0

I have created custom middleware to parse every request to Web Api

Here is my Invoke method in a middleware class

    public async Task Invoke(HttpContext context)
    {
       if (!context.Request.Headers.Keys.Contains("X-ARR-ClientCert"))
        {
            context.Response.StatusCode = 400; //Bad Request                
            await context.Response.WriteAsync("Certificate header is missing");
            return;
        }         

        await _next.Invoke(context);
    }

Here is my client code

        string certFile = Console.ReadLine();//certificate path
        string certPassword = Console.ReadLine();//password
        string url = "xxxxxxxxxxxxxxx"; //service end point

        HttpWebRequest req = (HttpWebRequest)WebRequest.Create(url);
        req.ClientCertificates.Add(GetCertFromFile(certFile,certPassword));
        HttpWebResponse resp = (HttpWebResponse)req.GetResponse();
        using (var readStream = new StreamReader(resp.GetResponseStream()))
        {
            Console.WriteLine(readStream.ReadToEnd());
        }

But, below line returns false, because it do not contain X-ARR-ClientCert

     context.Request.Headers.Keys.Contains("X-ARR-ClientCert")

Where I can parse certificates in request ? specially locally in visual studio?

Questions: Certificate header defaults to X-ARR-ClientCert in Azure Web Apps. But when I use locally in visual studio what header does it use?

kudlatiger
  • 3,028
  • 8
  • 48
  • 98
  • 1
    usually done by a middleware package - why are you doing this yourself? – jazb Dec 13 '18 at 07:25
  • because I want to parse certificate and check if it's valid or expired. kind of custom validation. Also please provide detail on middleware package which does the same thing to me – kudlatiger Dec 13 '18 at 07:27
  • What web server are you running under? IIS makes the client certificate available to applications using the header `X-ARR-ClientCert`. Kestrel instead lets middleware see the certificate as `HttpContext.Connection.ClientCertificate`. – gnud Dec 13 '18 at 08:11
  • check this https://stackoverflow.com/questions/35582396/how-to-use-a-client-certificate-to-authenticate-and-authorize-in-a-web-api – Hitesh Anshani Dec 13 '18 at 08:28
  • @gnud I am locally running both client and server in a visual studio. I am not using IIS. But once tested well, I will move web API to Azure cloud. – kudlatiger Dec 13 '18 at 08:38
  • 1
    The development server in IIS does not, afaik, support SSL, and therefore it does not support client certificates. If you use IIS locally, you can have the header populated like Azure does. See https://blogs.msdn.microsoft.com/benjaminperkins/2014/06/02/configure-application-request-routing-arr-with-client-certificates/ – gnud Dec 13 '18 at 10:38
  • But I am using IIS Express of visual studio. Is there any other ways? – kudlatiger Dec 13 '18 at 10:40
  • @gnud If you mean IIS Express by `development server` then I can say with 100% certainty that SSL is supported since I use it daily. However I've never been able to trick IIS Express into accepting a client certificate. – No Refunds No Returns Dec 13 '18 at 20:01
  • what is the trick steps which make IIS Express into accepting a client certificate – kudlatiger Dec 14 '18 at 01:45

0 Answers0