My client application calls an Azure App Service with HttpClient Something like this:
HttpClientHandler handler = new HttpClientHandler();
if (I detect a certificate is needed)
{
httpClientHandler.ClientCertificates.Add(cert);
httpClientHandler.ClientCertificateOptions = ClientCertificateOption.Manual;
}
var client = new HttpClient(handler);
var result = await client.GetAsync("http://www.contoso.com/");
I only want to add the client certificate if I can detect the page needs it. For instance, if you paste a URL into a browser that needs client certificates, the browser offers a selection of certificates the user can choose. I have a certificate list in my app too, but only want to show it if the server needs it.
I can call the server and get back a 403, then provide my list. However, it could be a 403 for other authentication reasons, so that would be misleading.
I guess I'm asking - "How to browsers detect a URL requires a client certificate"
Thanks