不得不吐槽, 國內的各種開發資料網站已經... 是黃了嗎? 還是百度已經黃了?
今天打開開發的asp.net core2.幾的項目, 一F5運行后瀏覽器說無法提供安全連接, 大意就是https證書不行了, 我也不知道為什么突然給我來這么一出, 昨天還好好的. 然后反正我用百度搜了好久, 來來回回就是csdn啊cnblog啊和一些其它記不行名字的網站, 各種資料全是相互抄, 雖然我瀏覽了好幾個站點, 但是我其實只看到了最多3份資料.
屁話就不說了, 以下是內容:
先在PowerShell里運行以下, 生成證書:
# setup certificate properties including the commonName (DNSName) property for Chrome 58+ $certificate = New-SelfSignedCertificate ` -Subject localhost ` -DnsName localhost ` -KeyAlgorithm RSA ` -KeyLength 2048 ` -NotBefore (Get-Date) ` -NotAfter (Get-Date).AddYears(2) ` -CertStoreLocation "cert:CurrentUser\My" ` -FriendlyName "Localhost Certificate for .NET Core" ` -HashAlgorithm SHA256 ` -KeyUsage DigitalSignature, KeyEncipherment, DataEncipherment ` -TextExtension @("2.5.29.37={text}1.3.6.1.5.5.7.3.1") $certificatePath = 'Cert:\CurrentUser\My\' + ($certificate.ThumbPrint) # create temporary certificate path $tmpPath = "C:\tmp" If(!(test-path $tmpPath)) { New-Item -ItemType Directory -Force -Path $tmpPath } # set certificate password here $pfxPassword = ConvertTo-SecureString -String "YourSecurePassword" -Force -AsPlainText $pfxFilePath = "c:\tmp\localhost.pfx" $cerFilePath = "c:\tmp\localhost.cer" # create pfx certificate Export-PfxCertificate -Cert $certificatePath -FilePath $pfxFilePath -Password $pfxPassword Export-Certificate -Cert $certificatePath -FilePath $cerFilePath # import the pfx certificate Import-PfxCertificate -FilePath $pfxFilePath Cert:\LocalMachine\My -Password $pfxPassword -Exportable # trust the certificate by importing the pfx certificate into your trusted root Import-Certificate -FilePath $cerFilePath -CertStoreLocation Cert:\CurrentUser\Root # optionally delete the physical certificates (don’t delete the pfx file as you need to copy this to your app directory) # Remove-Item $pfxFilePath Remove-Item $cerFilePath
2, copy到項目根目錄
3, 根目錄下放如下文件:
certificate.json:
{ "certificateSettings": { "fileName": "localhost.pfx", "password": "YourSecurePassword" } }
3, 修改以下源碼文件:
Programe.cs:
public class Program { public static void Main(string[] args) { var config = new ConfigurationBuilder() .SetBasePath(Directory.GetCurrentDirectory()) .AddEnvironmentVariables() .AddJsonFile("certificate.json", optional: true, reloadOnChange: true) .AddJsonFile($"certificate.{Environment.GetEnvironmentVariable("ASPNETCORE_ENVIRONMENT")}.json", optional: true, reloadOnChange: true) .Build(); var certificateSettings = config.GetSection("certificateSettings"); string certificateFileName = certificateSettings.GetValue<string>("filename"); string certificatePassword = certificateSettings.GetValue<string>("password"); var certificate = new X509Certificate2(certificateFileName, certificatePassword); var host = new WebHostBuilder() .UseKestrel( options => { options.AddServerHeader = false; options.Listen(IPAddress.Loopback, 44321, listenOptions => { listenOptions.UseHttps(certificate); }); } ) .UseConfiguration(config) .UseContentRoot(Directory.GetCurrentDirectory()) .UseStartup<Startup>() .UseUrls("https://localhost:44321") .Build(); host.Run(); } }
Startup.cs:
public void ConfigureServices(IServiceCollection services) { // ... services.AddMvc( options => { options.SslPort = 44321; options.Filters.Add(new RequireHttpsAttribute()); } ); services.AddAntiforgery( options => { options.Cookie.Name = "_af"; options.Cookie.HttpOnly = true; options.Cookie.SecurePolicy = CookieSecurePolicy.Always; options.HeaderName = "X-XSRF-TOKEN"; } ); // ... }