I'm currently working with an API that uses client certificate authentication. And I have a simple block of code that works under Linux/Mono. When executing under Windows/.NET, I receive a 200, but the response content hints that I need a certificate to make this call.

    ServicePointManager.ServerCertificateValidationCallback = (sender, certificate, chain, sslPolicyErrors) => true;
    var x509 = new X509Certificate2("foo.pfx", "test");
    var request = (HttpWebRequest)WebRequest.Create("https://domain.com:8081");
    request.Method = "POST";
    request.ClientCertificates.Add(x509);
    const string data = "{\"foo\":\"bar\"}";
    var postdata = Encoding.ASCII.GetBytes(data);
    request.ContentLength = data.Length;
    var myStream = request.GetRequestStream();
    myStream.Write(postdata, 0, postdata.Length);
    var response = (HttpWebResponse)request.GetResponse();
    Console.WriteLine(new StreamReader(response.GetResponseStream()).ReadToEnd());

The same foo.pfx is used in both cases. Does anyone know how I can explain the difference in results?

1

There are 1 answers

1
Graffito On

Is there some redirection ? If yes, MSDN says:

The Authorization header is cleared on auto-redirects and HttpWebRequest automatically tries to re-authenticate to the redirected location. In practice, this means that an application can't put custom authentication information into the Authorization header if it is possible to encounter redirection. Instead, the application must implement and register a custom authentication module. The System.Net.AuthenticationManager and related class are used to implement a custom authentication module. The AuthenticationManager.Register method registers a custom authentication module.