Allow but not request client certificate in asp net core


ASP.NET is a popular programming language used for building web applications. One common requirement in web development is the need to allow or request client certificates for secure communication. In this article, we will explore how to allow but not request client certificates in ASP.NET Core.

Enabling Client Authentication

To enable client certificate authentication in ASP.NET Core, we need to configure the server to accept client certificates. This can be done in the startup class of your application.

public void ConfigureServices(IServiceCollection services)
        .AddCertificate(options =>
            options.AllowedCertificateTypes = CertificateTypes.All;
            options.RevocationMode = X509RevocationMode.NoCheck;

In the above code, we are certificate authentication to the authentication . We set the AllowedCertificateTypes property to “All” to allow any client certificate. We also set the RevocationMode property to “NoCheck” to skip certificate revocation checks.

Allowing but Not Requesting Client Certificates

By default, when client certificate authentication is enabled, the server requests a client certificate from the client. However, in some scenarios, we may want to allow client certificates but not them. To achieve this, we can modify the authentication middleware configuration.

public void Configure(IApplicationBuilder app, IWebHostEnvironment env)

    app.Use( (context, next) =>
        var cert = context.Connection.ClientCertificate;
        if (cert != null)
            // Certificate is present,  additional  if required

        await next.Invoke();

    // Other middleware and  configuration

In the above code, we are adding a custom middleware component that runs the authentication middleware. Inside this middleware, we check if a client certificate is present in the connection. If a certificate is present, we can perform additional validation or processing as needed.


In this article, we have explored how to allow but not request client certificates in ASP.NET Core. By configuring the authentication middleware and adding custom middleware components, we can enable client certificate authentication and perform additional validation if required. This provides flexibility in handling client certificates in web applications.

Rate this post

Leave a Reply

Your email address will not be published. Required fields are marked *

Table of Contents