So I have recently been struggling to get my .NET client working with mutual authentication. In the process of debugging with Fiddler, I noticed that if I make my public cert available to Fiddler, it adds it to the response I get from the server, and I am able to successfully complete my next request(instead of HTTP 401).
So my question is, what is the purpose of this functionality? Has someone experienced something similar?
So my question is, what is the purpose of this functionality? Has someone experienced something similar?
1 Answer, 1 is accepted
0
Hi, Blake--
Can you please elaborate on what exactly you're hoping to accomplish and what problem you're having?
Client Certificates allow a client application to authenticate to a server over a HTTPS connection without using a traditional username/password. You can configure Fiddler to use a client certificate to respond to a server's authentication challenges; if you want to use Fiddler when contacting a HTTPS server that requires a client certificate, you MUST configure Fiddler with the client certificate because otherwise the authentication process will fail (mutual authentication breaks MITM attacks).
I suspect you might really be saying: "My .NET code isn't working, but if I use Fiddler to do client certificate authentication it works fine. How can I fix my .NET code?" If that's the case, please share your code.
Regards,
Eric Lawrence
Telerik
Can you please elaborate on what exactly you're hoping to accomplish and what problem you're having?
Client Certificates allow a client application to authenticate to a server over a HTTPS connection without using a traditional username/password. You can configure Fiddler to use a client certificate to respond to a server's authentication challenges; if you want to use Fiddler when contacting a HTTPS server that requires a client certificate, you MUST configure Fiddler with the client certificate because otherwise the authentication process will fail (mutual authentication breaks MITM attacks).
I suspect you might really be saying: "My .NET code isn't working, but if I use Fiddler to do client certificate authentication it works fine. How can I fix my .NET code?" If that's the case, please share your code.
Regards,
Eric Lawrence
Telerik
Check out the Telerik Platform - the only platform that combines a rich set of UI tools with powerful cloud services to develop web, hybrid and native mobile apps.