Reputation: 6903
Working with SSL client certificates embedded in the Request Header
To get around the problem of an SSL-terminating load balancer (it doesn't forward client certs to the application servers), our ISP has configured our environment such that client certificates are forwarded within the HTTP headers to the real servers (as X-Client-Cert).
I will be authenticating clients with a PIN mapped to the serial number of the certificate they've been issued with. But how do I get at the certificate from the custom header?
Upvotes: 7
Views: 31333
Answers (1)
Reputation: 42650
I assume you know that you can get the certificate data using
String s = Request.Headers["X-Client-Cert"];
The question is now in which format the certificate is added to the header. I would assume that it is encoded in Base64.
byte[] certdata = Convert.FromBase64String(s);
Then you can create the certificate object from it:
X509Certificate cert = new X509Certificate(certdata);
Depending on if the load balancer checks the client certificate for validity (and if it has been singed by the correct root CA) or not you have to check the validity of the certificate yourself or not.
Afterwards you can just read the serial number via cert.GetSerialNumber();
Upvotes: 7
Related Questions
- How to setup IIS to verify a client certificate and pass it to the backend as an http header?
- read client certificate from httprequest C#
- IIS - SSL Settings with client certificate Accept
- Accessing client certificates from an HTTP Request
- Https client with authorization in C#
- Request client certificate through code
- Authenticate user via Client Signed SSL Certificate in ASP.NET application
- client certificate authentication in https using X509Certificate2
- client certificates in .NET
- receiving X509 client certificates in web requests