Last active
December 23, 2015 19:53
-
-
Save magohl/9fdc85d56541ff7f1fcb to your computer and use it in GitHub Desktop.
IISExpress SSL with ClientCertificates (2-way mututal SSL)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| How to get VS2015 with IISExpress to work with a per "folder/controller" requirement of ClientCertificates: | |
| 1. Bind server certificate to port using (elevated) NETSH.EXE | |
| --- netsh http add sslcert ipport=0.0.0.0:9880 certhash=ffffcf57c84e7ed391ee842d668f7f11fffffff appid={aaaabbbbccc-guid-ddddd} | |
| --- Note that we will not enable client certificate negotiation here) | |
| --- Tip: The server certificate is typically installed in LocalMachine/Personal as opposed to client certs that are in CurrentUser | |
| 2. Edit {your-app-folder}\src\.vs\config\applicationhost.config | |
| ---- Change overrideModeDefault to "allow" on access | |
| ---- <section name="access" overrideModeDefault="Allow" /> | |
| 3. Add binding to the site in {your-app-folder}\src\.vs\config\applicationhost.config. Here i used port 9880 | |
| ---- <binding protocol="https" bindingInformation="*:9880:your-cert-cn-name-here" /> | |
| 4. Add section in web.config with the controller/folder namne as location path | |
| ---- <location path="CertificateLogin" > | |
| <system.webServer> | |
| <security> | |
| <access sslFlags="Ssl,SslNegotiateCert,SslRequireCert" /> | |
| </security> | |
| </system.webServer> | |
| </location> | |
| Done! Restart IISExpress. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment