如何在 .Net Core 3.1 中禁用 OpenId 连接时的 ssl 证书验证?
How to disable ssl certificate validation upon OpenId connect in .Net Core 3.1?
我正在尝试在开发环境中使用其 IP 地址连接到开放 ID 机构。显然,在这种情况下,ssl 验证将失败。我想绕过它,到目前为止没有任何运气。我找到了有关此主题的以下答案:
- 在 OpenIdConnectOptions 中将 RequireHttpsMetadata 设置为 false class。
- 使用下面的代码:
ServicePointManager.ServerCertificateValidationCallback +=
(sender, cert, chain, sslPolicyErrors) => true;
当我的应用程序尝试访问 oidc 权限时,我收到了同样的错误:
An unhandled exception occurred while processing the request.
AuthenticationException: The remote certificate is invalid according
to the validation procedure.
System.Net.Security.SslStream.StartSendAuthResetSignal(ProtocolToken
message, AsyncProtocolRequest asyncRequest, ExceptionDispatchInfo
exception)
HttpRequestException: The SSL connection could not be established, see
inner exception.
System.Net.Http.ConnectHelper.EstablishSslConnectionAsyncCore(Stream
stream, SslClientAuthenticationOptions sslOptions, CancellationToken
cancellationToken)
IOException: IDX20804: Unable to retrieve document from:
'https://172.11.0.11:1111/MY_APP/.well-known/openid-configuration'.
Microsoft.IdentityModel.Protocols.HttpDocumentRetriever.GetDocumentAsync(string
address, CancellationToken cancel)
InvalidOperationException: IDX20803: Unable to obtain configuration
from:
'https://172.11.0.11:1111/MY_APP/.well-known/openid-configuration'.
Microsoft.IdentityModel.Protocols.ConfigurationManager.GetConfigurationAsync(CancellationToken
cancel)
警告:仅在开发期间使用它。如果合适,您需要为您的生产平台定制证书验证例程。
您可能覆盖了错误的 HttpClientHandler。可以在此处覆盖 OpenId Connect 的反向通道 HttpClient:
services
.AddAuthentication(options =>
{
...
})
.AddCookie()
.AddOpenIdConnect(options =>
{
...
HttpClientHandler handler = new HttpClientHandler();
handler.ServerCertificateCustomValidationCallback = HttpClientHandler.DangerousAcceptAnyServerCertificateValidator;
options.BackchannelHttpHandler = handler;
});
我正在尝试在开发环境中使用其 IP 地址连接到开放 ID 机构。显然,在这种情况下,ssl 验证将失败。我想绕过它,到目前为止没有任何运气。我找到了有关此主题的以下答案:
- 在 OpenIdConnectOptions 中将 RequireHttpsMetadata 设置为 false class。
- 使用下面的代码:
ServicePointManager.ServerCertificateValidationCallback += (sender, cert, chain, sslPolicyErrors) => true;
当我的应用程序尝试访问 oidc 权限时,我收到了同样的错误:
An unhandled exception occurred while processing the request. AuthenticationException: The remote certificate is invalid according to the validation procedure. System.Net.Security.SslStream.StartSendAuthResetSignal(ProtocolToken message, AsyncProtocolRequest asyncRequest, ExceptionDispatchInfo exception)
HttpRequestException: The SSL connection could not be established, see inner exception. System.Net.Http.ConnectHelper.EstablishSslConnectionAsyncCore(Stream stream, SslClientAuthenticationOptions sslOptions, CancellationToken cancellationToken)
IOException: IDX20804: Unable to retrieve document from: 'https://172.11.0.11:1111/MY_APP/.well-known/openid-configuration'. Microsoft.IdentityModel.Protocols.HttpDocumentRetriever.GetDocumentAsync(string address, CancellationToken cancel)
InvalidOperationException: IDX20803: Unable to obtain configuration from: 'https://172.11.0.11:1111/MY_APP/.well-known/openid-configuration'. Microsoft.IdentityModel.Protocols.ConfigurationManager.GetConfigurationAsync(CancellationToken cancel)
警告:仅在开发期间使用它。如果合适,您需要为您的生产平台定制证书验证例程。
您可能覆盖了错误的 HttpClientHandler。可以在此处覆盖 OpenId Connect 的反向通道 HttpClient:
services
.AddAuthentication(options =>
{
...
})
.AddCookie()
.AddOpenIdConnect(options =>
{
...
HttpClientHandler handler = new HttpClientHandler();
handler.ServerCertificateCustomValidationCallback = HttpClientHandler.DangerousAcceptAnyServerCertificateValidator;
options.BackchannelHttpHandler = handler;
});