Re: X.509 Certificate based authentication



OK - i see. Maybe i misunderstood you then.

Right - first of all you need a list of approved=registered=trusted certs - i guess i would use the hash of the public key for that.

This could be the primary key of the table - from there on you can link additional data (stuff that cannot be found in the cert).


-----
Dominick Baier (http://www.leastprivilege.com)

Developing More Secure Microsoft ASP.NET 2.0 Applications (http://www.microsoft.com/mspress/books/9989.asp)

I guess what I was trying to suggest is that you need to map the key
(thumbprint, subject key identifier, raw public key) to some sort of
an identity. That's the purpose of the certificate. You can either
maintain a table of your own that maps the key to a specific user or
you go by some data in the certificate like the subject name or
subject alternative name. Otherwise you don't really have a way to
know who is associated with the key.

How would you approach this?

Joe K.



.



Relevant Pages

  • Re: how can you verify that the site you get is not a fake?
    ... >> know what the information shoudl be from the server with the ssl cert, ... > The information sent to the client is the server's public key bearing ... In order to play ball you don't just need the certificate (or ... Web certs and so on) identity is valid and passes some validity ...
    (Fedora)
  • Re: ADFS and Certificate Services
    ... ADFS even allows you to do client certificate ... Joe Kaplan-MS MVP Directory Services Programming ... We just want to be able to give out certs to our own ... sub-CA on the internet for employees to access remotely to get certs. ...
    (microsoft.public.windows.server.active_directory)
  • Re: ADFS Proxy Cert issue
    ... know the command line for requesting a proper client certificate though. ... you would start getting these certs from the CA that you will ... FSP setup better. ...
    (microsoft.public.windows.server.active_directory)
  • Re: What is a Certificate?
    ... > self-signed certificate is a public key signed with its own private ... In the system described by Jacost, a self-signed certificate is ... The authority key identifier extension provides a means of ...
    (comp.security.misc)
  • Re: X509 Cert Services Cert
    ... oddest thing is that my Versign certs seem to work fine (with certificate ... for some reason cert service certs don't work for me. ... Ensure that the web service will have access to its private key in the ... > pressing Add, typing ASPNET, and then pressing OK. ...
    (microsoft.public.dotnet.framework.webservices.enhancements)