question

JindrichPastorek-6620 avatar image
0 Votes"
JindrichPastorek-6620 asked azure-cxp-api edited

Azure Web App SSL authentication with client certificate - how to diagnose

Hello

I want to use mutual authentication with client certificate. But when I switch "Client certificate mode" to Required in Azure Web App configuration, then no requests are reached into my Asp.net core web app.

Is there a way to diagnose why underlying host (IIS?) canceled the request? I tried to enable "Failed request tracing" and "Detailed error messages" but there is nothing.

Thanks in advance for any help.

Best Regards, Jindrich Pastorek

azure-webapps-ssl-certificatesazure-webapps-security
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

1 Answer

Grmacjon-MSFT avatar image
0 Votes"
Grmacjon-MSFT answered

Hi @jindrichPastorek-6620,


Apologies for the delay in response. How are you reading the certificate on your web app?

Based on this Azure doc: "TLS termination of the request happens at the frontend load balancer. When forwarding the request to your app code with client certificates enabled, App Service injects an X-ARR-ClientCert request header with the client certificate. App Service does not do anything with this client certificate other than forwarding it to your app. Your app code is responsible for validating the client certificate.

For ASP.NET, the client certificate is available through the HttpRequest.ClientCertificate property." You can try using this ASP. NET sample .



Also, keep in mind If you require client certificates and POST or PUT a large amount of data, your request may fail. This has been an issue that has existed with IIS for at least 10 years (this now applies to Azure App Services on the Windows platform as well since it uses IIS).

To solve this issue, you simply need to utilize one of these two techniques:

-Establish the connection first with a HEAD request
-Set the Expect: 100-continue header for the request

Please refer to this document for more information.


Hope that helps. Please let us know if you have further questions.

Thanks,

Grace



5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.