Get Help:Ask a Question in our Forums|Report a Bug|More Help Resources
Last post Jan 02, 2013 07:56 AM by sean.esq
Dec 30, 2012 08:04 PM|LINK
I have a Web API service (4.5) and I am hoping to use certificate authentication between my client and service.
I have a (.net 3.5 console app) client that calls the Web API service. This has the following code:
//cert is generated from CA
var Cert = X509Certificate2.CreateFromCertFile(@"C:\Certs\MyCert.cer");
var request = WebRequest.Create("http://localhost:51319/api/Customer/1") as HttpWebRequest;
string response = new
On the web API side
I am hosting the Web API in IIS 7.5 I have added an Https binding and set IIS to accept certificates and Anon Access.
The Web API service then uses a Delegating Handler that looks for and validates certificate in the request:
protected override Task<HttpResponseMessage> SendAsync(HttpRequestMessage request, CancellationToken cancellationToken)
//IsPresent is always false and there is no certificate present
But the problem is My certificate is not present in the request when I arrive on the service side.
Where is it going?!
Thanks for your help.
Dec 30, 2012 08:09 PM|LINK
.cer files usually just contain the public key. .pfx files contain the pub and private keys.
Dec 30, 2012 08:58 PM|LINK
Thanks for replying.
I have just updated my client to
var Cert = new X509Certificate2(File.ReadAllBytes(@"C:\Certs\MyCert.pfx"), "myPassword");
but unfortunately I still cant see a certificate in the request, on the server side?
Dec 31, 2012 10:08 AM|LINK
You should use Request.GetClientCertificate().
also - did you configure the app in IIS to accept or require client certs?
Jan 02, 2013 07:56 AM|LINK
thanks thats working now. didnt set the ssl certificate setting, and didnt have the private key.