locked
ClientCertificate property on HttpBaseProtocolFilter being cached, subsequent sets ignored?

    Question

  • We have a Windows Store app which communicates with our server using mutual authentication. Depending on the scenario (which of two users is logged in) we need to send one of two client certificates. We use the HttpBaseProtocolFilter class, retrieve the correct certificate from the cert store and set it on the filter via the ClientCertificate property. Users can switch in-app by logging in and out, so during one run of the app both certificates may be required at different times.

    This worked perfectly in Windows 8.1 until the recent preview of Update 2. Now the first time ClientCertificate is set that cert is correctly sent to the server, but if the user changes and we subsequently set the other cert on the filter, it gets ignored and the original cert is sent instead, resulting in a certificate mismatch. The ClientCertificate property is documented as follows:

    "Get or set the client SSL certificate that will be sent to the server if the server requests a client certificate."

    It seems like that property is getting ignored on subsequent sets now? I can see the correct cert being set on the filter used to create the HttpClient, but the wrong cert arrives at the server. The HttpBaseProtocolFilter and HttpClient objects are being newly created per request.

    Would anyone have any ideas on a fix or workaround? As it stands our app will break once the update is released. Code snippet of how we are using the filter and client below.

    Thank you

    Conor

                var certificateResult = await CertificateStores.FindAllAsync();
                var certificate = certificateResult.Where(w => w.Subject.Equals(isOwner ? "aCert" : "anotherCert")).FirstOrDefault();
    
                Windows.Web.Http.Filters.HttpBaseProtocolFilter filter = new Windows.Web.Http.Filters.HttpBaseProtocolFilter();
                filter.CacheControl.ReadBehavior = Windows.Web.Http.Filters.HttpCacheReadBehavior.Default; 
                filter.CacheControl.WriteBehavior = Windows.Web.Http.Filters.HttpCacheWriteBehavior.NoCache;
                filter.ClientCertificate = certificate;
    
                Windows.Web.Http.HttpClient client = new Windows.Web.Http.HttpClient(filter);
    
                IHttpContent requestContent = new HttpStringContent(requestSoap, Windows.Storage.Streams.UnicodeEncoding.Utf8, "text/xml");
                HttpResponseMessage response = await client.PostAsync(uri, requestContent);
    


    Thursday, July 17, 2014 9:44 AM

Answers

  • I recommend that you open a support case for this issue as we would want to track this issue closely if we're breaking something. If there's a bug, you won't be charged for the incident.

    Matt Small - Microsoft Escalation Engineer - Forum Moderator
    If my reply answers your question, please mark this post as answered.

    NOTE: If I ask for code, please provide something that I can drop directly into a project and run (including XAML), or an actual application project. I'm trying to help a lot of people, so I don't have time to figure out weird snippets with undefined objects and unknown namespaces.

    • Marked as answer by Kangshung Tuesday, July 22, 2014 2:52 PM
    Thursday, July 17, 2014 7:19 PM
    Moderator