Search code examples
c#visual-studiovisual-studio-2019owiniis-express

Forcing Visual Studio IIS Express To Prompt User For User Certificate

I'm currently using Visual Studio Professional 2019, and have the following use case.

I'm trying to do user authentication with X509. I'm prompting for the cert and looking for it via IOwinRequest.Environment and looking for the property ssl.ClientCertificate

In my start-up I'm using something like this

            app.UseClientCertificateAuthentication(new DefaultClientCertificateValidator());

This in turn eventually gets to

  ClientCertificateValidationResult validationResult = await Task<ClientCertificateValidationResult>.Run(() => ValidateCertificate(Request.Environment));
            if (validationResult.CertificateValid)
            {
              // Do some stuff 
            }


        private ClientCertificateValidationResult ValidateCertificate(IDictionary<string, object> owinEnvironment)
        {
            if (owinEnvironment.ContainsKey(_owinClientCertKey))
            {
                X509Certificate2 clientCert = Context.Get<X509Certificate2>(_owinClientCertKey);
                return _clientCertificateValidator.Validate(clientCert);
            }

If I toss this into production and use some logging statements, I can see things hit in the proper order and actually validate (which is good). However, I want to actually run through this in Debug so I can test some other items.

When running in Visual Studio it runs through IIS Express. In my project properties I have SSL Enabled and I can access that url on https://localhost:44300/ However, it never prompts for the user certificate.

IF this app were in prod I'd just go into IIS, go to the SSL Connection section and require the Cert be passed by the user. Is there a way to do this in IIS Express in visual studio?

I thought maybe there would be something in the Web.Config or the AppHost File

C:\directory.vs\solution_name\config\applicationhost.config

But I'm probably missing something stupid.

Any help would be great!

Solution

  • You need to modify applicationhost.config file.

    File locations for various version of visual studio can be found here.

    For Visual Studio 2019+ the path is

    $(solutionDir)\.vs\{projectName}\config\applicationhost.config

    In the file search for access sslFlags element inside <security>. Then simply change its value to SslNegotiateCert (request client certificate).

    Other values of sslFlags can be found here.