Unable to send Client Certificate via RestSharp

Question

I'm able to access my token and add it to the RestSharp RestClient

//Create rest client.
IRestClient client = new RestClient("https://localhost.fiddler:44300");

var webClientCertificate = GetWebClientCertificate();

//Don't ask why... I'm getting an abiguous ref here.
client.ClientCertificates = new System.Security.Cryptography.X509Certificates.X509Certificate2Collection(){webClientCertificate};

IRestRequest request = new RestRequest("api/get-secure-data", Method.GET);
var response = client.Execute(request);

GetWebClientCertificate:

public X509Certificate2 GetWebClientCertificate()
{
  //Access certificate store
  X509Store certificateStore = new X509Store(StoreName.My, StoreLocation.CurrentUser);
  certificateStore.Open(OpenFlags.ReadOnly);
  var certificateCollection = certificateStore.Certificates.Find(X509FindType.FindBySubjectName, "web-client",false);
  var webClientCertificate = certificateCollection[0];
  certificateStore.Close();

  return webClientCertificate;
}

I get the cert and I can see that it's added to the client.

Server Code

    [HttpGet]
    [Route("api/get-secure-data")]
    [RequireHttps]
    public IHttpActionResult GetSecureData()
    {
        try
        {
            X509Certificate2 cert = Request.GetClientCertificate(); //returns null
            PublicKey clientKey = cert.PublicKey;

            return Ok(clientKey);
        }
        catch (Exception exception)
        {
            return InternalServerError(exception);
        }
    }

fiddler shows no auth header, what am I missing?

score 0 · Answer 1 · answered Jul 19 '21 at 20:06

0

First, you only need to set the certificate itself, the collection already exists, second, you can’t close the store when using the certificate for signing or authentication (encryption) since you are disconnected from the context.

answered Jul 19 '21 at 20:06

alexrait

407
3
15

Unable to send Client Certificate via RestSharp

1 Answers1