I am unable to get the HttpClient class to send a client certificate using .NET Core on Windows.
Here is the code I'm using:
X509Certificate2 certificate = new X509Certificate2(@"C:\Repos\selly\client1.pfx", "password");
HttpClientHandler handler = new HttpClientHandler();
handler.ClientCertificateOptions = ClientCertificateOption.Manual;
handler.ServerCertificateCustomValidationCallback = (a,b,c,d) => { return true; };
handler.ClientCertificates.Add(certificate);
HttpClient client = new HttpClient(handler);
var content = new StringContent("");
content.Headers.ContentType = new System.Net.Http.Headers.MediaTypeHeaderValue("application/json");
client.PostAsync("https://client2:5002/api/values", content).Wait();
The code works as expected on Linux (Ubuntu 16.04) (obviously with a change in the certificate path). It does not work on Windows.
Having looked at the exchange in Wireshark, the client does not send a certificate when working in Windows (10 v1703).
I used similar code using the .NET Framework (using "WebRequestHandler" instead of "HttpClientHandler"). It sends the client certificate correctly.
, . , Root CA ( , ), .
, , HttpClient .NET Core Windows.
TLS, .
Kestrel -. :
.UseKestrel(options =>
{
var sslOps = new HttpsConnectionFilterOptions();
sslOps.ClientCertificateMode = ClientCertificateMode.RequireCertificate;
sslOps.ClientCertificateValidation = CheckClientCertificateLogic.CheckClientCertificate;
sslOps.ServerCertificate = new X509Certificate2(@"C:\Repos\selly\client2.pfx", "password");
options.UseHttps(sslOps);
})
ClientCertificateValidation , Windows; , , ...
.NET Core? ?