Client certificate based authentication

Asked Mar 23 '18 at 05:51

Active Mar 23 '18 at 05:51

Viewed 400 times

Is there any way to authorize client based on certificate but access limited to specific controller or action in WEB API.

Suppose i have two controller having name A and B, and have two clients X and Y.

Where i want like this,

Client X can access only Controller A and Client Y can access only Controller B based on the certificate issued to them.

asked Mar 23 '18 at 05:51

Sunil Shrestha

https://stackoverflow.com/questions/35582396/how-to-use-a-client-certificate-to-authenticate-and-authorize-in-a-web-api Can you see this? – Mohammed Gadi Mar 23 '18 at 05:58
As per Ogglas answer, certificate is verifying based on the rootThumbprint and clientThumbprint value store in app settings what if client certificate is expired and renewed? Is It same after renewing? – Sunil Shrestha Mar 23 '18 at 06:18
No, a thumbprint is not the same after renewing (either with the same key or a different key) – bartonjs Mar 23 '18 at 06:22
so is there is any way to validate certificate without storing the thumbprint in web config? – Sunil Shrestha Mar 23 '18 at 06:26

0 Answers0