Click here to Skip to main content
15,897,273 members
Search within:


Validate the Client certificate in web api
Please Sign up or sign in to vote.
0.00/5 (No votes)
See more:
C#
WebAPI
Hi,
I need to implement the message signing certificate security in my web api. Request will be coming from external application where they will be sending the certificate details uisng X509Certificate2 in httprequest. Now how can i read the certificate which has come in request and validate against the certificate which i have in my server.

OR is my understanding about message signing certificate security is worng. Please reply as soon as possible
Posted
Add a Solution
Comments
Nathan Minier 22-Dec-15 10:45am    
Have a look at:
https://msdn.microsoft.com/en-us/library/system.security.cryptography.x509certificates.x509certificate2.verify(v=vs.110).aspx

There's a link to drill down if you need to in the Remarks section.

Edit: The cert will only be compared to your server's cert store if your server is the CA.
Mithun P 23-Dec-15 0:54am    
Hi i have problem to validate the cert when i get request. i am not able get the cert details from request
Nathan Minier 23-Dec-15 7:28am    
Have you tried recovering it from Request.ClientCertificate.Certificate ?

Edit: As a correction to my previous comment, if you have a .cer (public key) file on hand you can use it for validation, if you are not able to extract the certificate from the request.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

  Print Answers RSS
Top Experts
Last 24hrsThis month
Related Questions
Certificate validation using poco C++
X509 certificate, want to retrieve certificate from client personal store
how to authenticate by client certificate , using web api ?
X509 Client certificate
Verify client and server certificate in Microsoft schannel api
Client Certificates in WinHTTP
How to implement web service (asmx) from winforms app using client certificate validation
Web API not responding suddenly
API gateway error - calling [asyncpostprocess()] is not valid for a request with async state [ERROR]
Modelstate stays valid even if the required attributes are empty in the .NET framework web API 4.7.2

Advertise
Privacy
Cookies
Terms of Use
Last Updated 22 Dec 2015
Layout: fixed | fluid
Copyright © CodeProject, 1999-2024
All Rights Reserved.

Web04 2.8:2024-04-02:1

CodeProject, 20 Bay Street, 11th Floor Toronto, Ontario, Canada M5J 2N8 +1 (416) 849-8900