RE: HttpClientCertificate IsValid method

From: Grant Holdom (grant@forgetspam.co.nz)
Date: 08/23/02 

From: "Grant Holdom" <grant@forgetspam.co.nz>
Date: Thu, 22 Aug 2002 15:30:40 -0700

Thanks for your reply Patrick.

So this would be a safe and secure way of authenticating
users with client certificates?

Would this eliminate the use of phony certificates?

Is this the recommended way?

Forgive my security paranoia, but I want to be sure that
if I authenticate users in this way that the solution is
as secure as possible.

Thanks in advance,
Grant.

>-----Original Message-----
>Grant,
>
>You can assume that if IsValid is True and you have
validated your data
>against the SerialNumber and/or name that the
certifiacte is valid.
>
>Patrick Cole
>Microsoft Developer Support
>
>This posting is provided "AS IS" with no warranties, and
confers no rights.
>You assume all risk for your use. © 2002 Microsoft
Corporation. All rights
>reserved.
>--------------------
>| Content-Class: urn:content-classes:message
>| From: "Grant Holdom" <grant@forgetspam.co.nz>
>| Sender: "Grant Holdom" <grant@forgetspam.co.nz>
>| Subject: HttpClientCertificate IsValid method
>| Date: Wed, 14 Aug 2002 16:43:13 -0700
>| Lines: 17
>| Message-ID: <212f01c243ec$5aae4b30
$36ef2ecf@tkmsftngxa12>
>| MIME-Version: 1.0
>| Content-Type: text/plain;
>| charset="iso-8859-1"
>| Content-Transfer-Encoding: 7bit
>| X-Newsreader: Microsoft CDO for Windows 2000
>| Thread-Index: AcJD7FqusTyIYvVpTQmzeYhD45VgzQ==
>| X-MimeOLE: Produced By Microsoft MimeOLE
V5.50.4910.0300
>| Newsgroups:
microsoft.public.dotnet.framework.aspnet.security
>| Path: cpmsftngxa06
>| Xref: cpmsftngxa06
microsoft.public.dotnet.framework.aspnet.security:1903
>| NNTP-Posting-Host: TKMSFTNGXA12 10.201.226.40
>| X-Tomcat-NG:
microsoft.public.dotnet.framework.aspnet.security
>|
>| Hi All,
>|
>| What are the precise capabilities of the IsValid
method
>| on the HttpClientCertificate class.
>|
>| If I validate a certificate's name and serial number
with
>| a data store and use the IsValid method, can I then be
>| sure that the certificate is only from that person
(given
>| the CA is honest).
>|
>| Basically, I want to be able to validate a client
>| certificate from within ASP (like client certificate
>| mapping in IIS).
>|
>|
>| Thanks,
>| Grant.
>|
>
>.
>

Relevant Pages

  • Re: How do you create client certificates?
    ... Certificate in Certsrv it only seems to give an option for 'exchange' as ... ClientCertificate-based Authentication on the IIS website that you ... Authentication to Require Client Certificates. ... your Exchange Server or other websites which don't have Client ...
    (microsoft.public.inetserver.iis.security)
  • Client Certificate -> IIS -> SQL - will it work?
    ... application support client certificates in addition to Basic ... authentication at the IIS level (implemented with Basic authentication ... of course was that the user who presented a certificate could not access ... certificates in this manner because the user credentials could not be ...
    (microsoft.public.dotnet.framework.aspnet.security)
  • Re: How do I make a local machine client certificate available to all users?
    ... I have Windows server 2003 SP1 running a website. ... I thought by using client certificates that the machine could be ... but the certificate is installed on a per user basis. ... Are you trying to install one client certificate on machine and have ...
    (microsoft.public.inetserver.iis.security)
  • RE: IEEE 802.1x & EAP-TLS design based on Windows 2000 Server
    ... CAPICOM is not installed - if that's a blocker, it looks like you'll need to ... For SSL certificate mapping to work for AD principals, ... > That's not crazy at all - in fact, for standalone CAs, certreq, xenroll, ... You want to use client certificates, ...
    (Focus-Microsoft)
  • Re: httpwebrequest failure with .net service
    ... The original problem was/is with the web-server certificate verification on ... using client certificates however as I will need the service to use different ... "Joe Kaplan" wrote: ... was the original problem you were having, as the admin account had access to ...
    (microsoft.public.dotnet.security)