c# - Disable SSL client certificate on *some* WebAPI controllers? -

-

edit future readers: unfortunately, bounty awarded answer doesn't work; nothing can now. read own answer below (through testing) - confirmed work minimal code changes

we have azure cloud service (webrole) that's entirely in asp.net webapi 2.2 (no mvc, front end angular). of our controllers/rest endpoints talk 3rd party cloud service on ssl (client cert auth/mutual auth) , rest of controllers/endpoints talk html5/angularjs front end, on ssl (but more traditional server auth ssl). don't have non-ssl endpoint. we've enabled client ssl via cloud service startup task like:

if not defined appcmd set appcmd=%systemroot%\system32\inetsrv\appcmd.exe %appcmd% unlock config /section:system.webserver/security/access

issue: setting site-wide when users hit first page (say https://domain.com, returns index.html angularjs) browser asks them client ssl cert. (image below)

if there way either

  1. limit client ssl certificate requests webapi controllers talk 3rd party cloud service?

or

  1. skip client ssl auth our front end powering webapi controllers?

our server's web.config complex relevant snippet below:

<system.webserver>   <security>     <access sslflags="sslnegotiatecert" />   </security> </system.webserver>

and screenshot of client hitting regular webapi endpoint yet attempting client ssl authentication (happens in browser, chrome, firefox or ie) enter image description here

you allow plain http traffic on web.config level , write custom delegating handler in web api pipeline this. can find client cert delegating handler here , here. make handler active "per-route" found in example here:

this route configuration like.

public static class webapiconfig {     public static void register(httpconfiguration config)     {         config.routes.maphttproute(             name: "route1",             routetemplate: "api/{controller}/{id}",             defaults: new { id = routeparameter.optional }         );          config.routes.maphttproute(             name: "route2",             routetemplate: "api2/{controller}/{id}",             defaults: new { id = routeparameter.optional },             constraints: null,             handler: new customcertificatemessagehandler()  // per-route message handler         );          config.messagehandlers.add(new someothermessagehandler());  // global message handler     } }

please note in case need "per-route" delegating handlers must not put them in global message handler list.


Comments

Post a Comment

Popular posts from this blog

python - mat is not a numerical tuple : openCV error -

-
i have write down code showing error ma not getting it: please help: showing mat not numerical tuple: import cv import cv2 capture = cv2.videocapture("j.3gp") while(1): _, frame1 = capture.read() grayimage1 = cv2.cvtcolor(frame1, cv2.color_bgr2gray) _, frame2 = capture.read() grayimage2 = cv2.cvtcolor(frame2, cv2.color_bgr2gray) differenceimage = cv2.absdiff(grayimage1,grayimage2) thresholdimage = cv2.threshold(differenceimage,25,255,cv2.thresh_binary) cv2.imshow("difference image", differenceimage) cv2.imshow("threshold image", thresholdimage) cv2.imshow("image", frame1) k = cv2.waitkey(30) & 0xff error arising : ----------------------------------------------------------------------------------------- traceback (most recent call last): file "desk.py", line 15, in <module> cv2.imshow("threshold image", thresholdimage) typeerror: mat not numerical tuple ...
Read more

c# - MSAA finds controls UI Automation doesn't -

-
i'm working on automating windows application. i'm using teststack white framework. i've hit problem. program has 'window' object cannot see inside of. white shows no controls inside of it. inspect.exe shows no controls inside of either when running in ui automation mode. if switch inspect msaa see controls inside fine. there anyway me use msaa c# handle on these controls? if can identify msaa functions need, can use p/invoke call them c#. here's example article doing msaa: http://www.codeproject.com/articles/38906/ui-automation-using-microsoft-active-accessibility also, pinvoke.net can used identify iaccessible (msaa) functions: http://www.pinvoke.net/search.aspx?search=iaccessible&namespace=[all] here's answer along lines: msaa com-based? finally, alternative p/invoke, might able use tlbimp.exe create wrapper assembly oleacc.dll, , access msaa functions through it. i'm not sure if works msaa, it's worth try. as e...
Read more

wordpress - .htaccess: RewriteRule: bad flag delimiters -

-
pulling hair out on one. have following .htaccess file custom redirects in addition wordpress's default settings. when tested on local wamp server worked fine after moving production i'm not getting rewriterule: bad flag delimiters error in server log , after while site goes down internal server error any appreciated. in advance! <ifmodule mod_rewrite.c> rewriteengine on rewritebase / rewriterule ^rockford_weddings___welcome\.html$ /wedding/ [r=301,l] rewriterule ^blog/?$ /journal/ [r=301,l] rewriterule ^blog/(.*)$ /$1 [r=301,l] rewriterule ^portraitinvestment/?$ /portraitinvestment\.pdf [r=301,l] rewriterule ^weddinginvestment/?$ /weddinginvestment\.pdf [r=301,l] rewriterule ^holidaycards2014/?$ /holidaycards2014\.pdf [r=301,l] </ifmodule> # begin wordpress <ifmodule mod_rewrite.c> rewriteengine on rewritebase / rewriterule ^index\.php$ - [l] rewritecond %{request_filename} !-f rewritecond %{request_filename} !-d rewriterule . /index.php [l] </...
Read more