在.Net Core中使用HttpClient添加证书

最近公司要对接电信物联网北向API接口,当调用Auth授权接口时,需要用到证书,此篇文章记录下遇到的坑~

有两种调用接口的方式,下面是两种方式的简单示例

1、使用HttpClient

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
 public static void Post(string appId, string secret)
{
var handler = new HttpClientHandler
{
ClientCertificateOptions = ClientCertificateOption.Manual,
SslProtocols = SslProtocols.Tls12,
ServerCertificateCustomValidationCallback = (x, y, z, m) => true,
};

var path = Path.Combine(AppContext.BaseDirectory, "cert\\iot3rd.p12");
handler.ClientCertificates.Add(new X509Certificate2(path, "IoM@1234"));

var client = new HttpClient(handler);

var content = new StringContent($"appId={appId}&secret={secret}");
content.Headers.ContentType = new MediaTypeHeaderValue("application/x-www-form-urlencoded");

var httpResponseMessage = client.PostAsync("https://180.101.147.89:8743/iocm/app/sec/v1.1.0/login", content).GetAwaiter().GetResult();
var result = httpResponseMessage.Content.ReadAsStringAsync().GetAwaiter().GetResult();

Console.WriteLine(result);
}

2、使用HttpWebRequest

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
public static string Post(string appId, string secret)
{
ServicePointManager.ServerCertificateValidationCallback = (x, y, z, m) => true;
ServicePointManager.SecurityProtocol = (SecurityProtocolType)3072;

HttpWebRequest httpRequest = (HttpWebRequest)HttpWebRequest.Create("https://180.101.147.89:8743/iocm/app/sec/v1.1.0/login");
var p12certfile = Path.Combine(AppContext.BaseDirectory, "cert\\iot3rd.p12");
X509Certificate2 cerCaiShang = new X509Certificate2(p12certfile, "IoM@1234");
httpRequest.ClientCertificates.Add(cerCaiShang);
httpRequest.Method = "POST";
httpRequest.ContentType = "application/x-www-form-urlencoded";

Stream requestStem = httpRequest.GetRequestStream();
StreamWriter sw = new StreamWriter(requestStem);
sw.Write($"appId={appId}&secret={secret}");
sw.Close();

HttpWebResponse httpResponse = (HttpWebResponse)httpRequest.GetResponse();

Stream receiveStream = httpResponse.GetResponseStream();

string result = string.Empty;
using (StreamReader sr = new StreamReader(receiveStream))
{
return sr.ReadToEnd();
}
}

需要注意一点,上面两种方式都需要设置服务器证书验证回调方法,否则回报下面的异常

1
The remote certificate is invalid according to the validation procedure.

而且两种方式的设置方式不一样,HttpClient是通过HttpClientHandler对象的ServerCertificateCustomValidationCallback属性设置的,而HttpWebRequest方式是通过ServicePointManager.ServerCertificateValidationCallback来设置的