Hi, Is there any way to identify that ssl connection requires client certificate?
Our case:
Client-server application, 2 clients (1st using WinnHttp, 2nd System.Net.WebClient ).
Server-side may work on IIS or Apache. For security needs we should support ssl with a client certificare, but non ssl connection should be supported as well.
So we are not able to preconfigure clients and should understand whether client certificate is required on run-time.
When we trying to establish connection with a help of System.Net.WebClient (client ceritificate required). System.Net.WebException with a status WebExceptionStatus. ProtocolError will be thrown. According to msdn (http://msdn.microsoft.com/en-us/library/system.net.webexceptionstatus.aspx) such exception may be thrown during
protocol level error like an 401 Access denied.
However in our case HTTP status is 403. This error is too general (Forbiden) and doesn’t provide us information that client certificate is required.
We need clarification if there is a way to neatly understand that connection requires client certificate.?
Additional:
In case Apache http server is used System.Net.WebClient will throw System.Net.WebException with a status WebExceptionStatus.SecureChannelFailure.
In case on client side WinHTTP is used for both Apache & IIS servers we will get appropriate error code ERROR_INTERNET_CLIENT_AUTH_CERT_NEEDED (12044).
