I have service hosted on IIS that uses SignalR to establish a persistent connection with a client.
I am attempting to implement client certificate authentication so that the server can verify that the client is a valid client based on the certificate they send. I am using Signalr's PersistentConnection.
Client: I create a Connection object, and i create a X.509 certificate which i add to the connection through:
var connection = new Connection("localhost:8060/TheService/connect");
connection.AddClientCertificate(certificate);
connection.Start().Wait();
When the client attempts to connect, I want to verify that the certificate that it provides is a valid certificate. So on the server side I override the AuthorizeRequest() method in SignalR's PersistentConnection:
public class MyConnection : PersistentConnection
{
protected override Task OnReceived(IRequest request, string connectionId, string data)
{
return Connection.Broadcast("Server Received: " + data);
}
protected override bool AuthorizeRequest(IRequest request)
{
INameValueCollection headers = request.Headers;
foreach (KeyValuePair<string, string> entry in headers)
{
Console.WriteLine("Key: {0}, Value: {1}", entry.Key, entry.Value);
Console.WriteLine("");
}
return true;
}
}
My question is: how do I retrieve the client certificate in the AuthorizeRequest method? I need SignalR to somehow gain access to the certificate so that I can verify it AuthorizeRequest and then either return false (bad cert), or return true (valid cert).
Thanks!
