When calling an API on our APIM from Blazor WASM using a HTTP client, the user is asked to select a client certificate. we don't need this extra authenticaton method since this method is secured by a jwt token.
On our APIM we have enabled the option "Negotiate client certificate" to enable some clients which can only authenticate with client certificates. Since this is enabled on the domain level it is not possible to disable this option.
Is there any way to disable the (browser) behavior through the Httpclient configuration, so the users is no longer asked to select a client certificate?
reproduction code:
@code {
protected override async Task OnInitializedAsync()
{
HttpClient x = new HttpClient();
await x.GetAsync("https://api.domain.tld/method/");
}
}
I tried to set the ClientCertificateOptions to ClientCertificateOption.Manuel I tried to set the LocalCertificateSelectionCallback, but that does need an actual certificate
I can reproduce my problem when using the js fetch api like this:
fetch("https://api.domain.tld/method/", {
method: "GET",
headers: {
"Ocp-Apim-Subscription-Key": "the-actual-key-here",
"Authorization" : "Bearer ey...Pw"},
"Host": "api.domain.tld",
"Origin": "https://someorigin"
})
but I have no clue how to stop the browser from requesting the client certificate
You could solve this from APIM side by setting up a second custom domain name specifically for browser clients and not enabling negotiate option on it.