But people will stop using my website if I make them have to buy and install certificates.
And you can't be following your own advice because, for example, I can access microsoft.com without having to buy and install my own certificate.
This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
Why suddenly Azure marking one of my existing Web App as unsecure because "Web apps should request an SSL certificate for all incoming requests" ?
My web app is public means anyone can browse the site using https://mysite.com? Why the user should sent client certificate?
But people will stop using my website if I make them have to buy and install certificates.
And you can't be following your own advice because, for example, I can access microsoft.com without having to buy and install my own certificate.
Hello @Imran Qadir Baksh
You see Security recommendation "App Service web apps should have ‘Incoming client certificates’ enabled"
Client certificates allow for the app to request a certificate for incoming requests. Only clients that have a valid certificate will be able to reach the app.
The TLS mutual authentication technique in enterprise environments ensures the authenticity of clients to the server. If incoming client certificates are enabled, only an authenticated client who has valid certificates can access the app.
With TLS mutual authentication Azure App Service supports Secure Renegotiation and doesn’t entertain ReNego. If there are TLS clients, that are not compliant as per the RFC 5746 and depend on Re-Negotiation, then they cannot connect to Azure App Service.
Mutual authentication supports zero trust networking because it can protect communications against adversarial attacks, notably:
Mutual authentication also ensures information integrity because if the parties are verified to be the correct source, then the information received is reliable as well
https://en.wikipedia.org/wiki/Mutual_authentication
https://learn.microsoft.com/en-us/azure/app-service/app-service-web-configure-tls-mutual-auth#enable-client-certificates
https://kaushalp.github.io/2017/06/12/azure-app-service-understanding-tls-mutual-authentication-with-web-app/