private static bool IsCertificateSubjectNameAllowed(X509Certificate2 clientCertificate, ExpectedCertificateValue expected, ILogger logger)
{
IEnumerable <string> certificateSubjectNames =
(clientCertificate.Subject ?? String.Empty)
.Split(new[] { ',' }, StringSplitOptions.RemoveEmptyEntries)
.Select(subject => subject.Trim());
bool isAllowed = certificateSubjectNames.Any(subject => String.Equals(subject, expected.Value));
if (!isAllowed)
{
logger.LogWarning(
"Client certificate authentication failed on subject: "
+ $"no subject found (actual={String.Join(", ", certificateSubjectNames)}) in certificate that matches expected={expected}");
}
return(isAllowed);
}
private static bool IsCertificateThumbprintAllowed(X509Certificate2 clientCertificate, ExpectedCertificateValue expected, ILogger logger)
{
string actual = clientCertificate.Thumbprint?.Trim();
bool isAllowed = String.Equals(expected.Value, actual);
if (!isAllowed)
{
logger.LogWarning(
"Client certificate authentication failed on thumbprint: "
+ $"expected={expected} <> actual={actual}");
}
return(isAllowed);
}
