Add CertificateAuthentication#9756
Conversation
|
Couple of things to be deleted, but yea, fair enough |
|
Ok I'll delete all the commented out stuff next so its easy for you to see what got removed in the next commit |
|
When this is non-draft, please tag |
Tratcher
left a comment
There was a problem hiding this comment.
PM code 😢
Also get rid of the MessagePack submodule change.
|
|
||
| protected override Task HandleChallengeAsync(AuthenticationProperties properties) | ||
| { | ||
| // Certificate authentication takes place at the connection level. We can't prompt once we're in |
There was a problem hiding this comment.
Let's put an event here for the Identity auth selection case. For HttpSys a dev could call AuthenticateAsync (in the selection case it would not have been called) and it would trigger a browser prompt on the same request. If that failed then a 403 is warranted. If it succeeded they could redirect to the next stage of sign-in and the cert would be preserved in the server for the next request.
There was a problem hiding this comment.
Can we file a separate issue/ask to add support for this later? This doesn't sound like something that needs to be in the initial chcekpoint, @blowdart thoughts?
There was a problem hiding this comment.
But only http.sys. While that'd be nice, we can't make kestrel do it, so yes, nice to have only
| @@ -0,0 +1,239 @@ | |||
| # Microsoft.AspNetCore.Authentication.Certificate | |||
There was a problem hiding this comment.
Yeah docs with this will come later, readme seems ok to leave in the meantime
…re.Authentication.Certificate.csproj Co-Authored-By: Nate McMaster <natemcmaster@users.noreply.github.com>
|
@blowdart @Tratcher thinks the behavior for the certificate forwarder should pickup the header and use that as an override for any existing cert, which is the opposite of the behavior you had before (which would fallback to the header). For now I went with the override behavior, but you guys can discuss what's the ideal behavior |
| Items = | ||
| { | ||
| { | ||
| CertificateAuthenticationDefaults.CertificateItemsKey, certificate.GetRawCertDataString() |
…icationHandler.cs Co-Authored-By: Chris Ross <Tratcher@Outlook.com>
|
@aspnet/build any ideas why I'm getting this error on ci builds only for this PR? |
It's not only your PR and it's not only this repo e.g. https://github.com/aspnet/EntityFrameworkCore/pull/15878/checks?check_run_id=139437341. It appears to be GitHub flakiness but I'm not sure. |
|
@HaoK just sent mail about this problem, which is affecting everyone, not just this PR. AzDO + GitHub are investigating. |
|
/azp run AspNetCore-ci |
|
Azure Pipelines successfully started running 1 pipeline(s). |
|
/azp run AspNetCore-ci |
|
Azure Pipelines successfully started running 1 pipeline(s). |
Initial port of the code with all unit tests passing and some stuff commented out so we can track diffs in git.
Take a look at the commented out changes i needed to make for tests @blowdart
Next steps will be to remove all the commented out code and move the headerforwarding into the existing middleware