I tried to validate cert manually on WEB API. Issue is all time, GetClientCertificate
just returns null.
var certRequest= actionContext.Request.GetClientCertificate();
certRequest == null ? "Certificate not found" : $"Certificate found";
IIS web site is like, https://testapi.web.com cert file that attached on SSL is appear as DNS=*.web.com . there is another cert file its on cert store and but, not mapped along with HTTPS binding. that DNS =cl-testapi.web.com
I tried to supply both the cert file from client call and each time, GetClientCertificate
file received as null.
client side code:
var handler = new HttpClientHandler()
{
SslProtocols = SslProtocols.Tls12 | SslProtocols.Tls11 | SslProtocols.Tls | SslProtocols.Ssl3 | SslProtocols.Ssl2
};
handler.ClientCertificates.Add(new X509Certificate2(@"c:\testcert.cer"));
var client = new HttpClient(handler);
var data = new StringContent([xmlcontent], Encoding.UTF8, "application/xml");
var result = client.PostAsync("https://testapi.web.com", data).GetAwaiter().GetResult();
var resultString = result.Content.ReadAsStringAsync().GetAwaiter().GetResult();
Can any one suggest what is wrong on this.
verified, IIS has, "accept" as SSL setting. Also, both the cert files are valid and neighter is able to pick on server api while using 'GetClientCert'.
/////////// Tried with cert file to search on client cert store and attach,
var handler = new HttpClientHandler()
{
SslProtocols = SslProtocols.Tls12 | SslProtocols.Tls11 | SslProtocols.Tls | SslProtocols.Ssl3 | SslProtocols.Ssl2
};
X509Store store = new X509Store(StoreName.My, StoreLocation.CurrentUser);
store.Open(OpenFlags.ReadOnly);
var certCollection = store.Certificates.Find(X509FindType.FindByThumbprint, "thumbprintGUID COPIED FROM CLIENT CERT", false);
handler.ClientCertificates.Add(certCollection[0]);
var client = new HttpClient(handler);
//notes, certCollection[0].HasPrivateKey
is false
here.
Update: Now requesting using, PFX file and password. I can see, Private key exists is true. certCollection[0].HasPrivateKey
is true
here. But, GetClientCert is not received.
You can try to correct the permissions on the c:\\ProgramData\\Microsoft\\Crypto\\RSA\\MachineKeys folder to solve the 10013 error.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.