|
security
newsgroups
|
|||||||||||||||||||||||
|
|||||||||||||||||||||||
Client Certificate SelectionI have what I hope to be a simple question. I'm currently working on a
project that uses IIS to request a Client Cert (X509) from a CAC/ Smartcard. However, we want to get away from IIS mandating this requirement and have ASP.NET (C#) request this cert from the client. Is there anyway in .NET to force the Client Cert request dialog as IIS would do it? Or even automatically select a client cert from the supplied certs? (The CAC/Smartcards house 2 or more certs.) TIA I don't think so as the SSL negotiation is all done by IIS long before the
ASP.NET code ever executes. What would it get you by having ASP.NET do this instead of IIS? I suppose you could implement your own web server using SslStream as a starting point to get total control over what is going on, but that sounds like an awful lot of work to do. Joe K. -- Show quoteHide quoteJoe Kaplan-MS MVP Directory Services Programming Co-author of "The .NET Developer's Guide to Directory Services Programming" http://www.directoryprogramming.net -- <CynicalIr***@gmail.com> wrote in message news:1171317600.999709.40050@p10g2000cwp.googlegroups.com... >I have what I hope to be a simple question. I'm currently working on a > project that uses IIS to request a Client Cert (X509) from a CAC/ > Smartcard. However, we want to get away from IIS mandating this > requirement and have ASP.NET (C#) request this cert from the client. > Is there anyway in .NET to force the Client Cert request dialog as IIS > would do it? Or even automatically select a client cert from the > supplied certs? (The CAC/Smartcards house 2 or more certs.) > > TIA > Thanks for the reply Joe. The reason I was looking for this type of
solution was we have to house both Form and Certificate login. We were hoping to push it all through one application/website, but from what you're saying it would not be feasable. I was hoping that wasn't the case, but it can't hurt to ask right? Randy I think you really want separate apps. :)
You could have them in separate virtual directories so you don't need totally separate web sites, but I think the effort to try to make them work combined would not be worth it. Joe K. -- Show quoteHide quoteJoe Kaplan-MS MVP Directory Services Programming Co-author of "The .NET Developer's Guide to Directory Services Programming" http://www.directoryprogramming.net -- <CynicalIr***@gmail.com> wrote in message news:1171374128.602445.139580@k78g2000cwa.googlegroups.com... > Thanks for the reply Joe. The reason I was looking for this type of > solution was we have to house both Form and Certificate login. We were > hoping to push it all through one application/website, but from what > you're saying it would not be feasable. > > I was hoping that wasn't the case, but it can't hurt to ask right? > > Randy > 
Other interesting topics
Any chance to differ local group or domain group from windowsIdentity groups?
Books on .net security Client certificates do not show up installing the last Root Update Defender has to be turned on every time computer is turned on Could not establish secure channel for SSL/TLS. Retrieving the private key associated with a certificate Impersonation in .NET 2.0 Display of encrypted data windows defender DSA signing |
|||||||||||||||||||||||
