I have a Razor Pages app with the certificate authorization and an API service for it with the same authorization. These applications running under Nginx reverse proxy. Nginx also has certificate verification.
I need to redirect Client Certificate from application to an API through HttpClient. Can I redirect that way?
Here's the code I tried
private async Task<HttpClient> GetClient()
{
var handler = new HttpClientHandler();
var cert = await GetCertificate();
handler.SslProtocols = SslProtocols.Tls12 | SslProtocols.Tls11 | SslProtocols.Tls;
handler.ClientCertificateOptions = ClientCertificateOption.Manual;
handler.CheckCertificateRevocationList = false;
handler.ServerCertificateCustomValidationCallback = delegate { return true; };
handler.ClientCertificates.Add(cert);
var client = new HttpClient(handler);
return client;
}
private async Task<X509Certificate2> GetCertificate()
{
return await _httpContext.HttpContext.Connection.GetClientCertificateAsync();
}
But the nginx response that certificate's not provided
<head><title>400 No required SSL certificate was sent</title></head>
<body>
<center><h1>400 Bad Request</h1></center>
<center>No required SSL certificate was sent</center>
<hr><center>nginx</center>
</body>
I've also tried without proxy but then API doesn't see certificate.
If I add cert to the header manually it works, with forwarding service.
与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
