Closed rudeGit closed 6 years ago
If you want to force the user supply a certificate, you can change the following setting.
ClientCertificateMode = ClientCertificateMode.AllowCertificate,
to
ClientCertificateMode = ClientCertificateMode.RequireCertificate
Either way, if your configuration is correct, the request should not end up in your controller. In my demo, irrespective of the above setting, you will not be able to hit the controller method without the correct cert.
I would like to reject the request if a certificate is not supplied or an invalid one is supplied.
The code in its current form was not rejecting the request when certificate is supplied. So I modified it to following:
But the request still ends up in the controller. I also modified the Startup::ConfigureServices() method to set the options.DefaultForbidScheme property. I also tried to remove the IAuthenticationSchemeProvider implementation provided by MVC.
Not really sure what else to do here. How do I need to modify this code so that request is rejected when desired authentication fails?