Reputation: 6021
401.2 error when trying to authenticate with a client certificate
I'm trying to authenticate to a website using client certificates from a .net application.
Using the same certificate I can access the site using chrome and IE. On the same machine I get the error status code 401.2.
This is the code I'm using:
X509Certificate2 cert2 = new X509Certificate2(x509Cert);
cert2.PrivateKey = algorithm;
if (cert2.Verify() && cert2.HasPrivateKey)
{
WebRequestHandler handler = new WebRequestHandler();
handler.ClientCertificates.Add(cert2);
HttpClient client = new HttpClient(handler);
string result = await client.GetStringAsync("https://localhost:8443/");
}
EDIT:
I have now tried extracting the same certificate that the browsers use from the certificate store, but I still get the same error, and I have switched to using the older WebClient, again I get the same error.
Any clues would be appreciated!
Thanks
Ross
Upvotes: 1
Views: 1209
Answers (1)
Reputation: 6021
The issue wasn't my code, it was an IIS config issue.
Browsers were working because they were also sending my windows credentials - my app wasn't doing this which is why it failed.
I had to enable mapping client certificates to AD: http://www.iis.net/configreference/system.webserver/security/authentication/clientcertificatemappingauthentication
Then I had to disable windows auth on the site. The application then works as expected.
Upvotes: 0
Related Questions
- HttpClient Certificate Errors
- Add client certificate to .NET Core HttpClient
- Client certificate with HttpClient in c#
- Client certificate not included by HttpClientHandler in .net core
- HttpClient with client certificate loaded from file
- Client certificate is invalid with using HttpClient
- HttpClient isn't using Client Certificate for Mutual TLS Auth
- HttpWebRequest with client certificate always getting the error "The request was aborted: Could not create SSL/TLS secure channel."
- Two way authentication with HTTPClient
- Certificate set on HttpClientHandler not accepted by Server