Reputation: 33
Client certificate is always null
I have a certificate installed under Personal as well as Trusted Root Certification Authorities
Have tried using this bit of code to post to an endpoint:
public void Post()
{
try
{
var clientCert = LoadFromStore("MyThumbprint");
var requestHandler = new WebRequestHandler();
requestHandler.ClientCertificates.Add(clientCert);
var client = new HttpClient(requestHandler)
{
BaseAddress = new Uri("https://localhost:44430/")
};
var response = client.GetAsync("api/test").Result;
response.EnsureSuccessStatusCode();
string responseContent = response.Content.ReadAsStringAsync().Result;
Console.WriteLine(responseContent);
}
catch (Exception ex)
{
Console.WriteLine("Exception while executing the test code: {0}", ex.Message);
}
}
Upon inspection the .ClientCertificate property is always null.
[Route("api/[controller]")]
public class TestController : Controller
{
[HttpGet]
public ActionResult<IEnumerable<string>> Get()
{
var clientCertInRequest = Request.HttpContext.Connection.ClientCertificate;
if (clientCertInRequest != null) return Ok();
return BadRequest("No certificate found");
}
}
Wondering if anyone has come across this issue before or know a way around posting a certificate to webapi endpoint and be able to retrieve and validate?
Many thanks
Upvotes: 2
Views: 5180
Answers (3)
Reputation: 4194
- Make sure you use real IIS and not express and Disable TLS 1.3.
- Configure IIS so that it accepts certificates
- Configure mapped certificates in config or active directory
- Try the request in the browser and see if a certificate selection dialog pops up
- if not diagnose based on HTTP Error sub status code
- if so run your code again
Upvotes: 1
Reputation: 403
.Net 6:
builder.WebHost.ConfigureKestrel(kestrel =>
{
kestrel.ConfigureHttpsDefaults(https => https.ClientCertificateMode = ClientCertificateMode.AllowCertificate);
});
Older Versions:
return Host.CreateDefaultBuilder(args)
.ConfigureWebHostDefaults(webBuilder =>
{
webBuilder.UseStartup<Startup>();
webBuilder.ConfigureKestrel(o =>
{
o.ConfigureHttpsDefaults(o =>
o.ClientCertificateMode =
ClientCertificateMode.AllowCertificate);
});
});
Upvotes: 2
Reputation: 1
You must know, that on server-side in response certificate is depends on certificate type / certificate content. I had same issue, when I pushed self-signed certificate (generated locally in IIS): on server in request certificate was always null. But when I pushed normal (public) certificate, with chain hierarchy - I was surprised cause I received certificate!!
So I recommend to generate public certificate for the first time at free Certificate authorized centers, such as https://www.sslforfree.com/
Also I recommend you to look at MS source mode of System.Security.Cryptography.X509Certificates.x509certificate2 and other classes!
Upvotes: 0
Related Questions
- .Net Core Web API with Client Certificate Authentication
- Client certificate with HttpClient in c#
- Getting client certificate
- Consume web API with client certificate authentication in C#
- Client certificate not included by HttpClientHandler in .net core
- WebApi HttpClient not sending client certificate
- HttpRequestMessage.GetClientCertificate() returns null in Web API
- ASP.NET Request.ClientCertificate returning empty on IIS 7
- Client Certificate is always null on server side
- HttpRequestMessage.GetClientCertificate is null when certificate is being set on client