question

SannithKumar-1753 avatar image
0 Votes"
SannithKumar-1753 asked SnehaAgrawal-MSFT commented

Mutula Certificate Auth issue

Hi Team,

Front end is an Angular application hosted on Azure App service. Backend is a .net application hosted on another app service and its configured with a SSL (a private certificate). If we enable the 'Incoming Client Certificates' option as 'Require' in the configuration settings.

Now it requires the client certificate on every request made from the angular side to the backend. Not sure how to pass the client certificate on every request for making the mutual authentication with certificates.

Is there any way to configure the app service with the addition of the certificates in the request on every outgoing requests? If no, please suggest how to achieve the mutual authentication.

Thanks.

azure-webapps-ssl-certificatesazure-webapps-securityazure-webapps-apisazure-webapps-authentication
· 2
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Just Checking in to see if you have chance to see below response.

1 Vote 1 ·

Just checking in to see if the below answers helped. If this answers your query, do click “Accept Answer” and Up-Vote for the same. And, if you have any further query do let us know.


Please accept an answer if correct. Original posters help the community find answers faster by identifying the correct answer.

0 Votes 0 ·

1 Answer

SnehaAgrawal-MSFT avatar image
0 Votes"
SnehaAgrawal-MSFT answered SnehaAgrawal-MSFT commented

Thanks for asking question! When you enable mutual auth for your application, all paths under the root of your app require a client certificate for access. To remove this requirement for certain paths, define exclusion paths as part of your application configuration.

Exclude paths from requiring authentication

Also, You want to know in App Service, TLS termination of the request happens at the frontend load balancer. When forwarding the request to your app code with client certificates enabled, App Service injects an X-ARR-ClientCert request header with the client certificate. App Service does not do anything with this client certificate other than forwarding it to your app and your app code is responsible for validating the client certificate.

Please refer to this document for Configuring TLS mutual authentication for Azure App Service might be helpful:

https://docs.microsoft.com/en-us/azure/app-service/app-service-web-configure-tls-mutual-auth

Let us know incase issue persists.



· 2
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

How certificate can be included in the request headers from the angular(frontend) app service to the backed end app service requests using the portal?

0 Votes 0 ·

Thanks for reply! So, to elaborate on Angular. If I have something that is in my client browser is initiating the call to the backend, the code running in the browser has to attach the certificate to the request. The server is only serving the angular application to the client. And the request flow is:

Client -> Server -> Server returns angular app to client -> Angular app running in client browser then makes api call to backend api server

So, Since the Angular is client side application so the client would have to send the certificate.

Let us know if issue remains.

0 Votes 0 ·