We are developing an ASP.NET 5 project and one of the requirements is that user authentication is done through client certificates via browser, but I can't make this work.
Using web.config
and IIS the certificate is requested properly with this configuration:
<system.webServer>
<security>
<access sslFlags="Ssl, SslNegotiateCert" />
<authentication>
<iisClientCertificateMappingAuthentication enabled="true" />
</authentication>
</security>
</system.webServer>
But the client certificate does not arrive to the web application, as I understand it should be in context.Connection.ClientCertificate
property, where context
is the current HttpContext
.
I suspect that httpPlatformHandler
that tunnels IIS to Kestrel is ignoring https and this may be implemented in the future.
I have made some tests with an OWIN site (not DNX) and a custom AuthenticationHandler
that gets the X509 client certificate and works properly under IIS.
It looks like there has been some work done on this and a pull request and merge was done implementing this. So... hopefully we'll see it in a updated release of Kestrel.
See here: https://github.com/aspnet/KestrelHttpServer/pull/385
As I can read in the Change to IIS hosting model announcement:
- The HttpPlatformHandler currently does not forward client certs (this will be a future enhancement)
So, it seems that is not possible right now and httpPlaformHandler
must be fixed.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.