When I call my API from API Management (APIM) I do not see the certificate in the RequestContext or the header.
I have the following settings:
My App uses a Service Plan on Pricing Tier: Basic: 1 Small
I am on the Developer Program Benefit subscription
Which I believe means I have access to use Certificates
I uploaded the certificate to: Azure | APIM Instence | Publisher Portal | Security | Client Certificates
For the site
"clientCertEnabled": true,
For the API scope
<inbound>
<base />
<authentication-certificate thumbprint="58D06D6E3265F6AE841527ABDF721F260871B6A5" />
</inbound>
APIM exposes the HTTPS URI of the API
I use this code in my AuthorizeAttribute class to read the certificate from the Request:
protected override bool IsAuthorized(HttpActionContext actionContext)
{
var cert = actionContext.RequestContext.ClientCertificate;
And I use this in a controller Action:
X509Certificate2 clientCertInRequest = RequestContext.ClientCertificate;
I believe that all of this was working earlier in the week but as I am trying Azure out I wrote down what I did, destroyed my setup and started from scratch to test my understanding.
Now I'm stuck.
What have I missed out/done wrong?
The backend Service URL also needs to be an HTTPS URL.