c# - Use certificate when issuer is not is X509Store trusted roots for client authentication using Microsoft .NET framework -


while working on question, identified problem different stated, changing title , description

i'm trying authenticate myself against webservice using client certificate. using webrequest purpose. need use self-signed certificate, without registering in windows x509 trusted root store.

the way know if client certificate presented or not examining request object on server

i tried use code this question guidance. doesn't work on .net. here code:

            var certificate = new x509certificate2(properties.resources.mycert);             httpwebrequest req = (httpwebrequest)webrequest.create(host);             req.clientcertificates.add(certificate);             webresponse resp = req.getresponse();             var stream = resp.getresponsestream(); 

what observe though req.clientcertificates contain certificate valid private key, certificate never presented server. no indication webclient certificate not used during handshake.

if put certificate "trusted root", code work (even when certificate not in "personal").

my questions are:

  1. since certificate usable when it's placed in "trusted root", assume due policy or of kind. possible coerce .net ignore policy settings , use supplied client certificate during tls negotiation?

  2. if abovementioned coercion not possible, there call tell me ahead of time, certificate use not usable, , ignored? alternatively, if such call not available, make webclient fail indicating certificate error, instead of silently skipping over?

note: aware configuring certificates described microsoft work. not looking for. don't want register potentially insecure certificate in trusted root, because potentially security hazard. want use cert on client without registering in store, or @ least exception indicating certificate cannot used. realize there can multiple reasons why certificate cannot used session, there must exception, or @ least sort of indication on client side cannot use specified cert. instead, client doesn't present one.

when instantiate x509certificate2, privatekey property set? if null, missing private key, meaning ssl/tls client unable authenticate you.

make sure loading certificate pfx file (or similar) instead of cer. these contain private key, too. password protected purpose. see how retrieve certificates pfx file c#? more info.


Comments

Popular posts from this blog

php - regexp cyrillic filename not matches -

c# - OpenXML hanging while writing elements -

sql - Select Query has unexpected multiple records (MS Access) -