I'm trying to connect a UWP application to a Web Api SSL enabled (in IIS) with certificate negotiation. If I disable certificate negotiation the following code works and the request works but no client certificate arrives at Web Api attached to the request. To mention that with firefox negotiating the certificate on GET request everything works as expected (server receives the certificate).
private async void btn_addCertificate_Click(object sender, RoutedEventArgs e)
{
try
{
Windows.Web.Http.HttpResponseMessage response = await testCertConnect();
string responseBodyAsText;
System.Diagnostics.Debug.WriteLine(response.StatusCode + " " + response.ReasonPhrase + Environment.NewLine);
responseBodyAsText = await response.Content.ReadAsStringAsync();
System.Diagnostics.Debug.WriteLine(responseBodyAsText);
}
catch (Exception ex)
{
System.Diagnostics.Debug.WriteLine(ex.ToString());
}
}
private async Task<HttpResponseMessage> testCertConnect()
{
Windows.Web.Http.Filters.HttpBaseProtocolFilter filter = new Windows.Web.Http.Filters.HttpBaseProtocolFilter();
filter.ClientCertificate = certList[this.certificatesListCB.SelectedIndex];
Windows.Web.Http.HttpClient httpClient = new Windows.Web.Http.HttpClient(filter);
httpClient.DefaultRequestHeaders.UserAgent.TryParseAdd("Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/46.0.2486.0 Safari/537.36 Edge/13.10586");
httpClient.DefaultRequestHeaders.AcceptEncoding.TryParseAdd("gzip, deflate");
httpClient.DefaultRequestHeaders.Add("Pragma", "no-cache");
return await httpClient.GetAsync(new Uri("https://<site_url>:44300/api/sites"));
}
SSL config in applicationhost.config
<access sslFlags="Ssl, SslNegotiateCert" />
Error when doing the request with SSL Negotiation active.
Exception thrown: 'System.Runtime.InteropServices.COMException' in mscorlib.ni.dll
WinRT information: An error occurred in the secure channel support
Exception thrown: 'System.Runtime.InteropServices.COMException' in mscorlib.ni.dll
WinRT information: An error occurred in the secure channel support
System.Runtime.InteropServices.COMException (0x80072F7D): The text associated with this error code could not be found.
An error occurred in the secure channel support
at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at System.Runtime.CompilerServices.TaskAwaiter`1.GetResult()
at PwdManager.AddCertificate.<testCertConnect>d__6.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at System.Runtime.CompilerServices.TaskAwaiter`1.GetResult()
at PwdManager.AddCertificate.<btn_addCertificate_Click>d__3.MoveNext()
Note: SSL certificates are CA Cert signed and respective PKI loaded to certificate store.
User contributions licensed under CC BY-SA 3.0