cert based authn

Directory.Packages.props

@@ -15,6 +15,7 @@
         <CommandLineParserVersion>2.9.1</CommandLineParserVersion>
         <StyleCopVersion>1.2.0-beta.556</StyleCopVersion>
         <SonarVersion>9.18.0.83559</SonarVersion>
+        <AspNetCoreCertificateAuthenticationVersion>8.0.1</AspNetCoreCertificateAuthenticationVersion>
     </PropertyGroup>
 
     <ItemGroup>
@@ -39,6 +40,9 @@
         <PackageVersion Include="coverlet.msbuild" Version="$(CoverletVersion)" />
         <PackageVersion Include="coverlet.collector" Version="$(CoverletVersion)" />
 
+        <!-- Samples -->
+        <PackageVersion Include="Microsoft.AspNetCore.Authentication.Certificate" Version="$(AspNetCoreCertificateAuthenticationVersion)" />
+
         <!-- Analyzers -->
         <PackageVersion Include="StyleCop.Analyzers" Version="$(StyleCopVersion)" />
         <PackageVersion Include="SonarAnalyzer.CSharp" Version="$(SonarVersion)" />

samples/AspNetCore/Backend/Backend.csproj

@@ -6,6 +6,10 @@
     <ImplicitUsings>enable</ImplicitUsings>
   </PropertyGroup>
 
+  <ItemGroup>
+    <PackageReference Include="Microsoft.AspNetCore.Authentication.Certificate"/>
+  </ItemGroup>
+
   <ItemGroup>
     <ProjectReference Include="..\..\..\src\Spiffe\Spiffe.csproj" />
   </ItemGroup>

samples/AspNetCore/Backend/Program.cs

@@ -1,5 +1,7 @@
 using System.Net;
+using System.Security.Cryptography.X509Certificates;
 using Grpc.Net.Client;
+using Microsoft.AspNetCore.Authentication.Certificate;
 using Microsoft.AspNetCore.Server.Kestrel.Https;
 using Spiffe.Grpc;
 using Spiffe.Ssl;
@@ -29,12 +31,23 @@
     });
 });
 
+builder.Services.AddAuthentication(CertificateAuthenticationDefaults.AuthenticationScheme)
+                .AddCertificate(opts =>
+                {
+                    opts.RevocationMode = X509RevocationMode.NoCheck;
+                    opts.ChainTrustValidationMode = X509ChainTrustMode.CustomRootTrust;
+                    var td = x509Source.GetX509Svid().Id.TrustDomain;
+                    opts.CustomTrustStore = x509Source.GetX509Bundle(td).X509Authorities;
+                });
+
 WebApplication app = builder.Build();
 app.Lifetime.ApplicationStopped.Register(close.Cancel);
 
 string backendCertificate = x509Source.GetX509Svid().Certificates[0].ToString(true);
 app.Logger.LogInformation("Backend certificate:\n {}", backendCertificate);
 
+app.UseAuthentication();
+
 app.MapGet("/", () => "Hello World!");
 
 app.Run();

samples/AspNetCore/Backend/packages.lock.json

@@ -2,6 +2,15 @@
   "version": 2,
   "dependencies": {
     "net8.0": {
+      "Microsoft.AspNetCore.Authentication.Certificate": {
+        "type": "Direct",
+        "requested": "[8.0.1, )",
+        "resolved": "8.0.1",
+        "contentHash": "03bDhgYZO7BVKAl0SSEujChl4bQC/Q15/OYSG5qUhBAXuAHKplt5K0q7n1SxIGeKAZUqmgxHwhG8V2XRh/6tfQ==",
+        "dependencies": {
+          "Microsoft.Extensions.Caching.Memory": "8.0.0"
+        }
+      },
       "SonarAnalyzer.CSharp": {
         "type": "Direct",
         "requested": "[9.18.0.83559, )",
@@ -30,10 +39,52 @@
           "Grpc.Core.Api": "2.60.0"
         }
       },
+      "Microsoft.Extensions.Caching.Abstractions": {
+        "type": "Transitive",
+        "resolved": "8.0.0",
+        "contentHash": "3KuSxeHoNYdxVYfg2IRZCThcrlJ1XJqIXkAWikCsbm5C/bCjv7G0WoKDyuR98Q+T607QT2Zl5GsbGRkENcV2yQ==",
+        "dependencies": {
+          "Microsoft.Extensions.Primitives": "8.0.0"
+        }
+      },
+      "Microsoft.Extensions.Caching.Memory": {
+        "type": "Transitive",
+        "resolved": "8.0.0",
+        "contentHash": "7pqivmrZDzo1ADPkRwjy+8jtRKWRCPag9qPI+p7sgu7Q4QreWhcvbiWXsbhP+yY8XSiDvZpu2/LWdBv7PnmOpQ==",
+        "dependencies": {
+          "Microsoft.Extensions.Caching.Abstractions": "8.0.0",
+          "Microsoft.Extensions.DependencyInjection.Abstractions": "8.0.0",
+          "Microsoft.Extensions.Logging.Abstractions": "8.0.0",
+          "Microsoft.Extensions.Options": "8.0.0",
+          "Microsoft.Extensions.Primitives": "8.0.0"
+        }
+      },
+      "Microsoft.Extensions.DependencyInjection.Abstractions": {
+        "type": "Transitive",
+        "resolved": "8.0.0",
+        "contentHash": "cjWrLkJXK0rs4zofsK4bSdg+jhDLTaxrkXu4gS6Y7MAlCvRyNNgwY/lJi5RDlQOnSZweHqoyvgvbdvQsRIW+hg=="
+      },
       "Microsoft.Extensions.Logging.Abstractions": {
         "type": "Transitive",
-        "resolved": "6.0.0",
-        "contentHash": "/HggWBbTwy8TgebGSX5DBZ24ndhzi93sHUBDvP1IxbZD7FDokYzdAr6+vbWGjw2XAfR2EJ1sfKUotpjHnFWPxA=="
+        "resolved": "8.0.0",
+        "contentHash": "arDBqTgFCyS0EvRV7O3MZturChstm50OJ0y9bDJvAcmEPJm0FFpFyjU/JLYyStNGGey081DvnQYlncNX5SJJGA==",
+        "dependencies": {
+          "Microsoft.Extensions.DependencyInjection.Abstractions": "8.0.0"
+        }
+      },
+      "Microsoft.Extensions.Options": {
+        "type": "Transitive",
+        "resolved": "8.0.0",
+        "contentHash": "JOVOfqpnqlVLUzINQ2fox8evY2SKLYJ3BV8QDe/Jyp21u1T7r45x/R/5QdteURMR5r01GxeJSBBUOCOyaNXA3g==",
+        "dependencies": {
+          "Microsoft.Extensions.DependencyInjection.Abstractions": "8.0.0",
+          "Microsoft.Extensions.Primitives": "8.0.0"
+        }
+      },
+      "Microsoft.Extensions.Primitives": {
+        "type": "Transitive",
+        "resolved": "8.0.0",
+        "contentHash": "bXJEZrW9ny8vjMF1JV253WeLhpEVzFo1lyaZu1vQ4ZxWUlVvknZ/+ftFgVheLubb4eZPSwwxBeqS1JkCOjxd8g=="
       },
       "StyleCop.Analyzers.Unstable": {
         "type": "Transitive",