Is there a contradiction between the two descriptions?

[Varorbc]

Description

• Is there a contradiction between the two descriptions?

AspNetCore.Docs/aspnetcore/security/authentication/certauth.md

Line 14 in 6ebc89a

`Microsoft.AspNetCore.Authentication.Certificate` contains an implementation similar to [Certificate Authentication](https://tools.ietf.org/html/rfc5246#section-7.4.4) for ASP.NET Core. Certificate authentication happens at the TLS level, long before it ever gets to ASP.NET Core. More accurately, this is an authentication handler that validates the certificate and then gives you an event where you can resolve that certificate to a `ClaimsPrincipal`.

AspNetCore.Docs/aspnetcore/security/authentication/certauth.md

Lines 67 to 69 in 6ebc89a

	If the handler's <xref:Microsoft.AspNetCore.Authentication.Certificate.CertificateAuthenticationOptions.ChainTrustValidationMode> property is set to `X509ChainTrustMode.CustomRootTrust`, this <xref:System.Security.Cryptography.X509Certificates.X509Certificate2Collection> contains every certificate which will be used to validate the client certificate up to a trusted root, including the trusted root.
	When the client presents a certificate which is part of a multi-level certificate chain, `CustomTrustStore` must contain every issuing certificate in the chain.

• This article does not give the impression of being ready to use out of the box, and some descriptions or examples are not very accurate. I hope this article can be reviewed again.

Page URL

https://learn.microsoft.com/en-us/aspnet/core/security/authentication/certauth?view=aspnetcore-8.0

Content source URL

https://github.com/dotnet/AspNetCore.Docs/blob/main/aspnetcore/security/authentication/certauth.md

Document ID

d2db534b-198a-dc99-5b5a-0525582d39ac

Article author

@blowdart