Re: X.509 Certificate based authentication
- From: Dominick Baier <dbaier@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Tue, 22 May 2007 21:10:34 +0000 (UTC)
OK - i see. Maybe i misunderstood you then.
Right - first of all you need a list of approved=registered=trusted certs - i guess i would use the hash of the public key for that.
This could be the primary key of the table - from there on you can link additional data (stuff that cannot be found in the cert).
-----
Dominick Baier (http://www.leastprivilege.com)
Developing More Secure Microsoft ASP.NET 2.0 Applications (http://www.microsoft.com/mspress/books/9989.asp)
I guess what I was trying to suggest is that you need to map the key
(thumbprint, subject key identifier, raw public key) to some sort of
an identity. That's the purpose of the certificate. You can either
maintain a table of your own that maps the key to a specific user or
you go by some data in the certificate like the subject name or
subject alternative name. Otherwise you don't really have a way to
know who is associated with the key.
How would you approach this?
Joe K.
.
- Follow-Ups:
- Re: X.509 Certificate based authentication
- From: gudujarlson
- Re: X.509 Certificate based authentication
- References:
- Re: X.509 Certificate based authentication
- From: Joe Kaplan
- Re: X.509 Certificate based authentication
- Prev by Date: Re: X.509 Certificate based authentication
- Next by Date: RE: Windows authentication with custom user store
- Previous by thread: Re: X.509 Certificate based authentication
- Next by thread: Re: X.509 Certificate based authentication
- Index(es):
Relevant Pages
|
|
