CODEWITHSUNDEEP
c#x509certificatecertificate-authorityapi-authcertificate-authentication
Pathrudu
Pathrudu

Reputation: 47

How to test the Certificate Authentication for APIs in Postman

I am new to Certificate Authentication of APIs. With the help of internet, I can able to build the code to accept the certificate as TLS handshake when API is invoked. Now I have uploaded my PEM file in the postman (Settings >> Certificates) and testing the API locally (localhost). My breakpoint is hitting but I don't find any certificate passed to APIs. How can I configure this certificate authentication for my APIs.

Sorry, if my question was confusing. I tried my best to put it in words.

ServiceCollection class

public static IServiceCollection AddCertificateAuthentication(this IServiceCollection services) {
    services.AddAuthentication(CertificateAuthenticationDefaults.AuthenticationScheme).AddCertificate(options = >{
        options.RevocationMode = X509RevocationMode.NoCheck;
        options.AllowedCertificateTypes = CertificateTypes.All;
        options.Events = new CertificateAuthenticationEvents {
            OnCertificateValidated = context = >{
                var cert = context.ClientCertificate;
                if (cert == null) {
                    return Task.FromResult(AuthenticateResult.Fail("No client certificate provided."));
                }

                // Extract Common Name (CN) from Subject
                var cn = cert.Subject.Split(',').FirstOrDefault(part = >part.Trim().StartsWith("CN=")) ? .Split('=')[1];

                if (string.IsNullOrEmpty(cn)) {
                    return Task.FromResult(AuthenticateResult.Fail("Invalid certificate: CN not found."));
                }

                var claims = new[] {
                    new Claim(ClaimTypes.Name, cn),
                };

                var identity = new ClaimsIdentity(claims, CertificateAuthenticationDefaults.AuthenticationScheme);
                var principal = new ClaimsPrincipal(identity);
                var ticket = new AuthenticationTicket(principal, CertificateAuthenticationDefaults.AuthenticationScheme);

                return Task.FromResult(AuthenticateResult.Success(ticket));
            }
        };
    });

    services.AddAuthorization(options = >{
        options.AddPolicy("RequireCertificate", policy = >{
            policy.AddAuthenticationSchemes(CertificateAuthenticationDefaults.AuthenticationScheme);
            //policy.RequireAuthenticatedUser();
            policy.RequireClaim(ClaimTypes.Role);
        });
    });
    return services;
}

Startup.cs

services.AddCertificateAuthentication();

Program.cs

public static IHostBuilder CreateHostBuilder(string[] args) = >Host.CreateDefaultBuilder(args).ConfigureWebHostDefaults(webBuilder = >{
    webBuilder.ConfigureKestrel(options = >{
        options.ConfigureHttpsDefaults(httpsOptions = >{
            httpsOptions.ClientCertificateMode = ClientCertificateMode.AllowCertificate;
        });
    });

    webBuilder.UseStartup < Startup > ();
}).UseLoggingFramework();
}

Postman enter image description here

enter image description here

Upvotes: 0

Views: 29

Answers (0)

Related Questions