Request.HttpContext.Connection.ClientCertificate 始终为 null

Question

I have an ASP.Net core website deployed on Azure app service for Linux.

In the controller, I am trying to get the client certificate like below:

var callerCertificate = Request.HttpContext.Connection.ClientCertificate;

I always get callerCertificate as null . I have tried await Request.HttpContext.Connection.GetClientCertificateAsync() with same result null .

My website webhost creation looks like below:

WebHost.CreateDefaultBuilder(args)
                .UseKestrel()
                .UseStartup<Startup>()
                .UseSerilog();

I have also set SSL setting for the website (in Azure) as below:

The client side caller is a net462 project that uses Microsoft.Rest.CertificateCredentials to set the certificate to HTTP request.

var cred = new CertificateCredentials(_deviceCertificate)
...
await this.cred.ProcessHttpRequestAsync(_httpRequest, cancellationToken).ConfigureAwait(false);

Answer 1

You could try to add the certificate using HttpClient directly instead of using Microsoft.Rest.CertificateCredential .

var clientHandler = new HttpClientHandler();
clientHandler.ClientCertificateOptions = ClientCertificateOption.Manual;
clientHandler.ClientCertificates.Add(_deviceCertificate);

var client = new HttpClient(clientHandler);
var result = client.GetAsync("https://yourservice").GetAwaiter().GetResult();

You may also need to configure the SSL protocol (SSL2, SSL3, TLS, etc.):

clientHandler.SslProtocols = SslProtocols.Tls;

Answer 2

Answering my own question: I am able to get the client certificate from header

string clientCertFromHeader = Request.Headers["X-ARR-ClientCert"];

Though, it is still a mystery as to why Request.HttpContext.Connection.ClientCertificate is not giving the certificate.