I have a WebApi controller action that I decorated with my attribute [x509Authorize]. I am debugging this endpoint locally - and at the same time, I am launching a console application that is trying to invoke this endpoint.
Client side
Here the client code is a bit simplified:
X509Certificate Cert = X509Certificate.CreateFromCertFile("C:\\Temp\\ht-android-client.pfx");
HttpWebRequest Request = (HttpWebRequest)WebRequest.Create("https://localhost:44300/api/mobile/predict");
Request.ClientCertificates.Add(Cert);
HttpWebResponse Response = (HttpWebResponse)Request.GetResponse();
....
I claimed to Certbe the correct certificate. I installed it .pfxin my store CurrentUser\Personaland in the store LocalMachine\Personal- and changed it to get a certificate from this store, as suggested here , but that doesn't seem to matter:
var store = new X509Store(StoreName.My, StoreLocation.LocalMachine);
store.Open(OpenFlags.OpenExistingOnly | OpenFlags.ReadOnly);
var Cert = store.Certificates.Find(X509FindType.FindBySubjectName, "Android", true)[0];
Server side
And I'm listening to the WebAPI endpoint, as with the following code:
public class x509AuthorizeAttribute : AuthorizeAttribute
{
public override Task OnAuthorizationAsync(HttpActionContext actionContext, CancellationToken cancellationToken)
{
var cert = actionContext.Request.GetClientCertificate();
- , . , .GetClientCertificate() null. ? SO 1 2 .
, LocalMachine\Trusted root CA. Android CA. pkcs12. , , ( , currentUser) ( , ROOT CA).
- clientAuth:
