为ASP.NetCore程序启用SSL

上善若水

由于ASP.NetCore默认服务器Kestrel不像iis Express那样会自动生成本地证书,所以就需要手动构建pfx证书.

生成pfx证书

开发环境证书就用iis默认的本地证书即可,Cortana搜索:IIS,出现以下结果点击

进入管理器:点击服务器证书选项

选中以下本地默认证书后右键导出,指定路径和密码点击确认.

修改Program中BuildWebHost以增加SSL支持

第一种方案:

1. using System;
2. using System.Collections.Generic;
3. using System.IO;
4. using System.Linq;
5. using System.Threading.Tasks;
6. using Microsoft.AspNetCore;
7. using Microsoft.AspNetCore.Hosting;
8. using Microsoft.Extensions.Configuration;
9. using Microsoft.Extensions.Logging;
10. using System.Net;
12. namespace ASP.Net_Core_API
13. {
14. public class Program
15. {
16. public static void Main(string[] args)
17. {
18. BuildWebHost(args).Run();
19. }
21. public static IWebHost BuildWebHost(string[] args) =>
22. WebHost.CreateDefaultBuilder(args)
23. .UseStartup<Startup>()
24. .UseKestrel(options =>//设置Kestrel服务器
25. {
26. options.Listen(IPAddress.Loopback, 5001, listenOptions =>
27. {　　　　　　　　　　　<br style="margin:0px; padding:0px" />　　　　　　　　　　　　//填入之前iis中生成的pfx文件路径和指定的密码　　　　　　　　　　　　<br style="margin:0px; padding:0px" />　　　　　　　　　　　　listenOptions.UseHttps("D:\\DotNetCore\\ASP.Net Core API\\wwwroot\\dontCore.pfx", "111111"); <br style="margin:0px; padding:0px" />　　　　　　　 }); <br style="margin:0px; padding:0px" />　　　　　　　　})<br style="margin:0px; padding:0px" />　　　　　　　.Build();<br style="margin:0px; padding:0px" />　　　　}<br style="margin:0px; padding:0px" />　}

复制代码

此种方案无需更改其他代码即可生效,点击运行

可看到已监听指定的端口5001,浏览器输入https://127.0.0.1:5001/api/values,可看到已启用ssl

第二种方案:同时支持http和https请求(基于appsettings.json配置)

由于上一种方案只支持https请求,但实际生产也需要http请求

实现核心代码:

Program:

1. using System;
2. using System.Collections.Generic;
3. using System.IO;
4. using System.Linq;
5. using System.Threading.Tasks;
6. using Microsoft.AspNetCore;
7. using Microsoft.AspNetCore.Hosting;
8. using Microsoft.Extensions.Configuration;
9. using Microsoft.Extensions.Logging;
10. using System.Net;
12. namespace ASP.Net_Core_API
13. {
14. public class Program
15. {
16. public static void Main(string[] args)
17. {
18. BuildWebHost(args).Run();
19. }
21. public static IWebHost BuildWebHost(string[] args) =>
22. WebHost.CreateDefaultBuilder(args)
23. .UseStartup<Startup>()
24. .UseKestrel(SetHost)//启用Kestrel
25. .Build();
27. /// <summary>
28. /// 配置Kestrel
29. /// </summary>
30. /// <param name="options"></param>
31. private static void SetHost(Microsoft.AspNetCore.Server.Kestrel.Core.KestrelServerOptions options)
32. {
33. var configuration = (IConfiguration)options.ApplicationServices.GetService(typeof(IConfiguration));
34. var host = configuration.GetSection("RafHost").Get<Host>();//依据Host类反序列化appsettings.json中指定节点
35. foreach (var endpointKvp in host.Endpoints)
36. {
37. var endpointName = endpointKvp.Key;
38. var endpoint = endpointKvp.Value;//获取appsettings.json的相关配置信息
39. if (!endpoint.IsEnabled)
40. {
41. continue;
42. }
44. var address = IPAddress.Parse(endpoint.Address);
45. options.Listen(address, endpoint.Port, opt =>
46. {
47. if (endpoint.Certificate != null)//证书不为空使用UserHttps
48. {
49. switch (endpoint.Certificate.Source)
50. {
51. case "File":
52. opt.UseHttps(endpoint.Certificate.Path, endpoint.Certificate.Password);
53. break;
54. default:
55. throw new NotImplementedException($"文件 {endpoint.Certificate.Source}还没有实现");
56. }
58. //opt.UseConnectionLogging();
59. }
60. });
62. options.UseSystemd();
63. }
64. }
65. }
67. /// <summary>
68. /// 待反序列化节点
69. /// </summary>
70. public class Host
71. {
72. /// <summary>
73. /// appsettings.json字典
74. /// </summary>
75. public Dictionary<string, Endpoint> Endpoints { get; set; }
76. }
78. /// <summary>
79. /// 终结点
80. /// </summary>
81. public class Endpoint
82. {
83. /// <summary>
84. /// 是否启用
85. /// </summary>
86. public bool IsEnabled { get; set; }
88. /// <summary>
89. /// ip地址
90. /// </summary>
91. public string Address { get; set; }
93. /// <summary>
94. /// 端口号
95. /// </summary>
96. public int Port { get; set; }
98. /// <summary>
99. /// 证书
100. /// </summary>
101. public Certificate Certificate { get; set; }
102. }
104. /// <summary>
105. /// 证书类
106. /// </summary>
107. public class Certificate
108. {
109. /// <summary>
110. /// 源
111. /// </summary>
112. public string Source { get; set; }
114. /// <summary>
115. /// 证书路径()
116. /// </summary>
117. public string Path { get; set; }
119. /// <summary>
120. /// 证书密钥
121. /// </summary>
122. public string Password { get; set; }
123. }
124. }

复制代码

appsettings.json

1. {
2. "ConnectionStrings": {
3. "MySqlConnection": "Server=localhost;database=NetCore_WebAPI-Mysql;uid=root;pwd=111111;"
4. },
5. "Logging": {
6. "IncludeScopes": false,
7. "Debug": {
8. "LogLevel": {
9. "Default": "Warning"
10. }
11. },
12. "Console": {
13. "LogLevel": {
14. "Default": "Warning"
15. }
16. }
17. },<br style="margin:0px; padding:0px" />　　//以下为Kestrel配置信息,同时支持https和HTTP
18. "RafHost": {
19. "Endpoints": {
20. "Http": {
21. "IsEnabled": true,
22. "Address": "127.0.0.1",
23. "Port": "5000"
24. },
25. "Https": {
26. "IsEnabled": true,
27. "Address": "127.0.0.1",
28. "Port": "5443",
29. "Certificate": {
30. "Source": "File",
31. "Path": "D:\\DotNetCore\\ASP.Net Core API\\wwwroot\\dontCore.pfx",
32. "Password": "111111"
33. }
34. }
35. }
36. }
37. }

复制代码

点击运行会发现控制台出现监听两个端口的提示,一个支持https一个支持http

 

浏览器输入http://127.0.0.1:5000/api/values 

http请求运行正常

再输入https://127.0.0.1:5443/api/values

 

https运行正常

来源：https://blog.csdn.net/qq3401247010/article/details/78111488
免责声明：如果侵犯了您的权益，请联系站长，我们会及时删除侵权内容，谢谢合作！