ASP.NET and client certificates
From: Craig Humphrey (craig.humphrey_at_nospam.chapmantripp.com)
Date: 04/30/04
- Next message: Yan-Hong Huang[MSFT]: "RE: 80004005 error"
- Previous message: Craig Humphrey: "Re: ASP.NET Client Certificate Authentication Problem"
- Next in thread: [MSFT]: "RE: ASP.NET and client certificates"
- Reply: [MSFT]: "RE: ASP.NET and client certificates"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Fri, 30 Apr 2004 13:19:17 +1200
Hi People,
I know in IIS Admin you can tick the box to request a client certificate
(over an SSL connection), but does anyone know of a way, programmatically,
to force this to happen for a particular page for a particular user?
Basically I've got a site that uses a common code base to run, however we
want to offer differing levels of security, primarily, with and without the
use of client certs, but I haven't found an easy way to do this
programmatically...
The hard way, that I've thought of is:
if a cert is required (in the DB) for the current user
if a cert has been presented by the browser
validate it
else
return an HTTP 401 and WWW-Authenticate : client cert
fi
fi
But I'd rather not be doing this.
The user is already authenticated using Forms authentication over an HTTPS
connection.
Any other ideas?
Later'ish
Craig
- Next message: Yan-Hong Huang[MSFT]: "RE: 80004005 error"
- Previous message: Craig Humphrey: "Re: ASP.NET Client Certificate Authentication Problem"
- Next in thread: [MSFT]: "RE: ASP.NET and client certificates"
- Reply: [MSFT]: "RE: ASP.NET and client certificates"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
