receiving X509 client certificates in web requests

2019-07-16 02:14发布

问题:

I am trying to send an X509Certificate from an Http Handler to a web service that will receive and read the certificate to authenticate the user. I know the certificate is sending fine; I have a tester that lets me look at the HttpWebRequest before sending, and the ClientCertificates property shows that it has a certificate attached. (e.g. request.ClientCertificates.Count = 1).

However, on the other side on the web service, HttpRequest.ClientCertificate is consistently showing NULL. I have looked at a number of Microsoft KB examples and all of them are using the same technique for inserting the certificate. Other unrelated articles show that HttpRequest.ClientCertificate is the preferred way of reading it in.

So what am I doing wrong, and how can I determine on the server that a client certificate was sent?

回答1:

Perhaps configuring your HttpListener with clientcertnegotiation=enable with netsh would help (this makes the server negotiate the client-certificate during the initial handshake, as opposed to using re-negotiation).

It may also depend on whether you've initialised the certificate on the client side with its private key, see Can't connect to HTTPS using X509 client certificate