Mutula Certificate Auth issue

Sannith Kumar 1 Reputation point
2021-01-07T03:20:57.22+00:00

Hi Team,

Front end is an Angular application hosted on Azure App service. Backend is a .net application hosted on another app service and its configured with a SSL (a private certificate). If we enable the 'Incoming Client Certificates' option as 'Require' in the configuration settings.

Now it requires the client certificate on every request made from the angular side to the backend. Not sure how to pass the client certificate on every request for making the mutual authentication with certificates.

Is there any way to configure the app service with the addition of the certificates in the request on every outgoing requests? If no, please suggest how to achieve the mutual authentication.

Thanks.

Azure App Service
Azure App Service
Azure App Service is a service used to create and deploy scalable, mission-critical web apps.
7,880 questions
{count} votes

1 answer

Sort by: Most helpful
  1. SnehaAgrawal-MSFT 21,686 Reputation points
    2021-01-07T10:12:16.333+00:00

    Thanks for asking question! When you enable mutual auth for your application, all paths under the root of your app require a client certificate for access. To remove this requirement for certain paths, define exclusion paths as part of your application configuration.

    Exclude paths from requiring authentication

    Also, You want to know in App Service, TLS termination of the request happens at the frontend load balancer. When forwarding the request to your app code with client certificates enabled, App Service injects an X-ARR-ClientCert request header with the client certificate. App Service does not do anything with this client certificate other than forwarding it to your app and your app code is responsible for validating the client certificate.

    Please refer to this document for Configuring TLS mutual authentication for Azure App Service might be helpful:

    https://learn.microsoft.com/en-us/azure/app-service/app-service-web-configure-tls-mutual-auth

    Let us know incase issue persists.


Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.