CODEWITHSUNDEEP
c#asp.net-corex509certificatedotnet-httpclientclient-certificates
Ernesto
Ernesto

Reputation: 31

ASP.NET Core Web API calling other Web API using Client Certificate getting 401

I have been trying to add a client certificate to the HttpClient in a .NET Core 1.1 WebAPI for the past 20 minutes and can not figure out what the issue is. When I debug the program and check to see if the certificate was attached with the handler, I am able to see the certificate. I still receive a 401 though. I know for certain that the certificate is properly installed on the other API as I am able to make calls using it from another program. The other program is using .NET Framework 4.5.2, but I doubt that would be the issue the code is almost identical. The only difference is I need to use HttpClientHandlerfor the .NET Core instead of WebRequestHandler.

.NET Core 1.1

string uri = "https://other-api-url.com/something";
try
{
    X509Certificate2 clientCert = GetClientCertificate();
    HttpClientHandler client = new HttpClientHandler();
    requestHandler.ClientCertificates.Add(clientCert);

    HttpClient client = new HttpClient(requestHandler)
    {
        BaseAddress = new Uri(uri)
    };

    HttpResponseMessage response = client.GetAsync("").Result;
    response.EnsureSuccessStatusCode();
    string responseContent = response.Content.ReadAsStringAsync().Result;
    return Ok(responseContent);
}
catch (Exception ex)
{
    return BadRequest(ex.Message + uri);
}

.NET Framework 4.5.2 Code:

string uri = "https://other-api-url.com/something";
try
{
    X509Certificate2 clientCert = GetClientCertificate();
    WebRequestHandler requestHandler = new WebRequestHandler();
    requestHandler.ClientCertificates.Add(clientCert);

    HttpClient client = new HttpClient(requestHandler)
    {
        BaseAddress = new Uri(uri)
    };

    HttpResponseMessage response = client.GetAsync("").Result;
    response.EnsureSuccessStatusCode();
    string responseContent = response.Content.ReadAsStringAsync().Result;
    return Ok(responseContent);
}
catch (Exception ex)
{
    return BadRequest(ex.Message + uri);
}

Upvotes: 1

Views: 1044

Answers (1)

Merhex
Merhex

Reputation: 25

It is an older post, but I had the same scenario using certificates.

Make sure the UseDefaultCredentials property on the HttpClientHandler is set to true. Because it is false by default.

See quote below from the HttpClientHandler class: https://learn.microsoft.com/en-us/dotnet/api/system.net.http.httpclienthandler.usedefaultcredentials?view=net-5.0#System_Net_Http_HttpClientHandler_UseDefaultCredentials

Set this property to true when requests made by the HttpClientHandler object should, if requested by the server, be authenticated using the credentials of the currently logged on user. For client applications, this is the desired behavior in most scenarios. For middle-tier applications, such as ASP.NET applications, instead of using this property, you would typically set the Credentials property to the credentials of the client on whose behalf the request is made.

Upvotes: 0

Related Questions