SSL Certificate authentication in ASP.NET Core

Have you ever wondered, even though you added a certificate to HttpClient while accessing data from the Api service, why you are getting unAuthorized access or your Api is not working as expected?
Answer to the above question is that the certificate exchange is done at the start of the HTTPS conversation, it's done by the server before the first request is received on that connection. So the right place to add a certificate to HttpClient is the Program.cs or StartUp.cs file.

Microsoft.AspNetCore.Authentication.Certificate contains an implementation similar to Certificate Authentication for ASP.NET Core. Certificate authentication happens at the TLS level, long before it ever gets to ASP.NET Core. More accurately, this is an authentication handler that validates the certificate and then gives you an event where you can resolve that certificate to a ClaimsPrincipal.

Implement an HttpClient using a certificate and IHttpClientFactory

In the following example, a client certificate is added to a HttpClientHandler using the ClientCertificates property from the handler. This handler can then be used in a named instance of an HttpClient using the ConfigurePrimaryHttpMessageHandler method. This is setup in Program.cs:

var clientCertificate =

    new X509Certificate2(

      Path.Combine(_environment.ContentRootPath, "mysample_cert.pfx"), "12345678");

 

builder.Services.AddHttpClient("namedClient", c =>

{

}).ConfigurePrimaryHttpMessageHandler(() =>

{

    var handler = new HttpClientHandler();

    handler.ClientCertificates.Add(clientCertificate);

    return handler;

});

 

The IHttpClientFactory can then be used to get the named instance with the handler and the certificate. The CreateClient method with the name of the client defined in Program.cs is used to get the instance. The HTTP request can be sent using the client as required:

 

public class SampleHttpService

{

    private readonly IHttpClientFactory _httpClientFactory;

 

    public SampleHttpService(IHttpClientFactory httpClientFactory)

        => _httpClientFactory = httpClientFactory;

 

    public async Task<JsonDocument> GetAsync()

    {

        var httpClient = _httpClientFactory.CreateClient("namedClient");

        var httpResponseMessage = await httpClient.GetAsync("https://sample.com");

 

        if (httpResponseMessage.IsSuccessStatusCode)

        {

            return JsonDocument.Parse(

                await httpResponseMessage.Content.ReadAsStringAsync());

        }

 

        throw new ApplicationException($"Status code: {httpResponseMessage.StatusCode}");

    }

}

 

If the correct certificate is sent to the server, the data is returned. If no certificate or the wrong certificate is sent, an HTTP 403 status code is returned.

Comments

Post a Comment

Popular posts from this blog

Belekeri, Karwar Beach Photos

Image
Belekeri Beach : Situated 8 kms away from Ankola is an old port of Belekin with the long stretches of unexplored beaches. Situated at the bay of the river Belekin. The place has two temples of Jenubeera and Ishwara and also an old inscription dating back to the 15th century. Belekeri Port was a good port during the time of British, and managenese ore was being exported from here. The beautiful beach here attracts many tourists
Read more

Micro-front end, future of frontend architecture.

Before moving into Micro frontend lets understand the evolution of software architecture. Software usually contains 3 layers. frontend, backend and storage (DB). Front end will be in the form of a user interface, And the backend will normally have your main business logic. Storage is where the data is stored.   Earlier we used to have a monolithic application where your front and backend used to be bundled in one application. They used to reside in a single code repository. This entire application used to be maintained by 1 large team. For changing anything in the application you need to test the entire application because even a small change can break any part of the application that is unrelated to the change. Industry soon realized the need to split the front end and back-end part of the code. This enabled a specialized team for frontend and backend.  Later backend services started using Microservices to decouple the code and improve scaling. Microservices architect...
Read more

Handle errors in ASP.NET Core web APIs

Image
Handle errors in ASP.NET Core web APIs Exception handling is one of the critical areas in modern web application development. If exceptions are not handled properly, the whole app can be terminated, causing severe issues for users and developers. Try-catch blocks are widely used in apps to handle exceptions. They are the most basic way of handling exceptions. ​ The above example is a typical case where we use try-catch block to handle the exception. The try-catch block method is ideal for novice developers, and it is something that every developer should be aware of. However, this technique has a disadvantage when working with massive projects with complex architectures. In such cases we have to use Exception Handling Middleware to handle the exceptions. Exception handler In Program.cs, call UseExceptionHandler to add the Exception Handling Middleware: ​ Configure a controller action to respond to the /error route: ​ Add [ApiExplorerSettings] attribute and set its IgnoreApi property t...
Read more