紧接着上一篇搭建连接MySql的三层架构的ASP.NetCore2.0的WebApi的案例,这篇来实现为ASP.NetCore启用SSL支持
由于ASP.NetCore默认服务器Kestrel不像iis Express那样会自动生成本地证书,所以就需要手动构建pfx证书.
生成pfx证书
开发环境证书就用iis默认的本地证书即可,Cortana搜索:IIS,出现以下结果点击
进入管理器:点击服务器证书选项
选中以下本地默认证书后右键导出,指定路径和密码点击确认.
修改Program中BuildWebHost以增加SSL支持
第一种方案:
using System;using System.Collections.Generic;using System.IO;using System.Linq;using System.Threading.Tasks;using Microsoft.AspNetCore;using Microsoft.AspNetCore.Hosting;using Microsoft.Extensions.Configuration;using Microsoft.Extensions.Logging;using System.Net;namespace ASP.Net_Core_API{ ???public class Program ???{ ???????public static void Main(string[] args) ???????{ ???????????BuildWebHost(args).Run(); ???????} ???????public static IWebHost BuildWebHost(string[] args) => ???????????WebHost.CreateDefaultBuilder(args) ???????????.UseStartup<Startup>() ???????????.UseKestrel(options =>//设置Kestrel服务器 ???????????{ ???????????????options.Listen(IPAddress.Loopback, 5001, listenOptions => ???????????????{
//填入之前iis中生成的pfx文件路径和指定的密码
listenOptions.UseHttps("D:\\DotNetCore\\ASP.Net Core API\\wwwroot\\dontCore.pfx", "111111"); ??
????}); ??????????
})
.Build();
}
}此种方案无需更改其他代码即可生效,点击运行
可看到已监听指定的端口5001,浏览器输入https://127.0.0.1:5001/api/values,可看到已启用ssl
第二种方案:同时支持http和https请求(基于appsettings.json配置)
由于上一种方案只支持https请求,但实际生产也需要http请求
实现核心代码:
Program:
using System;using System.Collections.Generic;using System.IO;using System.Linq;using System.Threading.Tasks;using Microsoft.AspNetCore;using Microsoft.AspNetCore.Hosting;using Microsoft.Extensions.Configuration;using Microsoft.Extensions.Logging;using System.Net;namespace ASP.Net_Core_API{ ???public class Program ???{ ???????public static void Main(string[] args) ???????{ ???????????BuildWebHost(args).Run(); ???????} ???????public static IWebHost BuildWebHost(string[] args) => ???????????WebHost.CreateDefaultBuilder(args) ???????????.UseStartup<Startup>() ???????????.UseKestrel(SetHost)//启用Kestrel ???????????.Build(); ???????/// <summary> ???????/// 配置Kestrel ???????/// </summary> ???????/// <param name="options"></param> ???????private static void SetHost(Microsoft.AspNetCore.Server.Kestrel.Core.KestrelServerOptions options) ???????{ ???????????var configuration = (IConfiguration)options.ApplicationServices.GetService(typeof(IConfiguration)); ???????????var host = configuration.GetSection("RafHost").Get<Host>();//依据Host类反序列化appsettings.json中指定节点 ???????????foreach (var endpointKvp in host.Endpoints) ???????????{ ???????????????var endpointName = endpointKvp.Key; ???????????????var endpoint = endpointKvp.Value;//获取appsettings.json的相关配置信息 ???????????????if (!endpoint.IsEnabled) ???????????????{ ???????????????????continue; ???????????????} ???????????????var address = IPAddress.Parse(endpoint.Address); ???????????????options.Listen(address, endpoint.Port, opt => ???????????????{ ???????????????????if (endpoint.Certificate != null)//证书不为空使用UserHttps ???????????????????{ ???????????????????????switch (endpoint.Certificate.Source) ???????????????????????{ ???????????????????????????case "File": ???????????????????????????????opt.UseHttps(endpoint.Certificate.Path, endpoint.Certificate.Password); ???????????????????????????????break; ???????????????????????????default: ???????????????????????????????throw new NotImplementedException($"文件 {endpoint.Certificate.Source}还没有实现"); ???????????????????????} ???????????????????????//opt.UseConnectionLogging(); ???????????????????} ???????????????}); ???????????????options.UseSystemd(); ???????????} ???????} ???} ???/// <summary> ???/// 待反序列化节点 ???/// </summary> ???public class Host ???{ ???????/// <summary> ???????/// appsettings.json字典 ???????/// </summary> ???????public Dictionary<string, Endpoint> Endpoints { get; set; } ???} ???/// <summary> ???/// 终结点 ???/// </summary> ???public class Endpoint ???{ ???????/// <summary> ???????/// 是否启用 ???????/// </summary> ???????public bool IsEnabled { get; set; } ???????/// <summary> ???????/// ip地址 ???????/// </summary> ???????public string Address { get; set; } ???????/// <summary> ???????/// 端口号 ???????/// </summary> ???????public int Port { get; set; } ???????/// <summary> ???????/// 证书 ???????/// </summary> ???????public Certificate Certificate { get; set; } ???} ???/// <summary> ???/// 证书类 ???/// </summary> ???public class Certificate ???{ ???????/// <summary> ???????/// 源 ???????/// </summary> ???????public string Source { get; set; } ???????/// <summary> ???????/// 证书路径() ???????/// </summary> ???????public string Path { get; set; } ???????/// <summary> ???????/// 证书密钥 ???????/// </summary> ???????public string Password { get; set; } ???}}appsettings.json
{ ???"ConnectionStrings": { ???????"MySqlConnection": "Server=localhost;database=NetCore_WebAPI-Mysql;uid=root;pwd=111111;" ???}, ???"Logging": { ???????"IncludeScopes": false, ???????"Debug": { ???????????"LogLevel": { ???????????????"Default": "Warning" ???????????} ???????}, ???????"Console": { ???????????"LogLevel": { ???????????????"Default": "Warning" ???????????} ???????} ???},
//以下为Kestrel配置信息,同时支持https和HTTP ???"RafHost": { ???????"Endpoints": { ???????????"Http": { ???????????????"IsEnabled": true, ???????????????"Address": "127.0.0.1", ???????????????"Port": "5000" ???????????}, ???????????"Https": { ???????????????"IsEnabled": true, ???????????????"Address": "127.0.0.1", ???????????????"Port": "5443", ???????????????"Certificate": { ???????????????????"Source": "File", ???????????????????"Path": "D:\\DotNetCore\\ASP.Net Core API\\wwwroot\\dontCore.pfx", ???????????????????"Password": "111111" ???????????????} ???????????} ???????} ???}}点击运行会发现控制台出现监听两个端口的提示,一个支持https一个支持http
浏览器输入http://127.0.0.1:5000/api/values
http请求运行正常
再输入https://127.0.0.1:5443/api/values
https运行正常
为ASP.NetCore程序启用SSL
原文地址:http://www.cnblogs.com/xiaoliangge/p/7600467.html