We are getting 403 in core webapi using certificate pfx

Question

1.00/5 (2 votes)

See more:

we are getting 403 in core webapi using certificate pfx

we have hosted dotnet core api in iis. we are using certificate authentication
in post method. we are getting 403 in postman.

What I have tried:

<pre>we are getting 403 in core webapi using certificate pfx

we have hosted dotnet core api in iis. we are using certificate authentication
in post method. we are getting 403 in postman.

Posted 25-May-23 22:43pm

Member 15418280

Add a Solution

Comments

Richard Deeming 26-May-23 4:45am

There's a secret error somewhere in your secret code. You need to fix that.

Seriously, nobody can help you solve a problem you can't clearly describe, in code we can't see, running on a system we can't access.

Member 15418280 26-May-23 5:14am

this is our controller

[Route("api/[controller]")]
[ApiController]
public class TestController : ControllerBase
{
[Authorize]
[HttpPost]
public string Post() => "The action works fine only with a certificate";
}

public void ConfigureServices(IServiceCollection services)
{
services.AddControllers();
services.AddTransient<certificatevalidation>();
services.AddAuthentication(CertificateAuthenticationDefaults.AuthenticationScheme).AddCertificate(options => {
options.AllowedCertificateTypes = CertificateTypes.SelfSigned;
options.Events = new CertificateAuthenticationEvents
{
OnCertificateValidated = context => {
var validationService = context.HttpContext.RequestServices.GetService<certificatevalidation>();
if (validationService.ValidateCertificate(context.ClientCertificate))
{
context.Success();
}
else
{
context.Fail("Invalid certificate");
}
return Task.CompletedTask;
},
OnAuthenticationFailed = context => {
context.Fail("Invalid certificate");
return Task.CompletedTask;
}
};
});
services.AddSwaggerGen(c =>
{
c.SwaggerDoc("v1", new OpenApiInfo { Title = "WebApiCertificateAuth", Version = "v1" });
});
}

using System;
using System.Collections.Generic;
using System.Linq;
using System.Security.Cryptography.X509Certificates;
using System.Threading.Tasks;

namespace WebApiCertificateAuth
{
public class CertificateValidation
{
public bool ValidateCertificate(X509Certificate2 clientCertificate)
{
string[] allowedThumbprints = { "310084D83EC974AEE7FC0B0D5175E11CA5E8DE6D" };
if (allowedThumbprints.Contains(clientCertificate.Thumbprint))
{
return true;
}
return false;
}
}
}

Jean Ferre 26-May-23 14:35pm

I suggest you check everything is configured correctly on server and in certificate, and that the certificate is valid. If this is ok and error still remain you could try to split your pfx file into .crt and .key files, and use those in postman instead of the .pfx file.

Add your solution here

Treat my content as plain text, not as HTML

Preview 0

…

Existing Members

Sign in to your account

...or Join us

Download, Vote, Comment, Publish.

Your Email
Password
Forgot your password?

Your Email
This email is in use. Do you need your password?
Optional Password

I have read and agree to the Terms of Service and Privacy Policy
Please subscribe me to the CodeProject newsletters

When answering a question please:

Read the question carefully.
Understand that English isn't everyone's first language so be lenient of bad spelling and grammar.
If a question is poorly phrased then either ask for clarification, ignore it, or edit the question and fix the problem. Insults are not welcome.
Don't tell someone to read the manual. Chances are they have and don't get it. Provide an answer or move on to the next question.

Let's work to help developers, not make them feel stupid.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)