0

I have a .net core 2 API where i've connected a WCF service (which is an email sender); The service is hosted on IIS with HTTPS and require SSL; I want to pass the client certificate from the api whenever i make the connection to the email service. I think the only solution is to change the reference.cs file (which is not the best practice and i have no idea what should i change)

This is my startup.cs file; I made this because i want a dynamic url based on the environment

   services.AddTransient<IEmailService, EmailServiceClient>((serviceProvider) =>
        {
            var configuration = serviceProvider.GetService<IConfiguration>();

            var url = configuration.GetValue<string>("EmailServiceUrl");

            return new EmailServiceClient(EmailServiceClient.EndpointConfiguration.WSHttpBinding_IEmailService, url);
        });

Any suggestion

Michael Commons
  • 773
  • 2
  • 9
  • 28
  • Have you read the documentation at https://learn.microsoft.com/en-us/dotnet/framework/wcf/feature-details/transport-security-with-certificate-authentication? – gnud Mar 27 '20 at 12:07
  • I don't think that's for .net core – Michael Commons Mar 27 '20 at 12:09
  • Sure. But the code to configure the client, at https://learn.microsoft.com/en-us/dotnet/framework/wcf/feature-details/transport-security-with-certificate-authentication#configure-the-client, should be fairly similar. – gnud Mar 27 '20 at 12:24
  • the client being the .net core api, where should i configure that? where should i put that code? – Michael Commons Mar 27 '20 at 12:28
  • Oh - you want to "pass on" the certificate that was used when calling your API, and use that when you call the external email service? Do you have access to the private key of all valid client certificates in your Api? Otherwise this won't really work. – gnud Mar 27 '20 at 13:07
  • By the way - the generated code is all partial classes. Instead of editing the reference.cs file, you're meant to implement the partial method `ConfigureService` in your own source file. This is mentioned in a comment at the beginning of the client class in reference.cs. – gnud Mar 27 '20 at 13:44

1 Answers1

1

I've added the client certificate to the ServiceClient after i instante it in the Startup.cs

            client.ClientCredentials.ClientCertificate.SetCertificate(System.Security.Cryptography.X509Certificates.StoreLocation.LocalMachine,
                System.Security.Cryptography.X509Certificates.StoreName.My, System.Security.Cryptography.X509Certificates.X509FindType.FindByThumbprint, "thumbprint");
Michael Commons
  • 773
  • 2
  • 9
  • 28