I want to know that adding the certificate with private key in header section of the HttpWebRequest will expose the private key to the public or not ? Is it safe to add certificate with private key as shown below ?
public class WebClientHandler : WebClient
{
X509Certificate2 clientCertifiacte;
public WebClientHandler(X509Certificate2 clientCertifiacte)
{
this.clientCertifiacte= clientCertifiacte;
}
protected override WebRequest GetWebRequest(Uri address)
{
HttpWebRequest request = (HttpWebRequest)base.GetWebRequest(address);
request.ClientCertificates.Add(clientCertifiacte);
return request;
}
}
adding the certificate with private key in header section of the HttpWebRequest will expose the private key to the public or not ?
no, it won't. Private key will be used during client authentication challenge/handshake. Key itself isn't sent/exposed anywhere.
Is it safe to add certificate with private key as shown below ?
you have to do so. Certificate without private key cannot be used for authentication, because certificate-based authentication requires data signing which is not possible without private key.