Specifying criteria for client certificate authentication #28466
Replies: 1 comment 3 replies
-
|
What criteria did you have in mind? The only one I know of is the list of allowed cert issuers the server will accept. That feature isn't currently available for Kestrel, see dotnet/runtime#45456. That feature ask shows the existing IIS/Http.Sys for comparison. It's a bit complex, I don't know if app service would support it. |
Beta Was this translation helpful? Give feedback.
-
|
Thanks @Tratcher.
I think that would be enough for my scenario Thanks for the link, seems interesting. Unfortunately I don't think I can issue |
Beta Was this translation helpful? Give feedback.
-
|
No, but you can ask if they support the feature directly. |
Beta Was this translation helpful? Give feedback.
-
|
I asked on the MVP mailing list, and got this answer:
So, I guess that's it for Azure... |
Beta Was this translation helpful? Give feedback.
Uh oh!
There was an error while loading. Please reload this page.
Uh oh!
There was an error while loading. Please reload this page.
-
I need to setup client certificate authentication for a web app. I have a POC that works fine, except one thing: I can't figure out how to specify criteria for the client certificate (so that the browser only shows matching certificates when it prompts the user to pick one).
I know it's possible, because I've seen sites that did it, and the TLS RFC mention that the CertificateRequest can contain extensions "describing the parameters of the certificate being requested".
However, I can't find a way to do this with ASP.NET Core. I need to support this on IIS (for hosting in Azure App Service) and, if possible, on Kestrel (for local development).
Is it even possible?
Beta Was this translation helpful? Give feedback.
All reactions