Forum Xamarin.Forms

Announcement:

The Xamarin Forums have officially moved to the new Microsoft Q&A experience. Microsoft Q&A is the home for technical questions and answers at across all products at Microsoft now including Xamarin!

To create new threads and ask questions head over to Microsoft Q&A for .NET and get involved today.

HttpClient Sending X509 Certificate

Hey Everyone,

I am working on a Xamarin Forms project that needs to send out a Http request that includes a certificate for authentication.

I have the code working to get the certificate, which is a PFX, and pass it to my HttpClient but when I make the request I always get back a 403 error. The code below is how I am sending the message:

// Attach certifcate collection to handler.
 var handler = new HttpClientHandler();
 handler.ClientCertificateOptions = ClientCertificateOption.Manual;
 handler.ClientCertificates.AddRange(GetCertificate());

 // Construct client with handler.
var client = new HttpClient(handler);

// Make request.
var result = client.GetAsync("urlgoeshere").GetAwaiter().GetResult();
var responsebody = result.Content.ReadAsStringAsync().GetAwaiter().GetResult();

I removed the real URL, but with the correct one it is always a 403 error.

I then tested this with a HttpWebRequest and I get through just fine, the code for that is as follows:

X509Certificate2Collection certificate = GetCertificate();
var httpRequest = (HttpWebRequest)WebRequest.Create("urlgoeshere");
httpRequest.ClientCertificates = certificate;
HttpWebResponse response = (HttpWebResponse)httpRequest.GetResponse();

So I am curious if anyone has seen this before and if they have what the difference is? And how you could get this fixed to work with the HttpClient?

Answers

  • ColeXColeX Member, Xamarin Team Xamurai
    edited August 2020

    Try the following code

        var certHandler = new HttpClientHandler();
        certHandler.ClientCertificateOptions = ClientCertificateOption.Manual;            
        certHandler.UseDefaultCredentials = false;
    
        var certificate = new X509Certificate2(Properties.Resources.SigningCert, "password", X509KeyStorageFlags.UserKeySet); //Must be renewed and replaced every year.
        certHandler.ClientCertificates.Add(certificate);            
    
        //Execute the command            
        var client = new HttpClient(certHandler);
        string result;
        try
        {
            result = await client.GetStringAsync(url);
    
            System.Diagnostics.Debug.WriteLine(result);
        }
        catch (Exception ex)
        {
            throw ex;
        }
    

    Refer to https://stackoverflow.com/questions/13419002/httpclient-request-with-x509-certificate-works-on-debug-but-fails-in-production .

  • akemper1akemper1 Member ✭✭
    edited August 2020

    Hey ColeX,

    I have tried this and with no luck, I think I have found the answer though. I believe Mono.Droid (which Xamarin.Android uses) which HttpClient will go to just does not implement the Handler.ClientCertificates, so the certificate is actually not sent with the request.

Sign In or Register to comment.