Certificate missing when Azure API Manager calls Azure APP Service

650 views Asked by At

When I call my API from API Management (APIM) I do not see the certificate in the RequestContext or the header.


I have the following settings:

My App uses a Service Plan on Pricing Tier: Basic: 1 Small

I am on the Developer Program Benefit subscription

Which I believe means I have access to use Certificates


I uploaded the certificate to: Azure | APIM Instence | Publisher Portal | Security | Client Certificates

For the site

"clientCertEnabled": true,  

For the API scope

<inbound>
    <base />
    <authentication-certificate thumbprint="58D06D6E3265F6AE841527ABDF721F260871B6A5" />
</inbound>

APIM exposes the HTTPS URI of the API


I use this code in my AuthorizeAttribute class to read the certificate from the Request:

protected override bool IsAuthorized(HttpActionContext actionContext)
{
    var cert = actionContext.RequestContext.ClientCertificate;

And I use this in a controller Action:

X509Certificate2 clientCertInRequest = RequestContext.ClientCertificate;

I believe that all of this was working earlier in the week but as I am trying Azure out I wrote down what I did, destroyed my setup and started from scratch to test my understanding.

Now I'm stuck.

What have I missed out/done wrong?

1

There are 1 answers

0
Darrel Miller On BEST ANSWER

The backend Service URL also needs to be an HTTPS URL.