public ClientCertificateValidationResult Validate(X509Certificate2 certificate) { bool isValid = false; List <string> exceptions = new List <string>(); if (CheckValidCertificateCache(certificate)) { isValid = true; } else { try { using (X509Chain chain = new X509Chain()) { X509ChainPolicy chainPolicy = new X509ChainPolicy() { RevocationMode = X509RevocationMode.NoCheck, RevocationFlag = X509RevocationFlag.EntireChain }; chain.ChainPolicy = chainPolicy; if (!chain.Build(certificate)) { foreach (X509ChainElement chainElement in chain.ChainElements) { foreach (X509ChainStatus chainStatus in chainElement.ChainElementStatus) { exceptions.Add(chainStatus.StatusInformation); } } } else { if (chain.ChainElements.Cast <X509ChainElement>().Any(e => e.Certificate.Thumbprint.Equals(HeadNodeCertThumbprint.Value, StringComparison.OrdinalIgnoreCase))) { isValid = true; SetValidCertificateCache(certificate); } else { exceptions.Add("Client cert is not signed by Headnode cert."); } } } } catch (Exception ex) { exceptions.Add(ex.Message); } } ClientCertificateValidationResult res = new ClientCertificateValidationResult(isValid); res.AddValidationExceptions(exceptions); return(res); }
private ClientCertificateValidationResult ValidateCertificate(IDictionary <string, object> owinEnvironment) { if (owinEnvironment.ContainsKey(this.owinClientCertKey)) { X509Certificate2 clientCert = this.Context.Get <X509Certificate2>(this.owinClientCertKey); return(this.clientCertificateValidator.Validate(clientCert)); } ClientCertificateValidationResult invalid = new ClientCertificateValidationResult(false); invalid.AddValidationException("There's no client certificate attached to the request."); return(invalid); }
protected override Task <AuthenticationTicket> AuthenticateCoreAsync() { ClientCertificateValidationResult validationResult = this.ValidateCertificate(this.Request.Environment); if (validationResult.CertificateValid) { AuthenticationProperties authProperties = new AuthenticationProperties { IssuedUtc = DateTime.UtcNow, ExpiresUtc = DateTime.UtcNow.AddDays(1), AllowRefresh = true, IsPersistent = true }; ClaimsIdentity claimsIdentity = new ClaimsIdentity(new List <Claim> { }, "X.509"); AuthenticationTicket ticket = new AuthenticationTicket(claimsIdentity, authProperties); return(Task.FromResult(ticket)); } return(Task.FromResult <AuthenticationTicket>(null)); }