2019年10月13日 星期日

[研究][C#][ASP.NET] 加簽寄信 (使用 MailKit 和 MimeKit)

[研究][C#][ASP.NET] 加簽寄信4 (使用 MailKit 和 MimeKit)

2019-10-13, 2020-01-21, 2021-11-29 更新
2022-06-06 Email憑證建議改用憑證序號抓

********************************************************************************
相關3篇

[研究][C#][ASP.NET] 加簽寄信 (使用 MailKit 和 MimeKit)
https://shaurong.blogspot.com/2019/10/caspnet-mailkit-mimekit_13.html

[研究][C#][ASP.NET] 寄信 (使用 MailKit 和 MimeKit)
https://shaurong.blogspot.com/2019/10/caspnet-mailkit-mimekit_11.html

[研究][C#][ASP.NET] 加簽寄信 (使用 System.Net.Mail.MailMessage)
https://shaurong.blogspot.com/2019/10/caspnet-systemnetmailmailmessage.html
更新補充一些資訊,更新到 2021-11-29

********************************************************************************

環境:Visual Studio 2019
NuGet 要安裝 MailKit 和 System.Data.SQLite

注意:certdb.sqlite 要加入方案中,deploy 才會出去。

Web.Config 部分

<?xml version="1.0" encoding="utf-8"?>
<configuration>
	<appSettings>
		<add key="EmailCertificateSN" value="郵件憑證序號" />
	</appSettings>
</configuration>




using MailKit.Net.Smtp;
using MailKit.Security;
using MimeKit;
using MimeKit.Cryptography;
using System;
using System.Data.SQLite;
using System.IO;
using System.Linq;
using System.Security.Cryptography.X509Certificates;

namespace WebApplication2
{
    // http://www.mimekit.net/docs/html/Working-With-SMime.htm
    public class MySecureMimeContext : DefaultSecureMimeContext
    {
        //public MySecureMimeContext()
        //    : base(OpenDatabase("C:\\wherever\\certdb.sqlite"))
        //{}

//        public MySecureMimeContext(): //base(OpenDatabase(@"C:\CodeTemp\WebApplication2\WebApplication2\certdb.sqlite"))
//        {}

        static string dbPath = HttpContext.Current.Server.MapPath("/App_Data/");
        public MySecureMimeContext() : base(OpenDatabase(dbPath + "certdb.sqlite"))
        { }

        static IX509CertificateDatabase OpenDatabase(string fileName)
        {
            var builder = new SQLiteConnectionStringBuilder();
            builder.DateTimeFormat = SQLiteDateFormats.Ticks;
            builder.DataSource = fileName;

            if (!File.Exists(fileName))
                SQLiteConnection.CreateFile(fileName);

            var sqlite = new SQLiteConnection(builder.ConnectionString);
            sqlite.Open();

            return new SqliteCertificateDatabase(sqlite, "password");
        }
    }
    public partial class Default : System.Web.UI.Page
    {
        protected void Page_Load(object sender, EventArgs e)
        {
         
        }

        protected void Button1_Click(object sender, EventArgs e)
        {
            // http://www.mimekit.net/docs/html/Creating-Messages.htm
            var message = new MimeMessage();
            message.From.Add(new MailboxAddress("xxxx", "有申請憑證的@test.com"));
            message.To.Add(new MailboxAddress("yyy", "yyy@mail2000.com.tw"));
            message.Subject = "Mail2000 send Test (vis IIS SMTP localhost)";

            message.Body = new TextPart("plain")
            {
                Text = @"Hey Alice,

What are you up to this weekend? Monica is throwing one of her parties on
Saturday and I was hoping you could make it.

Will you be my +1?

-- Joey
"
            };

            // http://www.mimekit.net/docs/html/Working-With-SMime.htm

            // Note: by registering our custom context it becomes the default S/MIME context
            // instantiated by MimeKit when methods such as Encrypt(), Decrypt(), Sign(), and
            // Verify() are used without an explicit context.

