Certificate missing when Azure API Manager calls Azure APP Service

1
votes

When I call my API from API Management (APIM) I do not see the certificate in the RequestContext or the header.

I have the following settings:

My App uses a Service Plan on Pricing Tier: Basic: 1 Small

I am on the Developer Program Benefit subscription

Which I believe means I have access to use Certificates

I uploaded the certificate to: Azure | APIM Instence | Publisher Portal | Security | Client Certificates

For the site

"clientCertEnabled": true,

For the API scope 

<inbound>
    <base />
    <authentication-certificate thumbprint="58D06D6E3265F6AE841527ABDF721F260871B6A5" />
</inbound>

APIM exposes the HTTPS URI of the API

I use this code in my AuthorizeAttribute class to read the certificate from the Request:

protected override bool IsAuthorized(HttpActionContext actionContext)
{
    var cert = actionContext.RequestContext.ClientCertificate;

And I use this in a controller Action:

X509Certificate2 clientCertInRequest = RequestContext.ClientCertificate;

I believe that all of this was working earlier in the week but as I am trying Azure out I wrote down what I did, destroyed my setup and started from scratch to test my understanding.

Now I'm stuck.

What have I missed out/done wrong?

1
azure-api-appsazure-api-management
Are you using a https ServiceURL?Darrel Miller
Ah, that was it. I ticked HTTPS for Web API URL scheme so I expected the Web service URL to have detected that and changed. It doesn't. I guess it's a bug.Richard210363
We allow the front end to be HTTPS and the backend to be HTTP, or vise versa. I've made the same mistake before though. Perhaps we can identify if you upload a certificate that you need to be using a HTTPS backend.Darrel Miller
I added an answer just so we can keep track of which questions have been addressed and which haven't :-)Darrel Miller
Ah, I didn't get that the 2 settings referred to different URLsRichard210363

1 Answers

2
votes

The backend Service URL also needs to be an HTTPS URL.