How to connect a Xamarin android application to Azure with a self signed certificate in C#?

Issue

Dear Stackoverflow users,

I've linked an azure key vault self-signed certificate to my Azure web application, enabled minimal TLS v1.0 and set client certificate mode to Required to force SSL/TLS.

If I install the key vault pfx certificate on my windows machine and navigate to my url (ie: https://mywebapp.azurewebsites.net) my browser prompt me to use my certificate otherwise I've got a 403 Frobidden error, and that's fine.

When I'm loading this pfx in my Xamarin android app, I've always got a 403 Frobidden error.

Here is my code:

    using (HttpClientHandler handler = new HttpClientHandler() {
        SslProtocols = System.Security.Authentication.SslProtocols.Tls12,
        AutomaticDecompression = DecompressionMethods.Deflate | DecompressionMethods.GZip,
        ClientCertificateOptions = ClientCertificateOption.Manual
    })
    {
        //Add SSL certificat
        X509Certificate2 _privateCert = GetPrivateAPICertificate(); //get a self-signed pfx stored localy in the android filesystem
        if (_privateCert != null)
        {
            handler.ClientCertificates.Add(_privateCert); 
            handler.CheckCertificateRevocationList = false;
            
            handler.ServerCertificateCustomValidationCallback =
                (httpRequestMessage, cert, cetChain, policyErrors) =>
                {
                    return true; // <- when debugging return 2 Microsoft Azure certificate with subject *.azurewebsites.net but not the one I've added to my WebApp "TLS/SSL settings" blade.
                };
        }
    
        using (HttpClient httpClient = new HttpClient(handler))
        {
            using (var request = new HttpRequestMessage { RequestUri = new Uri(url), Method = method })
            {
                response = await httpClient.SendAsync(request).ConfigureAwait(false);
                responseAsString = await response.Content.ReadAsStringAsync();
                response.EnsureSuccessStatusCode(); // <- Throw exception: "Response status code does not indicate success: 403 (Forbidden)."
            }
        }
    }

What am i doing wrong?

Edit: added GetPrivateAPICertificate function

    private X509Certificate2 GetPrivateAPICertificate()
    {
        var assembly = IntrospectionExtensions.GetTypeInfo(typeof(MyCoreAssembly)).Assembly;
        X509Certificate2 cert = new X509Certificate2();

        using (StreamReader sr = new StreamReader(assembly.GetManifestResourceStream("MyCoreAssembly.mycert.pfx")))
        {
            using (MemoryStream ms = new MemoryStream())
            {
                sr.BaseStream.CopyTo(ms);
                cert = new X509Certificate2(ms.ToArray());
            }
        }
        return cert;
    }

---

UPDATE

I've made some tests with postman, and if I add my pfx certificate in the settings of postman I can access the Azure API. This is not a certificate configuration problem in Azure.

I don't understand why the certificate is not send from Xamarin in my HttpRequest !

UPDATE 2

I've also put the same exact code in a ASP.NET console application and it works. I think I have to add something to the my HTTP call in Xamarin...

Solution

I've finally found a way to achieve this. The following post has the point: Xamarin Android - Call API using HttpClient with Certificate

By using HttpWebRequest instead of HttpClient I'm able to send my request with a certificate.

This is a regression since HttpWebRequest is less intuitive than the new HttpClient implementation, but that's the only solution I've found so far...

Answered By - SuperPoney