< Summary - Kestrun — Combined Coverage

Information
Class: Public.Authentication.Add-KrClientCertificateAuthentication
Assembly: Kestrun.PowerShell.Public
File(s): /home/runner/work/Kestrun/Kestrun/src/PowerShell/Kestrun/Public/Authentication/Add-KrClientCertificateAuthentication.ps1
Tag: Kestrun/Kestrun@ca54e35c77799b76774b3805b6f075cdbc0c5fbe
Line coverage
0%
Covered lines: 0
Uncovered lines: 21
Coverable lines: 21
Total lines: 140
Line coverage: 0%
Branch coverage
N/A
Covered branches: 0
Total branches: 0
Branch coverage: N/A
Method coverage

Feature is only available for sponsors

Upgrade to PRO version

Coverage history

Coverage history 0 25 50 75 100 01/21/2026 - 17:07:46 Line coverage: 0% (0/21) Total lines: 140 Tag: Kestrun/Kestrun@3f6f61710c7ef7d5953cab578fe699c1e5e01a36

Metrics

Method
Add-KrClientCertificateAuthentication()

File(s)

/home/runner/work/Kestrun/Kestrun/src/PowerShell/Kestrun/Public/Authentication/Add-KrClientCertificateAuthentication.ps1

#LineLine coverage
 1<#
 2    .SYNOPSIS
 3        Adds Client Certificate authentication to the Kestrun server.
 4    .DESCRIPTION
 5        Configures the Kestrun server to use client certificate authentication for incoming requests.
 6        This allows the server to authenticate users based on their X.509 client certificates.
 7    .PARAMETER Server
 8        The Kestrun server instance to configure.
 9        If not specified, the current server instance is used.
 10    .PARAMETER AuthenticationScheme
 11        The name of the client certificate authentication scheme (default is 'Certificate').
 12    .PARAMETER DisplayName
 13        The display name for the authentication scheme.
 14    .PARAMETER Description
 15        A description of the client certificate authentication scheme.
 16    .PARAMETER Deprecated
 17        If specified, marks the authentication scheme as deprecated in OpenAPI documentation.
 18    .PARAMETER DocId
 19        The documentation IDs to associate with this authentication scheme.
 20    .PARAMETER Options
 21        The Client Certificate authentication options to configure.
 22        If not specified, default options are used.
 23    .PARAMETER AllowedCertificateTypes
 24        Specifies which certificate types are allowed (Chained, SelfSigned, or All).
 25    .PARAMETER ValidateCertificateUse
 26        If specified, validates that the certificate is valid for client authentication.
 27    .PARAMETER ValidateValidityPeriod
 28        If specified, validates that the certificate is within its validity period.
 29    .PARAMETER RevocationMode
 30        The revocation mode to use when validating certificates (NoCheck, Online, Offline).
 31    .PARAMETER Logger
 32        A logger to use for logging authentication events.
 33    .PARAMETER PassThru
 34        If specified, returns the modified server instance after adding the authentication.
 35    .EXAMPLE
 36        Add-KrClientCertificateAuthentication -Server $server -PassThru
 37        This example adds client certificate authentication to the specified Kestrun server instance and returns the mod
 38    .EXAMPLE
 39        Add-KrClientCertificateAuthentication -Server $server -AllowedCertificateTypes Chained -ValidateCertificateUse -
 40        This example adds client certificate authentication with strict validation to the Kestrun server.
 41    .LINK
 42        https://learn.microsoft.com/en-us/aspnet/core/security/authentication/certauth
 43    .NOTES
 44        This cmdlet is used to configure client certificate authentication for the Kestrun server,
 45        allowing you to secure your APIs with X.509 certificates.
 46        Maps to Kestrun.Hosting.KestrunHostAuthnExtensions.AddClientCertificateAuthentication
 47#>
 48function Add-KrClientCertificateAuthentication {
 49    [KestrunRuntimeApi('Definition')]
 50    [CmdletBinding(defaultParameterSetName = 'v1')]
 51    [OutputType([Kestrun.Hosting.KestrunHost])]
 52    param(
 53        [Parameter(Mandatory = $false, ValueFromPipeline)]
 54        [Kestrun.Hosting.KestrunHost]$Server,
 55
 56        [Parameter()]
 57        [string]$AuthenticationScheme = [Kestrun.Authentication.AuthenticationDefaults]::CertificateSchemeName,
 58
 59        [Parameter()]
 60        [string]$DisplayName = [Kestrun.Authentication.AuthenticationDefaults]::CertificateDisplayName,
 61
 62        [Parameter()]
 63        [string[]]$DocId = [Kestrun.OpenApi.OpenApiDocDescriptor]::DefaultDocumentationIds,
 64
 65        [Parameter()]
 66        [string]$Description,
 67
 68        [Parameter()]
 69        [switch]$Deprecated,
 70
 71        [Parameter(Mandatory = $true, ParameterSetName = 'Options')]
 72        [Kestrun.Authentication.ClientCertificateAuthenticationOptions]$Options,
 73
 74        [Parameter(ParameterSetName = 'v1')]
 75        [Microsoft.AspNetCore.Authentication.Certificate.CertificateTypes]$AllowedCertificateTypes,
 76
 77        [Parameter(ParameterSetName = 'v1')]
 78        [switch]$ValidateCertificateUse,
 79
 80        [Parameter(ParameterSetName = 'v1')]
 81        [switch]$ValidateValidityPeriod,
 82
 83        [Parameter(ParameterSetName = 'v1')]
 84        [System.Security.Cryptography.X509Certificates.X509RevocationMode]$RevocationMode,
 85
 86        [Parameter(ParameterSetName = 'v1')]
 87        [Serilog.ILogger]$Logger,
 88
 89        [Parameter()]
 90        [switch]$PassThru
 91    )
 92    process {
 093        if ($PSCmdlet.ParameterSetName -ne 'Options') {
 094            $Options = [Kestrun.Authentication.ClientCertificateAuthenticationOptions]::new()
 95
 96            # Configure certificate validation options
 097            if ($PSBoundParameters.ContainsKey('AllowedCertificateTypes')) {
 098                $Options.AllowedCertificateTypes = $AllowedCertificateTypes
 99            }
 0100            if ($ValidateCertificateUse.IsPresent) {
 0101                $Options.ValidateCertificateUse = $true
 102            }
 0103            if ($ValidateValidityPeriod.IsPresent) {
 0104                $Options.ValidateValidityPeriod = $true
 105            }
 0106            if ($PSBoundParameters.ContainsKey('RevocationMode')) {
 0107                $Options.RevocationMode = $RevocationMode
 108            }
 109
 110            # Configure description and deprecated flag
 0111            if (-not [string]::IsNullOrWhiteSpace($Description)) {
 0112                $Options.Description = $Description
 113            }
 0114            $Options.Deprecated = $Deprecated.IsPresent
 115
 116            # Configure logger
 0117            if ($null -ne $Logger) {
 0118                $Options.Logger = $Logger
 119            }
 120
 121            # Set OpenApi documentation IDs
 0122            $Options.DocumentationId = $DocId
 123        }
 124
 125        # Ensure the server instance is resolved
 0126        $Server = Resolve-KestrunServer -Server $Server
 127
 0128        [Kestrun.Hosting.KestrunHostAuthnExtensions]::AddClientCertificateAuthentication(
 129            $Server,
 130            $AuthenticationScheme,
 131            $DisplayName,
 132            $Options
 0133        ) | Out-Null
 134
 0135        if ($PassThru.IsPresent) {
 136            # if the PassThru switch is specified, return the modified server instance
 0137            return $Server
 138        }
 139    }
 140}
Generated by: ReportGenerator 5.5.1.0
02/03/2026 - 18:01:45
GitHub | reportgenerator.io

Methods/Properties

Add-KrClientCertificateAuthentication()