Reputation: 1
ASP.NET Core TLS client certificate authentication only for a specific API location
Is it possible in ASP.NET Core (standalone) to activate authentication with client certificates only for a specific location (API or Page)? With IIS is it possible to define a configuration file for a folder.
<configuration>
<system.webServer>
<security>
<access sslFlags="Ssl,SslNegotiateCert,SslRequireCert" />
</security>
</system.webServer>
</configuration>
Can I configure the ASP.Net Core Kestrel server in a similar way?
Upvotes: 0
Views: 784
Answers (1)
Reputation: 2707
Steeltoe provides a client certificate auth library that is based on Microsoft's client certificate authentication but allows authorization policies to be applied per-endpoint.
It was built with some additional features specific to Cloud Foundry (including pre-built authorization policies based on data inside the certificate), but you can likely ignore those pieces or build your own policies. There are some sample apps in this repo that should help demonstrate how it works
Upvotes: 1
Related Questions
- .Net Core Web API with Client Certificate Authentication
- Use different Authorization for one specific endpoint, .net core
- How to configure IIS to define Client Certificate required on a specific endpoint when routing make endpoint path different from physical path
- Require SSL Client Certificate only for specific routes or controllers
- DotNet Core Api - Different Authentication for specific endpoints
- Consume web API with client certificate authentication in C#
- How to secure endpoints on api resource based on client in identityserver
- Selectively Accept Client Certificates in ASP.Net WebAPI
- Disable SSL client certificate on *some* WebAPI controllers?
- ASP.NET WebApi - How do I "allow", but not "require" client certificates?