Search code examples
azurewcfsoapcertificatechannelfactory

Azure App Service "The Client Certificate Credentials Were Not Recognized"


When I run my ASP dotnet core API locally (in release mode) it makes an external call, using a WCF and a clientcertificate (X509Certificate2), returning the data correctly. But when this API is deployed as an Azure App Service it states "The Client Certificate Credentials Were Not Recognized". The X509Certificate2 is loaded from the filesystem correctly (seen from remote debugging).

I've tried making the call with a normal HttpClient and adding the certificate, but this gave me the same results. We also tried using a CertificateStore, with equal results.

private async Task ProcessRequestAsync(string endpoint, X509Certificate2 certificate, Func<SsoSoapType, Task> action)
        {
            BasicHttpsBinding binding = new BasicHttpsBinding();
            EndpointAddress endpointAddress = new EndpointAddress(new Uri(endpoint));
            ChannelFactory<SsoSoapType> factory = new ChannelFactory<SsoSoapType>(binding, endpointAddress);
            factory.Credentials.ClientCertificate.Certificate = certificate;
            binding.Security.Transport.ClientCredentialType = HttpClientCredentialType.Certificate;

            await action(factory.CreateChannel());

            if (factory != null)
            {
                if (factory.State == CommunicationState.Faulted)
                    factory.Abort();
                else
                    factory.Close();
            }
        }

I expect the deployed version to behave just like my local version. But apparently this isn't the case.

Can someone explain where this is going wrong? Or is it caused by some settings in the Azure portal that need to be set accordingly?

Kind regards, Jacco


Solution

  • Alright, after some thorough research I found out that my Azure App Service had been set to hosting plan "D1". This means that the machine is shared between different app services and thus can't utilize the certificate store (as you would be able to see other peoples' certificates). After upgrading to hosting plan "B1" the issue was resolved.