iis 如何从服务器端验证Unity游戏客户端的真实性?

9rnv2umw  于 2023-10-19  发布在  其他
关注(0)|答案(1)|浏览(130)

我有一个ASP.Net Core服务器,同时启用了http和https。它运行于IIS 10,ASP.NET CORE ~6.0。
我遵循了以下文档:[https://docs.microsoft.com/en-us/aspnet/core/security/authentication/certauth](Microsoft的ASP.NET身份验证服务)
在此基础上,我创建了一个类来处理传入客户端请求的身份验证

public class CertValidationService
{
    public bool ValidateCertificate(X509Certificate2 clientCertificate)
    {
        Log("\nInside validate"); //NOT triggered
        /*my custom verification logic*/
        return true;
    }

    public static void Handler(CertificateAuthenticationOptions options)
    {
        Log("\nCalled handler"); //NOT triggered
        options.AllowedCertificateTypes = CertificateTypes.All;
        options.Events = new CertificateAuthenticationEvents
        {
            OnAuthenticationFailed = OnFailed,
            OnCertificateValidated = OnSuccess,
            OnChallenge = OnChallenged
        };
    }

    private static Task OnChallenged(CertificateChallengeContext context){
        Log("\nInside challenge");
        return Task.CompletedTask; //triggered
    }
    private static Task OnFailed(CertificateAuthenticationFailedContext context){
        context.Fail("Failed!");
        return Task.CompletedTask; //NOT triggered
    }
    private static Task OnSuccess(CertificateValidatedContext context){
        Log("\nInside OnSuccess"); //NOT triggered
        var validationService = context.HttpContext.RequestServices.GetService<CertValidationService>();
        if (validationService != null && validationService.ValidateCertificate(context.ClientCertificate)){
            Log("\nValidated!");
            var claims = new List<Claim>{
                new Claim(ClaimTypes.NameIdentifier, context.ClientCertificate.SubjectName.Name),
                new Claim(ClaimTypes.Name, context.ClientCertificate.Subject, ClaimValueTypes.String, context.Options.ClaimsIssuer)
            };
            context.Principal = new ClaimsPrincipal(
                new ClaimsIdentity(
                    claims,
                    context.Scheme.Name //CertificateAuthenticationDefaults.AuthenticationScheme
                )
            );
            context.Success();
        } else {
            Log("\nBad Certificate");
            context.Fail("Bad Certificate");
        }
        return Task.CompletedTask;
    }
    public static void Log(string log) {
        string path = "logs.txt";
        try {
            File.AppendAllText(path, log);
        } catch (Exception ex) {
            Console.WriteLine(ex.Message);
        }
    }
}

我已经使用上面的类添加了证书验证,如下所示,虽然路由是为未经身份验证的端点触发的,但这里给出的“天气”路由不会触发ValidateCertificate方法以及成功和失败事件。要求服务器识别传入的请求是否来自伪造的apk。

var builder = WebApplication.CreateBuilder(args);
builder.Services.AddControllers();
builder.Services.AddEndpointsApiExplorer();

// ADDED VALIDATION
builder.Services.AddSingleton<CertValidationService>();
builder.Services.AddAuthentication(CertificateAuthenticationDefaults.AuthenticationScheme)
    .AddCertificate(CertValidationService.Handler);
// ----------------

builder.Services.Configure<IISServerOptions>(options => { options.AllowSynchronousIO = true; });
var app = builder.Build();

app.UseHttpsRedirection();
app.UseAuthentication();
app.UseAuthorization();
app.MapControllers();

app.Run();

我设置了一些需要授权的路由,如下所示:

// baseURL/myroute/weather
[ApiController]
[Route("myroute")]
public class WeatherForecastController : ControllerBase
{
    [HttpGet(Name = "weather")]
    [Authorize(AuthenticationSchemes = CertificateAuthenticationDefaults.AuthenticationScheme)]
    public string<WeatherForecast> Get()
    {
        return "data";
    }
    [HttpGet(Name = "weather_noauth")]
    public string<WeatherForecast2> Get()
    {
        return "data";
    }
}
q3qa4bjr

q3qa4bjr1#

这可能是因为证书在您的机器中不被识别为有效。您可能需要添加以下内容:

builder.Services.Configure<KestrelServerOptions>(options =>
{
    options.ConfigureHttpsDefaults(options =>
    {
        options.ClientCertificateMode = ClientCertificateMode.RequireCertificate;
        options.AllowAnyClientCertificate();//important
    });
});

相关问题