Following this question and the answers I got, I've decided to follow the route of client certificates. However, I actually need to enforce security only on certain requests, and Microsoft's documentation confirms that this can't be expected of plain SSL authentication.
Here's what I need:
Is there a way to request client certificates from clients, but to also
You may set the client certificate to accept in SSL Settings of IIS
Accept will take a certificate if it's presented, but will also continue with connections where the client doesn't present one.
You may use the current authentication and authorization to check if the user is mapped to the current request to proceed with private API
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.