#27 Forward client certificates.

Conflicts:
	src/Microsoft.AspNet.IISPlatformHandler/IISPlatformHandlerMiddleware.cs

Author: Tratcher

samples/IISSample/Startup.cs

@@ -26,16 +26,23 @@ public void Configure(IApplicationBuilder app, ILoggerFactory loggerfactory)
                 await context.Response.WriteAsync("User - " + context.User.Identity.Name + Environment.NewLine);
                 await context.Response.WriteAsync("PathBase: " + context.Request.PathBase.Value + Environment.NewLine);
                 await context.Response.WriteAsync("Path: " + context.Request.Path.Value + Environment.NewLine);
+                await context.Response.WriteAsync("ClientCert: " + context.Connection.ClientCertificate + Environment.NewLine);
+
+                await context.Response.WriteAsync(Environment.NewLine + "Headers:" + Environment.NewLine);
                 foreach (var header in context.Request.Headers)
                 {
                     await context.Response.WriteAsync(header.Key + ": " + header.Value + Environment.NewLine);
                 }
+
+                await context.Response.WriteAsync(Environment.NewLine + "Environment Variables:" + Environment.NewLine);
                 var vars = Environment.GetEnvironmentVariables();
                 foreach (var key in vars.Keys)
                 {
                     var value = vars[key];
                     await context.Response.WriteAsync(key + ": " + value + Environment.NewLine);
                 }
+
+                // throw new Exception("Test Exception");
             });
         }
 

src/Microsoft.AspNet.IISPlatformHandler/IISPlatformHandlerMiddleware.cs

@@ -3,13 +3,15 @@
 
 using System;
 using System.Globalization;
+using System.Security.Cryptography.X509Certificates;
 using System.Security.Principal;
 using System.Threading.Tasks;
 using Microsoft.AspNet.Builder;
 using Microsoft.AspNet.Http;
 using Microsoft.AspNet.Http.Features.Authentication;
 using Microsoft.AspNet.Http.Features.Authentication.Internal;
 using Microsoft.Extensions.Internal;
+using Microsoft.Extensions.Logging;
 using Microsoft.Extensions.Options;
 using Microsoft.Extensions.Primitives;
 
@@ -18,27 +20,52 @@ namespace Microsoft.AspNet.IISPlatformHandler
     public class IISPlatformHandlerMiddleware
     {
         private const string XIISWindowsAuthToken = "X-IIS-WindowsAuthToken";
+        private const string MSPlatformHandlerClientCert = "MS-PLATFORM-HANDLER-CLIENTCERT";
 
         private readonly RequestDelegate _next;
         private readonly IISPlatformHandlerOptions _options;
+        private readonly ILogger _logger;
 
-        public IISPlatformHandlerMiddleware(RequestDelegate next, IOptions<IISPlatformHandlerOptions> options)
+        public IISPlatformHandlerMiddleware(RequestDelegate next, ILoggerFactory loggerFactory, IOptions<IISPlatformHandlerOptions> options)
         {
             if (next == null)
             {
                 throw new ArgumentNullException(nameof(next));
             }
+            if (loggerFactory == null)
+            {
+                throw new ArgumentNullException(nameof(loggerFactory));
+            }
             if (options == null)
             {
                 throw new ArgumentNullException(nameof(options));
             }
 
             _next = next;
             _options = options.Value;
+            _logger = loggerFactory.CreateLogger<IISPlatformHandlerMiddleware>();
         }
 
         public async Task Invoke(HttpContext httpContext)
         {
+            if (_options.FlowClientCertificate)
+            {
+                var header = httpContext.Request.Headers[MSPlatformHandlerClientCert];
+                if (!StringValues.IsNullOrEmpty(header))
+                {
+                    try
+                    {
+                        var bytes = Convert.FromBase64String(header);
+                        var cert = new X509Certificate2(bytes);
+                        httpContext.Connection.ClientCertificate = cert;
+                    }
+                    catch (Exception ex)
+                    {
+                        _logger.LogWarning("Failed to apply the client certificate.", ex);
+                    }
+                }
+            }
+
             if (_options.FlowWindowsAuthentication)
             {
                 var winPrincipal = UpdateUser(httpContext);

src/Microsoft.AspNet.IISPlatformHandler/IISPlatformHandlerOptions.cs

@@ -22,6 +22,11 @@ public class IISPlatformHandlerOptions
         /// </summary>
         public bool FlowWindowsAuthentication { get; set; } = true;
 
+        /// <summary>
+        /// Populates the ITLSConnectionFeature if the MS-PLATFORM-HANDLER-CLIENTCERT request header is present.
+        /// </summary>
+        public bool FlowClientCertificate { get; set; } = true;
+
         /// <summary>
         /// Additional information about the authentication type which is made available to the application.
         /// </summary>

src/Microsoft.AspNet.IISPlatformHandler/project.json

@@ -13,6 +13,7 @@
     "Microsoft.AspNet.Hosting.Abstractions": "1.0.0-*",
     "Microsoft.AspNet.Http": "1.0.0-*",
     "Microsoft.AspNet.Http.Extensions": "1.0.0-*",
+    "Microsoft.Extensions.Logging.Abstractions": "1.0.0-*",
     "Microsoft.Extensions.Options": "1.0.0-*",
     "Microsoft.Extensions.SecurityHelper.Sources": {
       "type": "build",