azure-docs icon indicating copy to clipboard operation
azure-docs copied to clipboard
verified publisher icon MicrosoftDocs

How to send certificate to web app in my application

Open yansyunchen opened this issue 3 years ago • 3 comments

I have question here, if I enable client certificate as "Require". When I browse my web app, it will pop up a window to input the certificate. So, I would like to know if my flow is "my application" -> "web app", how to send the certificate to the web app in my application, is to write some code to achieve it? Thanks

Document Details

Do not edit this section. It is required for docs.microsoft.com ➟ GitHub issue linking.

yansyunchen avatar Aug 10 '22 05:08 yansyunchen

@yansyunchen Thanks for the feedback! We are currently investigating and will update you shortly.

SnehaAgrawal-MSFT avatar Aug 10 '22 09:08 SnehaAgrawal-MSFT

@yansyunchen Thanks for asking question! Could you please clarify what are you referring to when saying: "my application" -> "web app"

This document is referring to enable in-bound client certificate authentication (TLS mutual authentication) to your Azure Web App.

To add more on different options:

  • "Require" will block the request on the AppService level where no certificate was provided.
  • "Ignore" will not require a certificate.
  • "Allow" option enables authentication to your app using both certificate and AAD token and when choosing "allow" the app will request a certificate - by that enabling an authentication with it.

SnehaAgrawal-MSFT avatar Aug 16 '22 06:08 SnehaAgrawal-MSFT

Hi, @SnehaAgrawal-MSFT , thanks for your response. What I would like to know is do we have any example about how to send the "certificate" to web app which I enable the TLS mutual authentication? Thank you

yansyunchen avatar Aug 17 '22 02:08 yansyunchen

@yansyunchen Could you please elaborate on what do you mean by sending the certificate to web app? As this article is about how to set up your web app to use client certificate authentication.

SnehaAgrawal-MSFT avatar Aug 17 '22 16:08 SnehaAgrawal-MSFT

Since we have not heard back from you we will now proceed to close this thread. If there are further questions regarding this matter, please let us know.

SnehaAgrawal-MSFT avatar Aug 19 '22 05:08 SnehaAgrawal-MSFT

@SnehaAgrawal-MSFT I have same questions on this. After enabling "Require" option. When we try to browse the application It is expecting some certificate to be passed. But Our application is user facing application how can we pass the certificate from each individual clients browser.

Is this setting a valid option for user facing facing front end app?

We got this recommendation In MS cloud defender

"Web apps should request an SSL certificate for all incoming requests" Azure Security Benchmark Severity Medium

Description Client certificates allow for the app to request a certificate for incoming requests. Only clients that have a valid certificate will be able to reach the app. Remediation steps Manual remediation: To set Client Certificates for your Web App:

  1. Navigate to Azure App Service
  2. Select Configuration
  3. Go to the General Settings tab
  4. Set Incoming Client Certificates to Require. For more information, visit here: https://aka.ms/auth-tls

and we are trying to fix this. but after enabling this option , we are not be able to use our application . It shows up popup screen to select a certificate. and if you close that popup it gives 403 error.

kspoojary avatar Sep 27 '22 04:09 kspoojary