            CryptographyContext.Register(typeof(MySecureMimeContext));

            X509Store store = new X509Store("My", StoreLocation.LocalMachine);

            store.Open(OpenFlags.ReadOnly | OpenFlags.OpenExistingOnly);

            //如果新舊憑證都尚未過期,會抓到舊的憑證
             //X509Certificate2 signCert = store.Certificates.Find(X509FindType.FindBySubjectName, "憑證名稱", false)[0];

            // 抓 Web.Config 中設定的Email憑證序號           
            setting = ConfigurationManager.AppSettings["EmailCertificateSN"];
            string emailCertificateSN = setting.ToString();
            //用 Email憑證序號抓比較不會抓錯
           X509Certificate2 signCert = store.Certificates.Find(X509FindType.FindBySerialNumber, emailCertificateSN, false)[0];


// X509Certificate2 signCert = store.Certificates.Find(X509FindType.FindByThumbprint, "12339f33449f0cc767feb69e6dc2774ce10c1f60", false)[0];

            // VS 2019 中正常,deploy 後執行,出現錯誤「機碼組不存在」
           // 要用 MMC 設定 Email 憑證可讓 IIS_IUSRS 存取
            CmsRecipient recipient = new CmsRecipient(signCert);

            CmsRecipientCollection colle = new CmsRecipientCollection();
            colle.Add(recipient);

            using (var ctx = new MySecureMimeContext())
            //using (var ctx = new TemporaryMimeContext())
            {
                // Note: this assumes that the Sender address has an S/MIME signing certificate
                // and private key with an X.509 Subject Email identifier that matches the
                // sender's email address.
                var ctxsender = message.From.Mailboxes.FirstOrDefault();

                CmsSigner signer = new CmsSigner(signCert);
                message.Body = MultipartSigned.Create(ctx, signer, message.Body);
                //var signed = MultipartSigned.Create(ctx, signer, message.Body);

                //var encrypted = ApplicationPkcs7Mime.Encrypt(ctx, colle, signed);

                //message.Body = MultipartSigned.Create(ctx, signer, encrypted);
                //message.Body = MultipartSigned.Create(ctx, signer, signed);


                // MimeKit.Cryptography.CertificateNotFoundException
                // A valid signing certificate could not be found.
                //message.Body = MultipartSigned.Create(ctx, ctxsender, DigestAlgorithm.Sha1, message.Body);
            }

            // http://www.mimekit.net/docs/html/M_MailKit_Net_Smtp_SmtpClient__ctor.htm
            using (var client = new SmtpClient())
            {
                //  IIS SMTP 要設定 None,Auto 會失敗
                //client.Connect("localhost", 25, SecureSocketOptions.None);

                client.Connect("localhost", 25, SecureSocketOptions.Auto);

                //client.Authenticate("zzzz@gmail.com", "密碼");

                try
                {
                    //foreach (var message in messages)
                    //{
                    client.Send(message);
                //}
             
                    client.Disconnect(true);
                    Label1.Text = "成功寄出。";
                }
                catch (Exception ex)
                {
                    if (ex!=null)
                    {
                        Label1.Text = ex.Message.ToString();
                    }
                    else
                    {
                        Label1.Text = "不明錯誤。";
                    }
                }
            }
        }
    }
}






********************************************************************************
若出現錯誤:
無法加載 DLL「SQLite.Interop.DLL」: 找不到指定的模塊。 (異常來自 HRESULT:0x8007007E)。






********************************************************************************
若 deploy 程式碼失敗,出現錯誤

2020/1/21 下午 03:22:17
System.AggregateException: 發生一或多項錯誤。 ---> System.Exception: 建置失敗。如需詳細資料,請查看 [輸出] 視窗。
   --- 內部例外狀況堆疊追蹤的結尾 ---
   於 System.Threading.Tasks.Task.ThrowIfExceptional(Boolean includeTaskCanceledExceptions)
   於 System.Threading.Tasks.Task.Wait(Int32 millisecondsTimeout, CancellationToken cancellationToken)
   於 Microsoft.WebTools.Publish.PublishService.VsWebProjectPublish.<>c__DisplayClass43_0.<PublishAsync>b__3()
   於 System.Threading.Tasks.Task`1.InnerInvoke()
   於 System.Threading.Tasks.Task.Execute()
--- 先前擲回例外狀況之位置中的堆疊追蹤結尾 ---
   於 System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
   於 System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
   於 Microsoft.Publish.Framework.ViewModel.ProfileSelectorViewModel.<RunPublishTaskAsync>d__213.MoveNext()
---> (內部例外狀況 #0) System.Exception: 建置失敗。如需詳細資料,請查看 [輸出] 視窗。<---

