In my current project, we have to integrate with a third party API. One of the security requirements is to use mTLS. This means we have to pass the client certificate when sending HTTP requests to the third party. Since we’re using named HttpClient, we can specify the client certificate when registering the HttpClient in Startup.cs
X509Certificate2 clientCertificate = ....; // retrieve client certificate
services
.AddHttpClient("SampleThirdPartyApiClient", client => {
// BaseAddress and other configurations go here
})
.ConfigurePrimaryHttpMessageHandler(() =>
{
var httpMessageHandler = new HttpClientHandler
{
ClientCertificateOptions = ClientCertificateOption.Manual
};
httpMessageHandler.ClientCertificates.Add(clientCertificate);
return httpMessageHandler;
});