I am building a small feature in ASP.NET Core Certificate authentication as given in official https://docs.microsoft.com/en-us/aspnet/core/security/authentication/certauth?view=aspnetcore-3.1. Note: I am not building APIs, I am just trying to secure some Action methods of some controllers so that these secured action methods are opened only when the client has the client certificate.
What I want is that when a user opens the URL of these secured Action methods in the browser then only those users that have client certificate in their PCs are able to view them, for others without client certificate - unauthorized message should be shown.
You can also say that I am using this concept in place of login by password feature.
I have few question which needs answers:
- After I have creating the Client Certificate from Root certificate as given under the heading (Create child certificate from root certificate), how I should give the certificate to the client - Manually? or there is some automatic procedure? Please provide answer.
- Suppose the client has the client certificate, now he opens a URL of the site in the browser that needs client certificate, the question is how the certificate is attached to the browser - what is the procedure in ASP.NET Core 3.1?
Waiting for your valuable answers.
Thank you so much!