question

PiyushMeshram-2335 avatar image
0 Votes"
PiyushMeshram-2335 asked lextm commented

How to verify request signing with IIS

IIS Hosted .Net WebAPI is using Mutual TLS (MTLS). I need to verify the request signing process.

WebAPI is used to exchange message between two systems secured with oAuth (Bearer token authentication) and MTLS.


Suppose IIS hosted url looks like this: www.webapi.com/api/v1/sendmessage
Client has a valid client certificate for MTLS.

Client Sends request payload: (XML or JSON payload)
Client Receives response: (XML or JSON)


  1. How to verify request payload signing? is it a code level and I have trace/log it in file or something? or we can configure it in IIS?

  2. If using request signing, can we also do response signing?

  3. The purpose of signing is to exchange untampered message between two systems, so I guess Certificate Verification process in MTLS handles it automatically, am I correct?

  4. How to verify and confirm the request is signed and using MTLS.

windows-server-iis-generalwindows-server-iis-configurationwindows-server-iis-troubleshootingwindows-server-iis-security
· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

MTLS conversations happen in network layer, so your C# code in application layer has no chance to know the details.

0 Votes 0 ·

0 Answers