/// <summary>
/// Implementation of a custom certificate validation on the service side.
/// Service should consider certificate valid if its issuer is the same as the issuer of the service.
/// If validation fails, throw an exception with an adequate message.
/// </summary>
/// <param name="certificate"> certificate to be validate </param>
public override void Validate(X509Certificate2 certificate)
{
if (certificate == null)
{
Audit.AuthenticationFailed("Nema sertifikat");
throw new Exception("Nema sertifikat");
}
/// This will take service's certificate from storage
X509Certificate2 srvCert = CertManager.GetCertificateFromStorage(StoreName.My, StoreLocation.LocalMachine, Formatter.ParseName(WindowsIdentity.GetCurrent().Name));
if (!certificate.Issuer.Equals(srvCert.Subject))
{
Audit.AuthenticationFailed("Certificate is not issued by the service.");
throw new Exception("Certificate is not issued by the service.");
}
Audit.AuthenticationSuccess(certificate.Subject);
}
public override void Validate(X509Certificate2 certificate)
{
/// This will take service's certificate from storage
X509Certificate2 srvCert = CertManager.GetCertificateFromStorage(StoreName.My, StoreLocation.LocalMachine, Formatter.ParseName(WindowsIdentity.GetCurrent().Name));
if (!certificate.Issuer.Equals(srvCert.Issuer))
{
throw new Exception("Certificate is not from the valid issuer.");
}
}