I would like to add client authentication through X509 certificates, so I installed my IIS server with SSL certificate and client . (as said here: Client authentication through X509 certificates in asp.net )
But as soon as the client selects a certificate, the server always responds with HTTP 403.
Therefore, in order to configure client certificate verification, I added to global.asax:
protected void Application_Start()
{
.......
ServicePointManager.ServerCertificateValidationCallback += new RemoteCertificateValidationCallback(ValidateServerCertificate);
private static bool ValidateServerCertificate(object sender, X509Certificate certificate, X509Chain chain, SslPolicyErrors sslPolicyErrors)
{
return true;
}
}
But apparently, my function is never called, and the server response is still allowed 403 (the certificate is considered unsafe).
Do you have any suggestions?