0

I've got a .Net 6 web api that uses optional certificate authentication. I'm struggling with my debugging setup.

By default, IIS Express doesn't appear to take the client certificate presented, so I edited the applicationhost.config file to include

<access sslFlags="Ssl, SslNegotiateCert" />

This means my testing using powershell to call the API with a client certificate works, however I've now lost the ability to access the Swagger page, getting a ERR_CONNECTION_RESET when try to connect with a browser.

I had a similar issue on IIS (full) and resolved it by disabling HTTP/2 & TLS1.3 - is it possible to configure such a thing in IIS Express?

alt
  • 2,356
  • 2
  • 21
  • 28

1 Answers1

2

Well, I managed to figure it out, adapting information from https://learn.microsoft.com/en-us/windows-server/identity/ad-fs/operations/manage-ssl-protocols-in-ad-fs as a reference.

I created the following two keys in the registry

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.3\Server] "Enabled"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.3\Server] "DisabledByDefault"=dword:00000001

screenshot of registry

And after a reboot, I'm able to connect using both certificate auth and my browser :)

alt
  • 2,356
  • 2
  • 21
  • 28
  • Looking for a solution for hours... thanks for sharing! :-) – user3767106 Nov 30 '22 at 10:53
  • thanks for this article, I've been breaking my head after i upgraded my OS from Windows 10 to 11, and after reading this article, I was able to resolve my issue. – Ron Apr 03 '23 at 19:21