Last post Sep 05, 2014 05:59 PM by BrockAllen
Feb 27, 2014 12:00 AM|Uncle Lai|LINK
We know that client is able to add client certificate as below, so how can service end code (SignalR) check the cerificate.
static void Main(string args)
var connection = new HubConnection("http://www.contoso.com/");
In WebApi we can get the client certificate from HttpRequestMesssage, but how can we do it in SignalR?
public override void OnActionExecuting(HttpActionContext actionContext)
X509Certificate2 certificate = actionContext.Request.GetClientCertificate();
Feb 27, 2014 08:40 AM|BrockAllen|LINK
A .cer file does not contain the private key -- you need a .pfx instead and when you load it you will most likley need the password to access the contents of the .pfx.
Feb 27, 2014 09:41 PM|Uncle Lai|LINK
No, the question not related to import or export certicaction, it's all about Certificate Authentication
Feb 27, 2014 10:06 PM|BrockAllen|LINK
Right, but a client can't use a certificate to authenticate if they don't have the private key.
In any event, read up on client certificates on the IIS.net website (IIS docs).
Feb 28, 2014 09:27 AM|Uncle Lai|LINK
Thanks much for your answers, it make sense. In my case I use self-host, IIS may not be available, so how do i enable Peer-to-Peer trust?
Feb 28, 2014 09:34 AM|BrockAllen|LINK
If you're self-hosting then you're using HttpListener which is essentialy the same as IIS hosting.
Sep 05, 2014 04:02 PM|orand|LINK
There still doesn't appear to be an answer to the original question: how does the server authorize clients based on the client certificate that was added?
Given a client that uses a pfx cert file:
var connection = new HubConnection("http://localhost:54848/");
connection.AddClientCertificate(new X509Certificate("MyCert.pfx", "password"));
How does SignalR on the server either gain access to this cert or authorize the client for particular actions based on the client's authenticated identity?
Sep 05, 2014 05:59 PM|BrockAllen|LINK
In an OWIN host it would be something like this: