Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Programatically set a binding to require client certificate negotiation in iis

Tags:

c#

certificate

iis

ssl

netsh

How can I achieve the equivalent of setting clientcertnegotiation=enable with netsh from an application using C# (without execing a command line).

netsh http add sslcert ipport=0.0.0.0:8000 certhash=2064a43f429fe97746ce0c1c9adcd4ea93415f6d appid={4dc3e181-e14b-4a21-b022-59fc669b0914} clientcertnegotiation=enable

The following code sucessfully adds the cert

using (var manager = new ServerManager())
        {
            var siteBindings = from s1 in manager.Sites
                               from b1 in s1.Bindings
                               where b1.Protocol.Equals("https")
                               select new {SiteName = s1.Name, Binding = b1};

            foreach (var siteBinding in siteBindings)
            {
                siteBinding.Binding.CertificateHash = cert.GetCertHash();
            }

            // This is correctly setting the values on the Ssl Cert configuration section in IIS
            var config = manager.GetApplicationHostConfiguration();
            var accessSection = config.GetSection("system.webServer/security/access", "WebActivationService");
            accessSection["sslFlags"] = @"Ssl, SslRequireCert";

            manager.CommitChanges();
        }

but running netsh http show sslcert will show that it unsets Negotiate Client Certificate

IP:port                 : 0.0.0.0:8000
Certificate Hash        : 2064a43f429fe97746ce0c1c9adcd4ea93415f6d
Application ID          : {4dc3e181-e14b-4a21-b022-59fc669b0914}
Certificate Store Name  : MY
Verify Client Certificate Revocation    : Enabled
Verify Revocation Using Cached Client Certificate Only    : Disabled
Usage Check    : Enabled
Revocation Freshness Time : 0
URL Retrieval Timeout   : 0
Ctl Identifier          : (null)
Ctl Store Name          : (null)
DS Mapper Usage    : Disabled
Negotiate Client Certificate    : Disabled

deleting and re-creating the binding has the same effect

like image 531
dice Avatar asked Aug 10 '11 12:08

dice

1 Answers

from windows server 2003 + the following can be used:

ULONG HttpSetServiceConfiguration(
  __in  HANDLE ServiceHandle,
  __in  HTTP_SERVICE_CONFIG_ID ConfigId,
  __in  PVOID pConfigInformation,
  __in  ULONG ConfigInformationLength,
  __in  LPOVERLAPPED pOverlapped
);

http://msdn.microsoft.com/en-us/library/windows/desktop/aa364503(v=vs.85).aspx

like image 79
dice Avatar answered Oct 17 '22 06:10

dice
Sign in to Comment

Related questions

Subscriber method vs event
How do I set the AppDomain FriendlyName in a ClickOnce scenario?
C# LINQ Stored Procedure
More than one important path for .NET Process
Why Control.FromHandle(IntPtr) returns null in one hooked process and returns valid object of "Form"? in another hooked process?
Why does Code Contracts shows "Malformed contract. Found Requires after assignment" in method with params keywork?
Task synchronization without a UI thread
Use resource files instead of satellite assemblies
How can I ensure that IsInRole checks are not using cached credentials
Using C# dynamic method for an object
"OCR running error" when using MODI 2003 with C#
Is there any difference between Customer Enum Type and System Enum Type
Proper way to remove a Trigger
How to search any property from a table with linq?
Combobox Drop Down list
About the performance of c# delegate creation
Virtualizing Uniformgrid
How do I save filter values in WPF toolkit datagrid "filter extension"?
Scrollable textblock in windows phone 7
Is there a TTS Engine with a Natural Voice?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!