11

I have an ASP.Net core website deployed on Azure app service for Linux.

In the controller, I am trying to get the client certificate like below:

var callerCertificate = Request.HttpContext.Connection.ClientCertificate;

I always get callerCertificate as null. I have tried await Request.HttpContext.Connection.GetClientCertificateAsync() with same result null.

My website webhost creation looks like below:

WebHost.CreateDefaultBuilder(args) .UseKestrel() .UseStartup<Startup>() .UseSerilog();

I have also set SSL setting for the website (in Azure) as below:

enter image description here

The client side caller is a net462 project that uses Microsoft.Rest.CertificateCredentials to set the certificate to HTTP request.

var cred = new CertificateCredentials(_deviceCertificate) ... await this.cred.ProcessHttpRequestAsync(_httpRequest, cancellationToken).ConfigureAwait(false);
Improve this question
5
  • I solved via exchanging certificate file. Look description here: https://stackoverflow.com/questions/54833178/client-certificate-is-always-null/55279563#55279563 Commented Jul 11, 2019 at 20:05
  • @Tany are you able to solve this problem? Commented Mar 9, 2020 at 13:34
  • @AjayYadav Yeah. Look at my answer below. Commented Mar 11, 2020 at 0:35
  • Yes, I referred that but still getting the certificate is null. Commented Mar 12, 2020 at 5:00
  • .net 5 works with: webBuilder.ConfigureKestrel(o => { o.ConfigureHttpsDefaults(o => o.ClientCertificateMode = ClientCertificateMode.AllowCertificate); }); Commented Apr 12, 2022 at 11:28

2 Answers 2

Reset to default
4

You could try to add the certificate using HttpClient directly instead of using Microsoft.Rest.CertificateCredential.

var clientHandler = new HttpClientHandler(); clientHandler.ClientCertificateOptions = ClientCertificateOption.Manual; clientHandler.ClientCertificates.Add(_deviceCertificate); var client = new HttpClient(clientHandler); var result = client.GetAsync("https://yourservice").GetAwaiter().GetResult();

You may also need to configure the SSL protocol (SSL2, SSL3, TLS, etc.):

clientHandler.SslProtocols = SslProtocols.Tls;
Improve this answer
Sign up to request clarification or add additional context in comments.

3 Comments

The aim of what I need to achieve is to keep the client side same and migrate the existing asp.net webapi website to a asp.net core website. Requiring the client to change would be a big breaking change, which I am trying to avoid. Nevertheless, I am going to try what you suggested and see if it works.
Yeah, at least it may give you more info about the underlying problem. Let me know how it goes...
It did not help. Controller is still not getting the certificate. :(
4

Answering my own question: I am able to get the client certificate from header

string clientCertFromHeader = Request.Headers["X-ARR-ClientCert"];

Though, it is still a mystery as to why Request.HttpContext.Connection.ClientCertificate is not giving the certificate.

Improve this answer

Comments

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.