Not getting certificate in HandleAuthenticateAsync

[ravikumarsureshbabu]

Hello, I am using the middleware for client certificate authentication.

I dont see the certificate sent from the client in Context.Connection.ClientCertificate.
I have configured IIS to allow certificate, configured ClientCertificateMode to allow certificate and alos configured IISOptions to forward certificate. Still I dont see the certificate sent by the client.

Any suggestions please ?

[xavierjohn]

You may have to configure it to Require Certificate instead of Allow on IIS.

[ravikumarsureshbabu]

I tried that too. It throws 403.

[xavierjohn]

Sorry, I have not tried it with IIS. I have only used it on Azure Web Site.

[alecrespo]

I managed to make this work on IIS, however there are some steps that need to be taken: 1.- Add this on the web.config `

</system.webServer>` 2.- In IIS Feature Delegation change the SSL Settings to Read/Write 3.- In the Site SSL Settings check Require SSL and select Accept Client Certificate 4.- If the client certificate is selfsigned (testing) you might need to disable Client Certificate Revocation (CRL) Check, as IIS will intercept the call and throw 403 in this case. You can verify if this feature is enabled on your IIS by the following command

netsh http show sslcert

Hope this helps out

[OscarCR88]

How about securing a stateless API inside a SF cluster? Looks like the cert header is not being sent, and as the service runs inside the cluster I don't know how not to run it as IIS Express. Any help please?

[xavierjohn]

How about securing a stateless API inside a SF cluster? Looks like the cert header is not being sent, and as the service runs inside the cluster I don't know how not to run it as IIS Express. Any help please?

I don't think this has anything to do with Service Fabric. Sounds like one of two possible things: 1) The connection isn't HTTPS, which is required. 2) The client isn't sending a certificate.