The option to renegotiate a connection and request a client certificate has been disabled by default.
See dotnet/aspnetcore#23181 for discussion.
Version introduced5.0
Old behaviorThe connection could be renegotiated to request a client certificate.
New behaviorClient certificates can only be requested during the initial connection handshake. See dotnet/aspnetcore#23162.
Reason for changeRenegotiation caused a number of performance and deadlock issues. It's also not supported in HTTP/2. See dotnet/aspnetcore#14806 for when the option to control this behavior was first introduced in 3.1.
Recommended actionApplications that require client certificates should use netsh.exe to set the clientcertnegotiation option to enabled. See https://docs.microsoft.com/en-us/windows-server/networking/technologies/netsh/netsh-http
If you only want client certificates enabled for some parts of your application then see the guidance at https://docs.microsoft.com/en-us/aspnet/core/security/authentication/certauth?view=aspnetcore-3.1#optional-client-certificates.
If you need the old renegotiate behavior then set HttpSysOptions.ClientCertificateMethod to the old value ClientCertificateMethod.AllowRenegotiate. This is not recommended for the reasons outlined above and in the linked guidance.
ASP.NET
Affected APIsHttpSysOptions.ClientCertificateMethod
HttpContext.Connection.ClientCertificate
HttpContext.Connection.GetClientCertifiateAsync
RetroSearch is an open source project built by @garambo | Open a GitHub Issue
Search and Browse the WWW like it's 1997 | Search results from DuckDuckGo
HTML:
3.2
| Encoding:
UTF-8
| Version:
0.7.4