Add support for X509 client certificate "authentication"

[leastprivilege]

It's important for a number of enterprise and financial API / OAuth scenarios.

@blowdart already has 85% of it done - please include that in ASP.NET itself.

[Eilon]

We've moved this issue is in the Backlog milestone. This means that it is not going to happen for the coming release. We will re-assess the backlog following the current release and consider this item at that time. However, keep in mind that there are many other high priority features with which it will be competing for resources.

[dmositecore]

I am also looking for this handler. Thanks

[blowdart]

@Eilon I'm putting this into 3.0, it shouldn't take that much time, I already have tests, we'd just need to do the reassignment, because this was done out of work hours.

[Eilon]

@blowdart - do you already have a sample of this somewhere? We're concerned this might be a big cost to bring up to production, including testing. We can discuss more when you're back.

[blowdart]

Who is "we" in this case? Damian allowed approved it.

It's be a matter of moving https://github.com/blowdart/idunno.Authentication/tree/master/src/idunno.Authentication.Certificate and testing some more

[Eilon]

Thanks for the link. When you're back let's discuss exactly what needs to be done in terms of test coverage.

[xavierjohn]

I have written a Client Cert Middleware too
https://github.com/xavierjohn/ClientCertificateMiddleware

basically maps certs to Roles using configuration settings, example json setting.

  "AuthorizedCertficatesAndRoles": {
    "CertificateAndRoles": [
      {
        "Subject": "CN=http://user.mylocalmachine",
        "Issuer": "CN=http://user.mylocalmachine",
        "Roles": [ "User" ]
      },
      {
        "Subject": "CN=http://admin.mylocalmachine",
        "Issuer": "CN=http://admin.mylocalmachine",
        "Roles": [ "Admin" ]
      }
    ]
  }