How to call an Api with client credential authentication from blazor server-side

[florianwachs]

Hi there, thanks for aspnetcore and your time.

I'm struggeling with Blazor Server-side and client certificate authentication.
Basically, it's created from the blazor server-side template and I added an ApiController that is protected by client-certificate auth.
I followed the documentation and when I call my blazor app, I get the browser dialog to choose from several Certificates. When I select one, blazor recognizes that and returns me the information that I´m signed in (ClaimsCredential ist authenticated and the authentication type is "Certificate".
Now my problem / question:

How can I call the protected ApiController from Blazor-serverside with an HttpClient that has the correct client-certificate set? Is that at all possible?

I know that when I´m using Blasor WASM, because it uses fetch in the end, the client certificate auth "just works".

Is there a way to call the protected api from blazor-serverside?

Thanks a lot!

[SteveSandersonMS]

As far as I know, you won't be able to make the call directly from the server, because the server doesn't have access to the private part of the client certificate, nor can it get access to that (the client isn't supposed to disclose that information to the server).

However if you wanted, you could use JS interop to make a call to your own JS code in the browser, and have code there that makes the HTTP request. We don't have a built-in simple mechanism for doing that, since Blazor WebAssembly's implementation is baked into the .NET webassembly runtime and hence can't be used on Blazor Server. So you would have to implement this mechanism yourself.

CC @javiercn for any further suggestions.

[florianwachs]

Thank you very much! That helps me, will try that.