0

I've made a frontend using Azure Static web app (React). The backend is an Azure app service (a node REST API). I want to secure the backend so that the API is not accessible without a client certificate, so I turned on "client certificate mode required" in the app service settings. The problem is each time a user visits the frontend, the browser asks them to select a certificate. Is there any way around this so that the user does not have to select a certificate?

Robert
  • 176
  • 1
  • 12

1 Answers1

0

The problem is each time a user visits the frontend, the browser asks them to select a certificate.

  • This happens if you have enabled/Allowed the authentication with client certificates.

Is there any way around this so that the user does not have to select a certificate?

  • You can disable the setting in Azure Portal, if you don't want authenticated requests (by users) to select the certificate.

Go to the Azure Portal => Your Web App => Configuration => General Settings => Under Incoming client certificates, change the setting to Optional

enter image description here

  • If you don't want to disable , even you can provide windows sign-in as authentication

enter image description here

TLS Mutual Authentication for Azure App Service

Please refer Configure TLS mutual authentication for Azure App Service and SO Thread

Harshitha Veeramalla
  • 1,515
  • 2
  • 10
  • 11
  • Thank you for your response. What I am trying to do instead is to give the frontend access to the client certificate somehow. This way the frontend has the certificate installed, and the user does not need to select it themselves. Maybe azure key vault can provide a solution to this. If you know of a way to achieve this please let me know. – Robert May 17 '22 at 14:48
  • If you want to go with Azure Key vault, Refer [Import a certificate from Key Vault](https://learn.microsoft.com/en-us/azure/app-service/configure-ssl-certificate?tabs=apex%2Cportal#import-an-app-service-certificate) – Harshitha Veeramalla May 18 '22 at 09:22
  • I have not yet tried the azure key vault but that may be a valid resource to use. I would like to try creating a free account to play around with the key vault though and get back to you. – Robert Jun 01 '22 at 03:09
  • @Robert if the frontend is public and has access to the certificate, then the certificate is public and the whole authentication scheme becomes pointless – M.Stramm Feb 13 '23 at 10:48