Azure certificate authorization instead of secret key

Question

I have developed a web application that utilizes an identity provider, and I've established a connection between it and my application registration for the authentication. Up to this point, I've been using an environment variable in my configuration called MICROSOFT_PROVIDER_AUTHENTICATION_SECRET="secretKeyofAppRegistration," which has been functioning effectively. However, for security reasons, I want to transition away from using a secret key and instead employ a certificate. So i tried the following:

I created a certificate in my PowerShell and added it to my App Registration like below:

Also i added the same certificate to my web app:

The problem is that it does not work. Am i missing something in my setup?

Answer 1

After uploading the certificate you need to add key WEBSITE_LOAD_CERTIFICATES with value = your certificate's thumbprint or you can use * to load all your certificates from your apps personal store.

I have used * :

Also, you need to set Client certificate as "required" in configuration of your web app.

I have taken references from the MS Azure

You can use this code in your web application to access client certificate.

    using System;
    using System.Security.Cryptography.X509Certificates;namespace UseCertificateInAzureWebsiteApp

          X509Store certStore = new X509Store(StoreName.My, StoreLocation.CurrentUser);
          certStore.Open(OpenFlags.ReadOnly);
          X509Certificate2Collection certCollection = certStore.Certificates.Find(
                                     X509FindType.FindByThumbprint,"********",false);
          
          if (certCollection.Count > 0)
          {
            X509Certificate2 cert = certCollection[0];
            
            Console.WriteLine(cert.FriendlyName);
          }
          certStore.Close();

Result:

With certificate: