GetClientCertificate（）在验证客户端验证时返回null

Question

我正在尝试设置客户端证书以使用WebApi。

在WebApi中，我有一个AuthorizationFilterAttribute

public override void OnAuthorization(HttpActionContext actionContext)
{
    certificate = actionContext.Request.GetClientCertificate();
    if (certificate == null)
    {
       throw new ValidationException(1701, StatusTexts.AccessDenied1701);
    }

    ValidateCertififcate();

    base.OnAuthorization(actionContext);
}

我调用api的代码是

X509Store store = new X509Store(StoreName.My, StoreLocation.LocalMachine);
store.Open(OpenFlags.ReadOnly);

var certifcates = store.Certificates.Find(X509FindType.FindBySerialNumber, "344da140810b30854f01a96c2035e05d", false);

var cert = certifcates[0];

HttpWebRequest Request = (HttpWebRequest)WebRequest.Create(url);
Request.ClientCertificates.Add(cert);
Request.Method = "GET";
Request.ServerCertificateValidationCallback +=
            delegate (object sender, X509Certificate certificate, X509Chain chain, System.Net.Security.SslPolicyErrors sslPolicyErrors)
            {
                return true; // **** Always accept
            };
HttpWebResponse Response = (HttpWebResponse)Request.GetResponse();

我正在使用IISExpress并且我已经改变了我的..vs \ config \ applicationhost.config来拥有这些行

<iisClientCertificateMappingAuthentication enabled="true">
            </iisClientCertificateMappingAuthentication>

我在这两个选项之间切换

  <access sslFlags="SslNegotiateCert" />

和

<access sslFlags="Ssl" />

一个返回null GetClientCertificate（），另一个返回'请求已中止：无法创建SSL / TLS安全通道。'

我使用此命令创建客户端证书

New-SelfSignedCertificate -Type Custom -Subject "CN=Jepsen,OU=UserAccounts,DC=corp,DC=contoso,DC=com" -TextExtension @("2.5.29.37={text}1.3.6.1.5.5.7.3.2","2.5.29.17={text}upn=jepsen@contoso.com") -KeyUsage DigitalSignature -KeyAlgorithm RSA -KeyLength 2048 -CertStoreLocation "Cert:\LocalMachine\My"

并将证书复制到受信任的根证书颁发机构

（仍然怀疑这是出错的地方？）

我读过这个（很多次）并尝试了reg编辑而没有运气 How to use a client certificate to authenticate and authorize in a Web API

还读这个 IISExpress ClientCertificate Setup Steps

我尝试使用Fiddler和Postman，没有运气。