Docs / Plan for Client cert handling

[samsp-msft]

If the proxy is handling the client cert how does it pass it to the back end server?
Can the proxy do cert auth with the backend so that the backend can trust connections are coming from the proxy

[Tratcher]

If the proxy is handling the client cert how does it pass it to the back end server?

See https://github.com/microsoft/reverse-proxy/blob/main/src/ReverseProxy/Service/RuntimeModel/Transforms/RequestHeaderClientCertTransform.cs

Can the proxy do cert auth with the backend so that the backend can trust connections are coming from the proxy

See https://microsoft.github.io/reverse-proxy/articles/proxyhttpclientconfig.html#httpclient, though there's a proposal to remove this from the config and only support it via the extensible factory:
#352 (comment)

[Tratcher]

#999
#1031

[alnikola]

It seems #999 is moved into "Backlog" and #1031 is completed.
@samsp-msft @Tratcher Can we now close this issue as completed?

[Tratcher]

The 3rd question here is if https://microsoft.github.io/reverse-proxy/articles/transforms.html#clientcert is adequate documentation for flowing an external client certificate?

[samsp-msft]

No, I don't think its adequate docs... yet. I think there needs to be a bit more preamble. I'll create a PR.

[samsp-msft]

Triage: Also need to clarify how client certs should be validated.

[karelz]

Triage: The docs are likely in ASP.NET already - find them and link them.