在.Net Core中使用HttpClient添加证书

Posted 2022-04-28 oldli

最近公司要对接电信物联网北向API接口，当调用Auth授权接口时，需要用到证书，此篇文章记录下遇到的坑~

有两种调用接口的方式，下面是两种方式的简单示例

1、使用HttpClient

 public static void Post(string appId, string secret)

    var handler = new HttpClientHandler
    
        ClientCertificateOptions = ClientCertificateOption.Manual,
        SslProtocols = SslProtocols.Tls12,
        ServerCertificateCustomValidationCallback = (x, y, z, m) => true,
    ;

    var path = Path.Combine(AppContext.BaseDirectory, "cert\\iot3rd.p12");
    handler.ClientCertificates.Add(new X509Certificate2(path, "IoM@1234"));

    var client = new HttpClient(handler);

    var content = new StringContent($"appId=appId&secret=secret");
    content.Headers.ContentType = new MediaTypeHeaderValue("application/x-www-form-urlencoded");

    var httpResponseMessage = client.PostAsync("https://180.101.147.89:8743/iocm/app/sec/v1.1.0/login", content).GetAwaiter().GetResult();
    var result = httpResponseMessage.Content.ReadAsStringAsync().GetAwaiter().GetResult();

    Console.WriteLine(result);

2、使用HttpWebRequest

public static string Post(string appId, string secret)

    ServicePointManager.ServerCertificateValidationCallback = (x, y, z, m) => true;
    ServicePointManager.SecurityProtocol = (SecurityProtocolType)3072;

    HttpWebRequest httpRequest = (HttpWebRequest)HttpWebRequest.Create("https://180.101.147.89:8743/iocm/app/sec/v1.1.0/login");
    var p12certfile = Path.Combine(AppContext.BaseDirectory, "cert\\iot3rd.p12");
    X509Certificate2 cerCaiShang = new X509Certificate2(p12certfile, "IoM@1234");
    httpRequest.ClientCertificates.Add(cerCaiShang);
    httpRequest.Method = "POST";
    httpRequest.ContentType = "application/x-www-form-urlencoded";

    Stream requestStem = httpRequest.GetRequestStream();
    StreamWriter sw = new StreamWriter(requestStem);
    sw.Write($"appId=appId&secret=secret");
    sw.Close();

    HttpWebResponse httpResponse = (HttpWebResponse)httpRequest.GetResponse();

    Stream receiveStream = httpResponse.GetResponseStream();

    string result = string.Empty;
    using (StreamReader sr = new StreamReader(receiveStream))
    
        return sr.ReadToEnd();
    

需要注意一点，上面两种方式都需要设置服务器证书验证回调方法，否则回报下面的异常

The remote certificate is invalid according to the validation procedure.

而且两种方式的设置方式不一样，HttpClient是通过HttpClientHandler对象的ServerCertificateCustomValidationCallback属性设置的，而HttpWebRequest方式是通过ServicePointManager.ServerCertificateValidationCallback来设置的