search

Azure / api-management-samples

MIT License
138 stars 137 forks source link

Client certificate authentication #21

Open AdamMachera opened 6 years ago

AdamMachera commented 6 years ago

Hi,

Don't know if it is right place to create APIM related bugs. But let me explain what I'm trying to check.

I have added inboud processing rule:

<when condition="@(context.Request.Certificate == null || context.Request.Certificate.Issuer != "CN=AdentsVrsCA")" >

                <return-response>
                    <set-status code="403" reason="Invalid client certificate" />
                </return-response>
            </when>
            <when condition="@(!context.Deployment.Certificates.Any(c => c.Value.Thumbprint == context.Request.Certificate.Thumbprint))">
                <return-response>
                    <set-status code="403" reason="Invalid client certificate 2" />
                </return-response>
            </when>
  1. When I first connected to API I got 403 Invalid client certificate 2 status code.
  2. Next I uploaded to "Client certificates" tab my cert (azure portal)
  3. I was able to get response from backend
  4. Next I removed previously uploaded certificate from "Client certificates" tab
  5. What is weird that I'm still able to get response from backend.
  6. If I try to connect to APIM using next certificate that was not yet uploaded to Client certificates tab I'm getting 403