Function App - 'Microsoft.Web/sites' should have client certificate authentication enabled

[Kaloszer]

https://stackoverflow.com/questions/64309694/how-to-decode-x-arr-clientcert-header-using-python?noredirect=1#comment113737180_64309694

Currently there is no support for client certificate - App Service will supply certificate but there's no code in place to validate that it is valid. This kicks in KICS analysis warning saying that:

Website with Client Certificate Auth Disabled, Severity: HIGH

Obviously said certificate can be enabled but it won't do anything at the moment.

It would be nice to add certificate validation for this reason.

[cudeso]

Indeed. This would be a good improvement. I put it on the roadmap for future inclusion.