aspnetcore

Author SHA1 Message Date

Author	SHA1	Message	Date
Edward Neal	e7ea31b1c7	Allow opt-out from client certificate root checking (#15029 ) * Added a new property, ValidateCertificateChain This aligns the code with README.md, and enables chained certificate authentication to work in Azure App Service (which won't have the client certificate's root in its trust store) * Updated reference assemblies New ValidateCertificateChain property was missing from /ref - hadn't updated it, so automatic test was failing * Replaced the broad property which disables certificate chain validation with a granular list of trusted issuers Also updated documentation to remove the unused property and to indicate that it isn't possible to validate half of the chain from the OS' trust store, and half from the private root store * Swapped property access for an AddRange call * Updated reference assembly * Added certificate tests Three test cases: - Untrusted client certificate should fail, as it does now. - Client certificate which is part of a chain with an untrusted root but a trusted issuer should fail, since the chain as a whole isn't trusted. - Client certificate which is part of a fully-trusted chain should pass. Also noticed that there were a couple of issues in CreateServer, where the certificate revocation flags weren't being set properly. Finally, the csproj was referring to a folder name ("test\Certificates") which didn't exist. It looks like the folder was renamed to "TestCertificates", so I've update the project to match. * Update Microsoft.AspNetCore.Authentication.Certificate.netcoreapp.cs * Reverting change of Tests csproj, which was blocking certificate tests * Forgot to add certificates to the shared source root, so tests were failing * Updating following code review Replaced custom logic with a new ChainTrustValidationMode property. Updated reference assemblies * Changed tests to account for new property * Updated certificates for PR tests * Updated certificates Updating all new certificates to avoid using the alternate signature algorithm * Dummy checkin Compilation errors coming from CertificateTests.cs, performing this checkin to test whether or not they're limited to a specific build. * Following up typo corrections Commit `116799fa70` in upstream repo changed a variable name, causing compile errors on PR build. Fixing that Co-authored-by: Hao Kung <HaoK@users.noreply.github.com>	2020-02-06 15:15:38 -08:00

Edward Neal

e7ea31b1c7

Allow opt-out from client certificate root checking (#15029 )

* Added a new property, ValidateCertificateChain

This aligns the code with README.md, and enables chained certificate authentication to work in Azure App Service (which won't have the client certificate's root in its trust store)

* Updated reference assemblies

New ValidateCertificateChain property was missing from /ref - hadn't updated it, so automatic test was failing

* Replaced the broad property which disables certificate chain validation with a granular list of trusted issuers

Also updated documentation to remove the unused property and to indicate that it isn't possible to validate half of the chain from the OS' trust store, and half from the private root store

* Swapped property access for an AddRange call

* Updated reference assembly

* Added certificate tests

Three test cases:
- Untrusted client certificate should fail, as it does now.
- Client certificate which is part of a chain with an untrusted root but a trusted issuer should fail, since the chain as a whole isn't trusted.
- Client certificate which is part of a fully-trusted chain should pass.

Also noticed that there were a couple of issues in CreateServer, where the certificate revocation flags weren't being set properly.

Finally, the csproj was referring to a folder name ("test\Certificates") which didn't exist. It looks like the folder was renamed to "TestCertificates", so I've update the project to match.

* Update Microsoft.AspNetCore.Authentication.Certificate.netcoreapp.cs

* Reverting change of Tests csproj, which was blocking certificate tests

* Forgot to add certificates to the shared source root, so tests were failing

* Updating following code review

Replaced custom logic with a new ChainTrustValidationMode property. Updated reference assemblies

* Changed tests to account for new property

* Updated certificates for PR tests

* Updated certificates

Updating all new certificates to avoid using the alternate signature algorithm

* Dummy checkin

Compilation errors coming from CertificateTests.cs, performing this checkin to test whether or not they're limited to a specific build.

* Following up typo corrections

Commit 116799fa70 in upstream repo changed a variable name, causing compile errors on PR build. Fixing that

Co-authored-by: Hao Kung <HaoK@users.noreply.github.com>

2020-02-06 15:15:38 -08:00

1 Commits