admin管理员组文章数量:1193344
We have an ASP.NET Core 8 Web API which accepts and authorizes users based on client certificates. Suddenly starting today morning, the certificate for one of the user starts failing with 403. The client cert itself seems to be valid and not expired.
services.AddAuthentication(CertificateAuthenticationDefaults.AuthenticationScheme)
.AddCertificate(o =>
{
o.RevocationMode = X509RevocationMode.Online;
o.AllowedCertificateTypes = CertificateTypes.Chained;
o.Events = new CertificateAuthenticationEvents()
{
OnAuthenticationFailed = context =>
{
// Log here.
return Task.CompletedTask;
},
OnCertificateValidated = context =>
{
// success logic
return Task.CompletedTask;
}
};
});
The failure logs don't give more information other than
Certificate validation failed
I tried setting the Revocation Mode as NoCheck to see if that might be the reason and this allows the certificate to work properly.
o.RevocationMode = X509RevocationMode.NoCheck;
But the caller says there has been no change in the cert, and we validated the cert is actually valid and not expired. All the needed certificates for the cert chain are available on the machine (the machine was service traffic perfectly fine till today morning and there were no deployment around that time).
I also tried to check the validity of the client certificate cer with below command
certutil -f -urlfetch -verify .\cert-name.cer
This says the revocation check passed:
I am unable to understand why this certificate is failing the revocation check in the service. Other certificates in the service are working as expected.
What could be causing this sudden 403s for this request?
本文标签: authenticationClient certificate suddenly returning 403 for a particular userStack Overflow
版权声明:本文标题:authentication - Client certificate suddenly returning 403 for a particular user - Stack Overflow 内容由网友自发贡献,该文观点仅代表作者本人, 转载请联系作者并注明出处:http://www.betaflare.com/web/1738394527a2084432.html, 本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌抄袭侵权/违法违规的内容,一经查实,本站将立刻删除。
发表评论