I have a certificate installed under Personal as well as Trusted Root Certification Authorities
Have tried using this bit of code to post to an endpoint:
public void Post()
{
try
{
var clientCert = LoadFromStore("MyThumbprint");
var requestHandler = new WebRequestHandler();
requestHandler.ClientCertificates.Add(clientCert);
var client = new HttpClient(requestHandler)
{
BaseAddress = new Uri("https://localhost:44430/")
};
var response = client.GetAsync("api/test").Result;
response.EnsureSuccessStatusCode();
string responseContent = response.Content.ReadAsStringAsync().Result;
Console.WriteLine(responseContent);
}
catch (Exception ex)
{
Console.WriteLine("Exception while executing the test code: {0}", ex.Message);
}
}
Upon inspection the .ClientCertificate property is always null.
[Route("api/[controller]")]
public class TestController : Controller
{
[HttpGet]
public ActionResult<IEnumerable<string>> Get()
{
var clientCertInRequest = Request.HttpContext.Connection.ClientCertificate;
if (clientCertInRequest != null) return Ok();
return BadRequest("No certificate found");
}
}
Wondering if anyone has come across this issue before or know a way around posting a certificate to webapi endpoint and be able to retrieve and validate?
Many thanks
.Net 6:
builder.WebHost.ConfigureKestrel(kestrel =>
{
kestrel.ConfigureHttpsDefaults(https => https.ClientCertificateMode = ClientCertificateMode.AllowCertificate);
});
Older Versions:
return Host.CreateDefaultBuilder(args)
.ConfigureWebHostDefaults(webBuilder =>
{
webBuilder.UseStartup<Startup>();
webBuilder.ConfigureKestrel(o =>
{
o.ConfigureHttpsDefaults(o =>
o.ClientCertificateMode =
ClientCertificateMode.AllowCertificate);
});
});
You must know, that on server-side in response certificate is depends on certificate type / certificate content. I had same issue, when I pushed self-signed certificate (generated locally in IIS): on server in request certificate was always null. But when I pushed normal (public) certificate , with chain hierarchy - I was surprised cause I received certificate!!
So I recommend to generate public certificate for the first time at free Certificate authorized centers, such as https://www.sslforfree.com/
Also I recommend you to look at MS source mode of System.Security.Cryptography.X509Certificates.x509certificate2 and other classes!
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.