我在下面编写了 c# 代码来调用 Azure APIM 中的 API
public async Task ValidateApimAsync()
{
X509Certificate2 certificate = getX509Certificate2();
try
{
string baseAddress = // My base URL
var requestHandler = new HttpClientHandler();
//attaching my client certificate, which is NOT NULL,
//retrieved from the windows cert store
requestHandler.ClientCertificates.Add(certificate);
requestHandler.SslProtocols = System.Security.Authentication.SslProtocols.None;
using (var client = new HttpClient(requestHandler))
{
client.BaseAddress = new Uri(baseAddress);
client.DefaultRequestHeaders.Accept.Clear();
ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12 | SecurityProtocolType.Tls11 | SecurityProtocolType.Tls13;
var responseTask = client.GetAsync(string.Format("/echo/customerMessageIds"));
responseTask.Wait();
var result = responseTask.Result;
if (result.IsSuccessStatusCode)
{
}
}
}
catch (Exception ex)
{
_log.LogError(ex.Message);
}
}
我在APIM中有以下政策
<when condition="@(context.Request.Certificate == null)">
<return-response>
<set-status code="403" reason="Certificate is null" />
<set-body template="none">Certificate is null</set-body>
</return-response>
</when>
我有有效的证书,但 APIM 仍然返回响应“证书为空”
我有 Windows 10 机器。
我什至尝试添加 reg
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL
值名称:SendTrustedIssuerList 值类型:REG_DWORD 值数据:0(假)
但没有运气
我无法复制它。如何获得证书?
我不得不做一些修改:
_log
public static async Task ValidateApimAsync()
{
//X509Certificate2 certificate = getX509Certificate2();
X509Certificate2 certificate = new X509Certificate2("certificate.pfx", "secret");
try
{
string baseAddress = "https://rfqapiservicey27itmeb4cf7q.azure-api.net";// My base URL
var requestHandler = new HttpClientHandler();
//attaching my client certificate, which is NOT NULL,
//retrieved from the windows cert store
requestHandler.ClientCertificates.Add(certificate);
requestHandler.SslProtocols = System.Security.Authentication.SslProtocols.None;
using (var client = new HttpClient(requestHandler))
{
client.BaseAddress = new Uri(baseAddress);
client.DefaultRequestHeaders.Accept.Clear();
client.DefaultRequestHeaders.Add("Ocp-Apim-Subscription-Key", "secret");
ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12 | SecurityProtocolType.Tls11 | SecurityProtocolType.Tls13;
var responseTask = client.GetAsync(string.Format("/sample/certificate"));
responseTask.Wait();
var result = responseTask.Result;
await Console.Out.WriteLineAsync(result.ReasonPhrase);
await Console.Out.WriteLineAsync(await result.Content.ReadAsStringAsync());
if (result.IsSuccessStatusCode)
{
}
}
}
catch (Exception ex)
{
await Console.Out.WriteLineAsync(ex.Message);
//_log.LogError(ex.Message);
}
}
完整的政策:
<policies>
<inbound>
<base />
<choose>
<when condition="@(context.Request.Certificate == null)">
<return-response>
<set-status code="403" reason="Certificate is null" />
<set-body template="none">Certificate is null</set-body>
</return-response>
</when>
<otherwise>
<return-response>
<set-status code="200" reason="OK" />
<set-body template="none">Certificate was found</set-body>
</return-response>
</otherwise>
</choose>
</inbound>
<backend>
<base />
</backend>
<outbound>
<base />
</outbound>
<on-error>
<base />
</on-error>
</policies>