none
Override client certificate validation RRS feed

  • Question

  • The .net Framework allows override server certificate validation by using the ServicePointManager.ServerCertificateValidationCallback Property as documented here. It is even possible on a per request basis to specify a ServerCertificateValidationCallback.

    What doesn't seem to be possible is override client certificate validation. I can see that deep inside .Net there is support for overriding client validation using LocalCertSelectionCallback (see here) however none of the Http clients in the framework seem to allow setting this delegate. Is there any way to provide custom client certificate validation using WebRequest or HttpClient?

    Wednesday, July 13, 2016 7:20 AM

Answers

All replies

  • Hi jhodges,

    >> Is there any way to provide custom client certificate validation using WebRequest or HttpClient?

    As you have known, there is no delegate in WebRequest or HttpClient to provide custom client certificate. Could you share us why do you want to add custom client certificate validation at client? In my option, ServicePointManager.ServerCertificateValidationCallback is used for custom validation by the client of the server certificate. What you will do with client certificate validation?

    Best Regards,

    Edward


    We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time. Thanks for helping make community forums a great place.
    Click HERE to participate the survey.


    Saturday, July 16, 2016 6:23 AM
  • My application uses client certificate authentication to a 3rd party api. The 3rd party issues client certificates from a private CA. Normally I would just import the private CA root certificate into the trusted root store however I'd like to use Azure App Services which doesn't allow importing private root certificates.
    • Edited by jhodges8 Saturday, July 16, 2016 9:34 AM Spelling
    Saturday, July 16, 2016 9:33 AM
  • Hi jhodges8,

    >> however I'd like to use Azure App Services which doesn't allow importing private root certificates.

    As far as I known, there is no way to override client certificate validation by using WebRequest or HttpClient.

    If you have any issue about Azure App Services, I would suggest you go to forum below for help.

    Reference: https://social.msdn.microsoft.com/forums/azure/en-US/home?forum=windowsazurewebsitespreview

    Best Regards,

    Edward


    We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time. Thanks for helping make community forums a great place.
    Click HERE to participate the survey.


    Wednesday, July 20, 2016 11:42 AM
  • A working solution:

    https://github.com/boudinov/.NET-Custom-client-certificate-selection

    Monday, April 16, 2018 9:06 AM