Using client certificates in Web API

To digitally identify whether a user is an authenticated user, client certificates are used. This is an enhanced security mechanism unlike using username and password for security as this is a simple validation. Client certificates allow a web application to authenticate its users by verifying a certificate that is provided by the client before the HTTP connection is established.

Creating an SSL Client Certificate

The following steps will create a test root authority and client certification for development and testing purpose:

Open Developer Command Prompt for Visual Studio.

Run the following command:

makecert.exe -n "CN=Dev CA" -r -sv DevCA.pvk DevCA.cer

Enter the certificate password when prompted by makecert ...

Get ASP.NET Web API Security Essentials now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

ASP.NET Web API Security Essentials by Rajesh Gunasundaram

Using client certificates in Web API

Creating an SSL Client Certificate

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly