNullOrWhiteSpace(headerValue))
{
byte[] bytes = StringToByteArray(headerValue);
clientCertificate = new X509Certificate2(bytes);
}
return clientCertificate;
};
});
我的ActionFilterAttribute:
public class IpCheckActionFilter : ActionFilterAttribute
{
private readonly string _certificateThumbprint;
private readonly string _safelist;
public IpCheckActionFilter(string safelist, string certificateThumbprint)
{
_safelist = safelist;
_certificateThumbprint = certificateThumbprint;
}
public override void OnActionExecuting(ActionExecutingContext context)
{
var remoteIp = context.HttpContext.Connection.RemoteIpAddress;
CheckIP(remoteIp);
var certificate = context.HttpContext.Connection.ClientCertificate; // certificate is not passed
if (certificate == null || certificate.Thumbprint.ToUpper() != _certificateThumbprint.ToUpper())
{
Log.Warn("Certificate Thumbprint not correct");
context.Result = new StatusCodeResult(StatusCodes.Status404NotFound);
return;
}
base.OnActionExecuting(context);
}
}
现在certificatefromcontext.HttpContext.Connection.ClientCertificate为空。
我该怎么做才能将我的客户证书传递给ActionFilterAttribute?