private static bool IsCertificateSubjectNameAllowed(X509Certificate2 clientCertificate, ExpectedCertificateValue expected, ILogger logger) { IEnumerable <string> certificateSubjectNames = (clientCertificate.Subject ?? String.Empty) .Split(new[] { ',' }, StringSplitOptions.RemoveEmptyEntries) .Select(subject => subject.Trim()); bool isAllowed = certificateSubjectNames.Any(subject => String.Equals(subject, expected.Value)); if (!isAllowed) { logger.LogWarning( "Client certificate authentication failed on subject: " + $"no subject found (actual={String.Join(", ", certificateSubjectNames)}) in certificate that matches expected={expected}"); } return(isAllowed); }
private static bool IsCertificateThumbprintAllowed(X509Certificate2 clientCertificate, ExpectedCertificateValue expected, ILogger logger) { string actual = clientCertificate.Thumbprint?.Trim(); bool isAllowed = String.Equals(expected.Value, actual); if (!isAllowed) { logger.LogWarning( "Client certificate authentication failed on thumbprint: " + $"expected={expected} <> actual={actual}"); } return(isAllowed); }