Possibility to add client cert in HttpClient created with HttpClientFactory

[Revsgaard]

It would be nice to have the possibility to add the certificate for the TLS connection in the HttpClientFactory. In the version I am using I was getting an error (no client cert in the request) and I had to add an HttpClient empty with a handler in the Startup.cs to override the HttpClientFactory configuration.

[Ghostbird]

This is already supported by the httpClientName parameter of ResolveAsync.

As far as I can see the examples don't demonstrate the use of a named HttpClient.

The standard way to register an HttpClient for mutual TLS is to do it like this:

services
.AddHttpClient("saml")
.ConfigurePrimaryHttpMessageHandler((servicesProvider) =>
{
  var handler = new HttpClientHandler();
  handler.ClientCertificates.AddRange(certificates);
  return handler;
});

Then you can pass the client name saml as httpClientName to ResolveAsync and it works. But maybe that's what you meant? Do you consider this to be a strange override of the configuration? As far as I know this is the normal and proper way you configure the http client factory. Note that you're not adding an "empty" as you call it. You're specifically registering an http client configuration for use with mutual TLS.

Consider this part of the documentation:

The default IHttpClientFactory implementation may cache the underlying HttpMessageHandler instances to improve performance.

Callers are also free to mutate the returned HttpClient instance's public properties as desired.