System.Exception: 建置失敗。如需詳細資料,請查看 [輸出] 視窗。

===================

若要砍掉 SQLite.Interop.dll 失敗

可先停用「World Wide Web Publishing 服務」,就可以砍掉。


********************************************************************************
問題:機碼組不存在

解決:因為 IIS 沒有憑證存取權限,給它權限。














********************************************************************************

(完)

相關

mimekit - 在MimeKit上,簽名和加密
http://hant.ask.helplib.com/mimekit/post_4274560

MailKit Documentation - Creating messages
http://www.mimekit.net/docs/html/Creating-Messages.htm
有簡單寄信範例 (但沒有加簽)

MailKit Documentation - Digitally Signing Messages using S/MIME
http://www.mimekit.net/docs/html/Working-With-SMime.htm#Sign

.NET Framework 中過時的類型
https://docs.microsoft.com/zh-tw/dotnet/framework/whats-new/obsolete-types
System.Web.Mail.SmtpMail 過時,建議的替代做法是 System.Net.Mail.SmtpClient。

System.Net.Mail.SmtpClient
https://docs.microsoft.com/zh-tw/dotnet/api/system.net.mail.smtpclient?view=netframework-4.8
System.Net.Mail.SmtpClient 淘汰,建議改用 https://github.com/jstedfast/MailKit 和 https://github.com/jstedfast/MimeKit

GitHub - jstedfast/MailKit: A cross-platform .NET library for IMAP, POP3, and SMTP.
https://github.com/jstedfast/MailKit

GitHub - jstedfast/MimeKit: A .NET MIME creation and parser library with support for S/MIME, PGP, DKIM, TNEF and Unix mbox spools.
https://github.com/jstedfast/MimeKit

[研究][C#][ASP.NET] 加簽寄信 (使用 System.Net.Mail.MailMessage)
https://shaurong.blogspot.com/2019/10/caspnet-systemnetmailmailmessage.html

[研究][C#]加密加簽寄信(使用Cpi.Net.SecureMail)(一)
http://shaurong.blogspot.com/2017/02/ccpinetsecuremail.html

[研究][C#]加密加簽寄信(使用Cpi.Net.SecureMail)(二)
http://shaurong.blogspot.com/2017/02/ccpinetsecuremail_13.html

[研究][C#][ASP.NET] IIS SMTP 寄信失敗,拒絕存取路徑
https://shaurong.blogspot.com/2019/10/caspnet-iis-smtp.html

[研究] [ASP.NET] [C#] [WebForm] 寄信問題
http://shaurong.blogspot.com/2017/06/aspnet-c-webform.html

An S/MIME Library for Sending Signed and Encrypted E-mail
Pete Everett, 15 Jul 2010
https://www.codeproject.com/Articles/41727/An-S-MIME-Library-for-Sending-Signed-and-Encrypted

ASP.NET寄發加密加簽信件
https://www.nccst.nat.gov.tw/ArticlesDetail?lang=zh&seq=1160

Cpi.Net.SecureMail
https://www.codeproject.com/script/Content/ViewAssociatedFile.aspx?rzp=%2FKB%2Fsecurity%2FCPI_NET_SecureMail%2F%2FCpi.Net.SecureMail_src.zip&zep=Cpi.Net.SecureMail_src%2FCpi.Net.SecureMail%2FSecureMailMessage.cs&obid=41727&obtid=2&ovid=5

如何透過 .NET 送出一個包含 S/MIME 簽章的郵件
2009/06/06 21:20
https://blog.miniasp.com/post/2009/06/06/How-to-send-s-mime-email-using-net


沒有留言:

張貼留言