private static bool ValidateCertificate(X509Certificate2 cert, HttpContext context = null) { try { StoreName storeName = StoreName.My; StoreLocation location = StoreLocation.LocalMachine; if (X509Util.Validate(storeName, location, X509RevocationMode.Online, X509RevocationFlag.EntireChain, cert, cert.Thumbprint)) { List <Claim> claimset = X509Util.GetClaimSet(cert); Claim nameClaim = claimset.Find(obj => obj.Type == ClaimTypes.Name); ClaimsIdentity ci = new ClaimsIdentity(claimset); ClaimsPrincipal prin = new ClaimsPrincipal(ci); if (context == null) { Thread.CurrentPrincipal = prin; } else { context.User.AddIdentity(ci); } return(true); } return(false); } catch (Exception ex) { Trace.TraceError("X509 validation exception '{0}'", ex.Message); return(false); } }
protected override Task <AuthenticateResult> HandleAuthenticateAsync() { X509Certificate2 certificate = HttpHelper.HttpContext.Connection.ClientCertificate; if (certificate == null) { return(Task.FromResult(AuthenticateResult.Fail("No client certificate to authenticate."))); } if (string.IsNullOrEmpty(Options.StoreName) || string.IsNullOrEmpty(Options.Location) || string.IsNullOrEmpty(Options.Thumbprint)) { return(Task.FromResult(AuthenticateResult.Fail("No certificate in chain to check."))); } try { StoreName storeName = (StoreName)Enum.Parse(typeof(StoreName), Options.StoreName); StoreLocation location = (StoreLocation)Enum.Parse(typeof(StoreLocation), Options.Location); if (X509Util.Validate(storeName, location, X509RevocationMode.Online, X509RevocationFlag.EntireChain, certificate, Options.Thumbprint)) { List <Claim> claimset = X509Util.GetClaimSet(certificate); Claim nameClaim = claimset.Find(obj => obj.Type == ClaimTypes.Name); GenericIdentity identity = new GenericIdentity(nameClaim.Value); identity.AddClaims(claimset); Thread.CurrentPrincipal = new GenericPrincipal(identity, null); var ticket = new AuthenticationTicket((ClaimsPrincipal)Thread.CurrentPrincipal, Options.Scheme); return(Task.FromResult(AuthenticateResult.Success(ticket))); } return(Task.FromResult(AuthenticateResult.Fail("Not authenticated."))); } catch (Exception ex) { Trace.TraceError(ex.Message); return(Task.FromResult(AuthenticateResult.Fail("Not authenticated."))); } }