Getting HttpClientCertificate in ASP.NET MVC app

Question

I've seen Common Access Cards (CAC) being read into a program before but I am now modifying a ASP.NET MVC application to use CAC authentication to sign into the app , which I have not done before. There seem to be no straight forward explanations for this issue out there, at least not for someone beginning like myself. My goal is to have the app request the client cert upon opening. Currently I have code to request the cert in a Startup class in the App_Start dir:

        HttpClientCertificate cert = Request.ClientCertificate;
        cacid = Request.ClientCertificate["SubjectCN"].ToString();

When the app runs I get an empty cert back and cacid (string) comes back as an empty string. I have a cac reader which shows up properly in my managed devices and a card to use. I am so new to this that I may not even know what questions to ask but I'll give it a shot:

Does my site need to be set up in IIS Manager some how? I have Anonymous Auth enabled

Do I need ActivClient or Active Directory to implement or test this? What have I not considered that I need to test that this works properly?

"Currently I have code to request the cert in a Startup class in the App_Start dir" doesn't sound right. You can only access `.Request` in your MVC controller when there is actually a request coming. Also on IIS you need to ask for client certificates, https://learn.microsoft.com/en-us/iis/configuration/system.webserver/security/access — Lex Li, Jun 25 '20 at 21:25

score 0 · Answer 1 · answered Jun 26 '20 at 03:23

We need to configure how to authenticate the client with a certificate, either ManyToOne client certificate mapping or OneToOne client certificate mapping in IISClientCertificateMappingAuthentication so that the server-side requires a client to provide a certificate when accessing the website. For the IIS server works with Active directory certificate authentication installed, we chose the ClientCertificateMappingAuthentication to configure that.
Client Authentication via X509 Certificates in asp.net
See these links for how to configure ManyToOne, OneToOne client certificate mapping.
https://support.microsoft.com/en-hk/help/2026113/configuring-many-to-one-client-certificate-mappings-for-internet-infor
https://learn.microsoft.com/en-us/iis/manage/configuring-security/configuring-one-to-one-client-certificate-mappings
After we disabled other authentication modes in the IIS authentication module and enabled IISClientcertificateMapping.

the below code will get the client certificate information when a client provides a client certificate,

HttpClientCertificate cert = Request.ClientCertificate;
            if (cert.IsPresent)
                TextBox1.Text = "Hello "+cert.Get("SUBJECTCN");
            else
                TextBox1.Text = "No certificate was found.";

Feel free to let me know if there is anything I can help with.

score 0 · Answer 2 · answered Aug 23 '21 at 19:03

I have a simple solution. Navigate to your site's SSL Settings in IIS , and check the "Require SSL' Requirecheckbox and under Client Certificate, click on 'Require' Require. Restart your application and you should be able to get your CAC authentication showing up.

Getting HttpClientCertificate in ASP.NET MVC app

2 Answers2