How to implement Certificate Authentication in ASP.NET Core

How to implement Certificate Authentication in ASP.NET Core

Certificate-based Authentication is the use of a Digital Certificate to identify a client request before granting it the access to a resource, network, application, etc. Certificate Authentication provides added security to web applications. You can easily implement it in ASP.NET Core 3.0. Let us understand how to do it.

Implementing Certificate Based Authentication

In your ASP.NET Core app, first add the package called Microsoft.AspNetCore.Authentication.Certificate from NuGet.

Next, in the Startup.cs file’s Configure() method, call the app.AddAuthentication() method, and provide a delegate for OnCertificateValidated and OnAuthenticationFailed events.

Check the below code which does the exact thing:

public void ConfigureServices(IServiceCollection services)
{
    services.AddAuthentication(
    CertificateAuthenticationDefaults.AuthenticationScheme)
    .AddCertificate(options =>
    {
        options.Events = new CertificateAuthenticationEvents
        {
            OnCertificateValidated = context =>
            {
                // do something if certificate is validated successfully
            };

            OnAuthenticationFailed = context =>
            {
                // return 403(forbidden) response 
            };
        };
    });

    // all the other configuration.
}
Obviously inside the OnAuthenticationFailed event you can return a 403 (Forbidden) response.
Next, add app.UseAuthentication(); inside the Configure() method.
public void Configure(IApplicationBuilder app, IHostingEnvironment env)
{
    app.UseAuthentication();

    // All the other app configuration.
}

Configure your app to require certificates

Finally, you have to configure Kestrel so that the application always require certificates. This is done by adding the below code to the Program.cs file:
public static IWebHost BuildWebHost(string[] args) =>
    WebHost.CreateDefaultBuilder(args)
        .UseStartup<Startup>()
        .ConfigureKestrel(options =>
        {
            options.ConfigureHttpsDefaults(opt => 
                opt.ClientCertificateMode = 
                    ClientCertificateMode.RequireCertificate);
        })
        .Build();
Conclusion
Congrats you have successfully implemented the Certificate Authentication system in your app. You app now becomes more secure than before.

Share this article -

yogihosting

ABOUT THE AUTHOR

This article has been written by the Technical Staff of YogiHosting. Check out other articles on "ASP.NET Core, jQuery, EF Core, SEO, jQuery, HTML" and more.

Leave a Reply

Your email address will not be published. Required fields are marked *