Your code is running on the server
. You are displaying a prompt on the server
, where nobody will ever see it, to select a certificate from the server's local certificate store
It might appear
to work when you debug it in IIS Express. But that's only because, in that specific case, the server and client are the same machine.
When you deploy to IIS, in the best case scenario your code will fail with an exception telling you that you cannot display UI from a non-interactive session. In the worst case, the UI will pop up on the server, and your code will hang waiting for an administrator to log in to your server and acknowledge the hundreds of "select a cert" requests you've flooded the system with.
You can configure your site to use client certificate authentication