I'm using Microsoft HTTP Client Libraries from NuGet and I'm basically trying to allow TLS authentication in HttpClient using X509Certificate2 certificates.
I have tried creating the client like this:
WebRequestHandler certHandler = new WebRequestHandler () {
ClientCertificateOptions = ClientCertificateOption.Manual,
UseDefaultCredentials = false
};
certHandler.ClientCertificates.Add (this.ClientCertificate);
HttpClient client = new HttpClient (certHandler);
However certHandler.ClientCertificates
is failing because this getter is not implemented in Mono, so I get a NotImplementedException from that. (I'm not sure why that's still a TODO.)
So far I'm out of luck. Any ideas how can I simply set a client certificate on HttpClient in Mono environment?
It looks as if it's simply a matter of being able to pass the client certificate collection to the HttpWebRequest in CreateWebRequest, so since inheriting won't work, I just copy/pasted the class from mono and added the implementation.
// Copyright (c) 2013 Xamarin Inc. (http://www.xamarin.com)
//
// Permission is hereby granted, free of charge, to any person obtaining a copy
// of this software and associated documentation files (the "Software"), to deal
// in the Software without restriction, including without limitation the rights
// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
// copies of the Software, and to permit persons to whom the Software is
// furnished to do so, subject to the following conditions:
//
// The above copyright notice and this permission notice shall be included in
// all copies or substantial portions of the Software.
//
// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
// THE SOFTWARE.
using System;
using System.Net.Cache;
using System.Net.Security;
using System.Security.Principal;
using System.Security.Cryptography.X509Certificates;
namespace System.Net.Http
{
public class WebRequestHandlerWithClientcertificates : HttpClientHandler
{
bool allowPipelining;
RequestCachePolicy cachePolicy;
AuthenticationLevel authenticationLevel;
TimeSpan continueTimeout;
TokenImpersonationLevel impersonationLevel;
int maxResponseHeadersLength;
int readWriteTimeout;
RemoteCertificateValidationCallback serverCertificateValidationCallback;
bool unsafeAuthenticatedConnectionSharing;
private X509CertificateCollection clientCertificates;
public WebRequestHandler ()
{
allowPipelining = true;
authenticationLevel = AuthenticationLevel.MutualAuthRequested;
cachePolicy = System.Net.WebRequest.DefaultCachePolicy;
continueTimeout = TimeSpan.FromMilliseconds (350);
impersonationLevel = TokenImpersonationLevel.Delegation;
maxResponseHeadersLength = HttpWebRequest.DefaultMaximumResponseHeadersLength;
readWriteTimeout = 300000;
serverCertificateValidationCallback = null;
unsafeAuthenticatedConnectionSharing = false;
}
public bool AllowPipelining {
get { return allowPipelining; }
set {
EnsureModifiability ();
allowPipelining = value;
}
}
public RequestCachePolicy CachePolicy {
get { return cachePolicy; }
set {
EnsureModifiability ();
cachePolicy = value;
}
}
public AuthenticationLevel AuthenticationLevel {
get { return authenticationLevel; }
set {
EnsureModifiability ();
authenticationLevel = value;
}
}
public X509CertificateCollection ClientCertificates {
get {
if (clientCertificates==null) {
clientCertificates = new X509CertificateCollection();
}
return clientCertificates;
}
set {
if (value==null) {
throw new ArgumentNullException("value");
}
EnsureModifiability ();
clientCertificates = value;
}
}
[MonoTODO]
public TimeSpan ContinueTimeout {
get { return continueTimeout; }
set {
EnsureModifiability ();
continueTimeout = value;
}
}
public TokenImpersonationLevel ImpersonationLevel {
get { return impersonationLevel; }
set {
EnsureModifiability ();
impersonationLevel = value;
}
}
public int MaxResponseHeadersLength {
get { return maxResponseHeadersLength; }
set {
EnsureModifiability ();
maxResponseHeadersLength = value;
}
}
public int ReadWriteTimeout {
get { return readWriteTimeout; }
set {
EnsureModifiability ();
readWriteTimeout = value;
}
}
[MonoTODO]
public RemoteCertificateValidationCallback ServerCertificateValidationCallback {
get { return serverCertificateValidationCallback; }
set {
EnsureModifiability ();
serverCertificateValidationCallback = value;
}
}
public bool UnsafeAuthenticatedConnectionSharing {
get { return unsafeAuthenticatedConnectionSharing; }
set {
EnsureModifiability ();
unsafeAuthenticatedConnectionSharing = value;
}
}
internal override HttpWebRequest CreateWebRequest (HttpRequestMessage request)
{
HttpWebRequest wr = base.CreateWebRequest (request);
wr.Pipelined = allowPipelining;
wr.AuthenticationLevel = authenticationLevel;
wr.CachePolicy = cachePolicy;
wr.ImpersonationLevel = impersonationLevel;
wr.MaximumResponseHeadersLength = maxResponseHeadersLength;
wr.ReadWriteTimeout = readWriteTimeout;
wr.UnsafeAuthenticatedConnectionSharing = unsafeAuthenticatedConnectionSharing;
// here : maybe wr.ClientCertificates = ClientCertificates if the line below throws an error in your tests
wr.ClientCertificates.Add(ClientCertificates);
return wr;
}
}
}
now in your code use a WebRequestHandlerWithClientCertificates instead of a WebRequestHandler