Using client certificate in c# web application on Azure IIS

Question

I have a c# web API that uses a client certificate in order to connect to a third party identification provider (BankID https://www.bankid.com/en/).

When running in Visual Studio the connection handshake works fine. But then I deploy it to IIS running on a Virtual Machine on Azure, and for some reason now it doesn't work as expected, and instead I get an Exception:

"The request was aborted: Could not create SSL/TLS secure channel."

I've installed Visual Studio on the VM, and verified that it works; and I've installed IIS on ly local machine and verified that it works. So it seems to be a combination if IIS on Azure VM:s.

At first I thought it could be that the client certificate was'nt picked up from the certificate store. But I added handling of "no certificate found", and this doesn't trigger.

I've also tried the alternative of picking up the certificate from file. But this doesn't work either.

Would appreciate some help!

score 1 · Answer 1 · answered Oct 05 '17 at 08:56

I managed to figure out what the problem was. The IIS user (IIS_IUSRS) didn't have the permission to use the private key. So it wasn't actually related to Azure.

For anyone running into the same issue, look at the detailed answer here: https://stackoverflow.com/a/2647003/8721876.

score 0 · Answer 2 · answered Oct 04 '17 at 19:26

0

Try putting this in your constructor:

ServicePointManager.Expect100Continue = true;
ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls11;

answered Oct 04 '17 at 19:26

Kyle

5,407
6
32
47

Using client certificate in c# web application on Azure IIS

2 Answers2