2

My team is developing a .NET web application that will run across several windows servers and we would like to use RavenDB for persistence. We have a requirement from our client that user access to the RavenDB admin page will require the user to present a valid client certificate to be authenticated. We plan to run RavenDB hosted on IIS and configure IIS to require a client certificate for access to the website which require all requests to RavenDB to use a valid client certificate.

Typically in .NET attaching a client certificate to an http request can be done with HttpClient simply by adding an X509Certificate to a WebRequestHandler and passing that to the HTTPClient constructor, and I can see that the Raven.Client DocumentSession code uses HttpClient in its code but I didn't see any way to use the Raven.Client APIto attach a client certificate to my request when creating and using a DocumentStore or DocumentSession to save data to RavenDB.

Are there any good ways to use RavenDB Client API code to send a client certificate to authenticate my request?

Community
  • 1
  • 1
Tyler
  • 81
  • 1
  • 3

1 Answers1

2

Yes, you can do that using the ConfigureRequest event, see: https://github.com/ayende/ravendb/blob/v3.5/Raven.Client.WinRT/Connection/HttpJsonRequestFactory.cs#L28

This is accessible from docuemntStore.JsonRequestFactory.ConfigureRequest

Ayende Rahien
  • 22,925
  • 1
  • 36
  • 41
  • I had got distracted by the fact that JsonRequesrFactory is get only that I didn't think about the fact that the objects within it could be modified. This looks like it could work, I'm going to give it a try. – Tyler May 13 '16 at 13:50
  • It appears that the DocumentStore's JsonRequestFactory is not the only place where http requests are made to the server. I'm getting a "Could not contract master for new replication information" error from DocumentConvention so I think I need to find a way to a send a client certificate with that request first. – Tyler May 16 '16 at 16:09
  • Are you doing this after the `Initialize` method was called on the document store? – Ayende Rahien May 16 '16 at 16:22
  • I've tried it both before the Initialize method and after the Initialize method and I get the replication information error message (along with an exception message that shows a 403 error page) in either case. – Tyler May 16 '16 at 16:27
  • I'm getting the "Could not contact master for new replication information" error after calling the Initialize function. I can see from the code for DocumentStore that the value for jsonRequestFactory is being set inside of the Initialize function (meaning that any changes I make to jsonRequestFactory prior to calling Initialize are being overwritten). If something in Initialize is using jsonRequestFactory, then jsonRequestFactory is getting set and used in the same routine meaning there's no correct step at which I can add to ConfigureRequest without writing a new IDocumentStore implementation – Tyler May 16 '16 at 21:38
  • `Could not contact master for new replication information` can happen if you don't have replication setup. That is fine and handled. – Ayende Rahien May 19 '16 at 06:48