Re: smart cards in asp.net
- From: Dominick Baier [DevelopMentor] <dbaier@xxxxxxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Thu, 23 Mar 2006 06:59:21 +0000 (UTC)
hi,
1 - not sure about your reader. If I insert a smartcard in my reader - the certificate gets copied automatically to my hd based store
2- it is a combination of which CA the server and client trust - this can be different for every server, so the list you see can differ. This is negotiated during the SSL handshake
http://www.leastprivilege.com/IIS6AndClientCertificates.aspx
3- client certificates over HTTP is part of the SSL protocol - so you need to use that. furthermore during the SSL handshake the client authenticates with the server, this includes signing some data for which the private key is needed - thats why you have to enter the PIN
4- thats the usual way of doing certificate based security
---------------------------------------
Dominick Baier - DevelopMentor
http://www.leastprivilege.com
I'm trying to read a smart card from asp.net. I've succesfully done it
from a Win32 native application, so I know everything is set up
correctly, including the CSP and the certificate on the CSP.
So far, to get it to work, i've done the following on iis:
Set up a folder inside my project, and set it to require SSL and
require user certificates. I redirect to an *.aspx in that folder to
grab the certificate and return control back to my application.
The following few issues are confusing me. I know this shows my lack
of understanding, so please bear with me.
1. If I delete all my certificates from IE and then insert a smartcard
in the reader, it doesn't see my certificate. I have to go to the
smartcard utility, and tell it to "publish" the certificates. After I
do that, the certificate shows up in IE, but it still prompt me to
insert the SC. I want it to prompt me for the SC, but why do I need to
publish it? That seems impractical for every smart card that may be
plugged in that reader.
2. I surfed the web a little and found a place which requires
certificates for login. For example,
https://poc.anthem.com/POC/GenericServlet ... This one pops up a
dialog asking me to select a certificate, but the list is empty. If I
go to my page, it pops up a dialog and I see my certificate in there.
Is there some criteria by which IE decides to show or not show certain
certificates for selection? WHy is that web site not seeing my
certificate?
3. In my application, I apparently can read some of the non-critical
extensions (Email field for example) without entering a PIN. On the
asp.net application, it prompt me for a PIn during establishment of
the SSL connection? Are there any other ways to access the certificate
without doing any encryption? I don't NEED ssl.. or rather, I don't
need to use SSL with client certificates.
4. If all I want to do is read the email address from a certificate on
this card, am I doing this the right away, or is it overkill? Should I
just drop an activex that reads the email address?
Thanks for any help you can provide! I'm using .NET 2.0, and currently
testing on XP, eventually to deploy to IIS6/SRV2003.
.
- Prev by Date: RE: Asking again Can't get AspNetActiveDirectoryMembershipProvider
- Next by Date: Forms Authentication and dynamic folders
- Previous by thread: Re: accessing users' email from Active Directory
- Next by thread: Forms Authentication and dynamic folders
- Index(es):
Relevant Pages
|
|
