ASP.NET and client certificates

Ask a Question related to ASP.NET Security, Design and Development.

  1. Craig Humphrey #1

    Default ASP.NET and client certificates

    Hi People,

    I know in IIS Admin you can tick the box to request a client certificate
    (over an SSL connection), but does anyone know of a way, programmatically,
    to force this to happen for a particular page for a particular user?

    Basically I've got a site that uses a common code base to run, however we
    want to offer differing levels of security, primarily, with and without the
    use of client certs, but I haven't found an easy way to do this
    programmatically...

    The hard way, that I've thought of is:

    if a cert is required (in the DB) for the current user
    if a cert has been presented by the browser
    validate it
    else
    return an HTTP 401 and WWW-Authenticate : client cert
    fi
    fi

    But I'd rather not be doing this.
    The user is already authenticated using Forms authentication over an HTTPS
    connection.

    Any other ideas?

    Later'ish
    Craig




    Craig Humphrey Guest
    Reply With Quote Reply With Quote

    2. Similar Questions and Discussions

    1. Using SSL Client Certificates
      I am using HTTPS with Apache and ColdFusion MX7. The Apache server is set up to require client certificates from a specific CA. I need to find out...
    2. Client Certificates
      Hi all. I'm implementing a Web Service and a Client that comunicate with SSL. The Client has a certificate that load with:...
    3. 403 Error Web App to Web App with Client Certificates
      Hi, I'm trying to write a ASP.NET application that calls another ASP.NET application using the HttpWebRequest class. I need to secure the...
    4. Client Side Certificates for Web Services?
      Part 1: I have a simple web service. I would like to protect the web application by only allowing callers that have a client-side certificate...
    5. Using client certificates in ASP
      Hi there, I have an ASP page, which have to connect to an SSL server that requires a client certificate, but I get the following error: ...
  2. [MSFT] #2

    Default RE: ASP.NET and client certificates

    Hi Craig,

    You may consider following solution:

    1. You have a web diretory "PA" which reqiure client certificate.
    2. After form authentication, when you find the user need client
    certificate, you can redirect him to an ASPX page in "PA"
    3. In the ASPX page, you can check the HttpClientCertificate from request
    object, and redirect it back.

    Does this help?

    Luke
    Microsoft Online Support

    Get Secure! [url]www.microsoft.com/security[/url]
    (This posting is provided "AS IS", with no warranties, and confers no
    rights.)

    [MSFT] Guest
    Reply With Quote Reply With Quote
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may post replies
  • You may not post attachments
  • You may not edit your posts

Forum Rules


1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139