I have problems with configuring my asp.net web api service to authenticate requests by client certificates
I do the steps describing in Pro ASP.NET Web Api Security:
- I create certificates using makecert.exe
makecert.exe -r -n "CN=MobileTradeDataGateway" -pe -sv MobileTradeDataGateway.pvk -a sha256 -cy authority MobileTradeDataGateway.cer
andmakecert.exe -iv MobileTradeDataGateway.pvk -ic MobileTradeDataGateway.cer -n "CN=DataGateway1" -pe -sv DataGateway1.pvk -a sha256 -sky exchange DataGateway1.cer -eku 1.3.6.1.5.5.7.3.2
- I install MobileTradeDataGateway certificate in server Trusted Root Certification Authorities and in client too. Install DataGateway1 in client personal authority.
- Configure site to accept certificates and enable. Enable anonymous authentication.
- Create DelegatingHandler and add it to messagehandlers collection in mvc to check certificates.
Call web api method
var certStore = new X509Store(StoreLocation.CurrentUser); certStore.Open(OpenFlags.ReadOnly); var collection = certStore.Certificates.Find(X509FindType.FindByIssuerName, "MobileTradeDataGateway", true); var cert = collection[0]; certStore.Close(); var messageHandler = new WebRequestHandler(); messageHandler.ClientCertificates.Add(cert); var client = new HttpClient(messageHandler) { BaseAddress = new Uri("...") }; var res = client.GetAsync("/api/orderuploader?number=5").Result;
.
Everything works fine in my local machine and network where my machine is server.
But when I deploy it to azure cloud service I get null
var cert = request.GetClientCertificate(); // here is null
in my custom delegating handler
Off course I enable IIS to accept certificates and correctelly put certificates in Trusted Root Certification Authorities
Any ideas?