How to implement Certificate Authentication in ASP.NET Core

Certificate-based Authentication is the use of a Digital Certificate to identify a client request before granting it the access to a resource, network, application, etc. Certificate Authentication provides added security to web applications. You can easily implement it in ASP.NET Core 3.0. Let us understand how to do it.

Implementing Certificate Based Authentication

In your ASP.NET Core app, first add the package called Microsoft.AspNetCore.Authentication.Certificate from NuGet.

Check the below code which does the exact thing:

public void ConfigureServices(IServiceCollection services)
{
    services.AddAuthentication(
    CertificateAuthenticationDefaults.AuthenticationScheme)
    .AddCertificate(options =>
    {
        options.Events = new CertificateAuthenticationEvents
        {
            OnCertificateValidated = context =>
            {
                // do something if certificate is validated successfully
            };

            OnAuthenticationFailed = context =>
            {
                // return 403(forbidden) response 
            };
        };
    });

    // all the other configuration.
}

public void Configure(IApplicationBuilder app, IHostingEnvironment env)
{
    app.UseAuthentication();

    // All the other app configuration.
}

Configure your app to require certificates

Finally, you have to configure Kestrel so that the application always require certificates. This is done by adding the below code to the Program.cs file:

public static IWebHost BuildWebHost(string[] args) =>
    WebHost.CreateDefaultBuilder(args)
        .UseStartup<Startup>()
        .ConfigureKestrel(options =>
        {
            options.ConfigureHttpsDefaults(opt => 
                opt.ClientCertificateMode = 
                    ClientCertificateMode.RequireCertificate);
        })
        .Build();

Congrats you have successfully implemented the Certificate Authentication system in your app. You app now becomes more secure than before.