Aspnetcore.docs: Missing cert generation, discussion of validation etc.
The original doc was pretty much a "You know you need certificate auth, so you know what you're doing". This now needs more fleshing out, including how to generate client certificates for testing (powershell or openssl instructions), how to accept self signed certs, along which how to create an http request with a cert and suggestions around validation (e.g. "thumbprint" for service to service auth).
Damian would also like to know why it's require in IIS and not "Accept"
Document Details
⚠Do not edit this section. It is required for docs.microsoft.com ➟ GitHub issue linking.
- ID: 35b7960d-6de5-78ee-bc45-d7218239bbc8
- Version Independent ID: d2db534b-198a-dc99-5b5a-0525582d39ac
- Content: Configure certificate authentication in ASP.NET Core
- Content Source: aspnetcore/security/authentication/certauth.md
- Product: aspnet-core
- Technology: aspnetcore-security
- GitHub Login: @blowdart
- Microsoft Alias: barry.dorrans
blowdart
All 10 comments
I created 2 blogs about this, maybe you could add parts of them to the docs
Certificate Authentication in ASP.NET Core 3.0 (Self Signed)
https://damienbod.com/2019/06/13/certificate-authentication-in-asp-net-core-3-0/
Using Chained Certificates for Certificate Authentication in ASP.NET Core 3.0
damienbod
on 27 Jun 2019
@blowdart can we use some of @damienbod blog?
@damienbod if @blowdart approves, we'd want you to at minimum copy/paste the relevant content into this doc and create a PR. You could copy pure HTML if you like, I can fix it. It's better if you sign the CLA - rather than implying permission in an issue.
Rick-Anderson
on 27 Jun 2019
@blowdart what do you think about @Rick-Anderson 's suggestion above?
mkArtakMSFT
on 5 Sep 2019
Yes, but the ARR stuff is very azure specific. If you're not hosting in azure it's not needed, so that needs to be in a section on its own.
blowdart
on 5 Sep 2019
created an initial PR for this
https://github.com/aspnet/AspNetCore.Docs/pull/14176
@blowdart I needed the ARR stuff without azure as well.
@blowdart @Rick-Anderson @mkArtakMSFT
Let me know what I should change, remove fix, add
Greetings Damien
damienbod
on 6 Sep 2019
Created another blog about using certificate authentication with the HttpClient / IHttpClientFactory, maybe some of this could be added as well, or to a different page.
damienbod
on 7 Sep 2019
@blowdart Is there anything left to do here, or did Damien's PR address everything?
scottaddie
on 8 Nov 2019
Just https://github.com/aspnet/AspNetCore.Docs/issues/13005 which is a new issue.
blowdart
on 8 Nov 2019
@damienbod ... ~your PR at https://github.com/aspnet/AspNetCore.Docs/pull/14176 didn't auto-close this because it didn't say Fixes #{ISSUE NUMBER} ... did you mean for that PR to close this?~
Nevermind ... it's difficult to know right now if #15605 should be added here for this work (i.e., should this issue also cover adding cross-links to the new content?).
guardrex
on 8 Nov 2019
Some ideas which I think are missing and would be useful:
- Working sample with Client and Server apps (IIS Express and Kestrel)
- Docs about HttpClient and using certificates
- Troubleshooting certificate not working problems
- Certificate creation for MAC, Linux developers
- Links or docs about Certificates, types, and what properties are important for this use case
Greetings Damien
damienbod
on 10 Nov 2019
Related issues
madelson
·
3Comments
StevenTCramer
·
3Comments
danroth27
·
3Comments
Raghumu
·
3Comments
Rick-Anderson
·
3Comments
Most helpful comment
created an initial PR for this
https://github.com/aspnet/AspNetCore.Docs/pull/14176
@blowdart I needed the ARR stuff without azure as well.
@blowdart @Rick-Anderson @mkArtakMSFT
Let me know what I should change, remove fix, add
Greetings Damien