Re: X.509 Certificate based authentication

I hear what you are saying. The docs basically assume you already know a
lot about the underlying mechanism (SSL) and don't bother to explain any of
those details.

FWIW, there isn't really anything to have issue over with the actual
implementation. It is just straight stock SSL with client certificate
authentication. It will interoperate with other platforms that also use SSL
client certificate authentication, as there is nothing proprietary here.
You are limited in the algorithms that your MS operating system will use for
the symmetric portion of the encryption and you have to work with
Microsoft's approach to certificate and key stores as opposed to something
like OpenSSL key stores, but the implementation of the algorithms are based
on the standards.

Joe K.

--
Joe Kaplan-MS MVP Directory Services Programming
Co-author of "The .NET Developer's Guide to Directory Services Programming"
http://www.directoryprogramming.net
--
<gudujarlson@xxxxxxxxx> wrote in message
news:1179940215.170604.16040@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

Yes, exactly. That is also the way I understand public-private keys
to work. I think you misunderstand where I am at. My issue is with
how Microsoft implemented these ideas in .NET and IIS. I have found
nothing in Microsoft's documentation that says they implemented the
ideas/mechanisms you describe. I've read nothing that says System.Net
signs the HTTPS request with the certificate I provide. I have found
nothing that says that IIS authenticates that the certificate it
recieved is from the "owner" of the private key. If I don't read
between the lines, the document says that System.Net sends a
certificate to IIS and IIS makes it available to the ASP.NET
application. This implies to me that I need to do all the work of
signing and authenticating, however I have found no documention on how
to do that. I haven't found the signing API or the authentication
API. I've also not found any examples of server-side ASP.NET code
that uses client certifcates to do authentication and authorization.
I did however, find a blog written by someone have many of the very
same questions as me (URL below).

http://www.codeproject.com/useritems/Certificate_Setup__HTTPS_.asp?df=100&forumid=395031&exp=0&select=1951475






.

Relevant Pages

  • Re: OWA 2003 w/ Smart Card Authentication.
    ... Exchange 2003 server via ActivSync. ... the IIS certificate. ... Whether or not authentication will succeed is completely dictated by ... Server's SSL certificate must be configured on root of v-server via ...
    (microsoft.public.exchange.connectivity)
  • Re: iis 6 ssl redirect initial login encrypted?
    ... Just locate the actual error page in IIS Manager, right-click -> Properties and go to the File Security page. ... Select "Allow Anonymous Authentication" and disable the other authentication mechanisms. ... I'm not sure how to do it for just my custom error page. ... requirement (require SSL) should force your custom error page to be loaded ...
    (microsoft.public.inetserver.iis.security)
  • Re: IPSEC wireless router ?
    ... My guessis that SSL ... amounts for a server certificate. ... the market and priced their PKI services accordingly, ... certificate as valid" without the slightest authentication, ...
    (alt.internet.wireless)
  • Re: OWA 2003 w/ Smart Card Authentication.
    ... Exchange 2003 server via ActivSync. ... the IIS certificate. ... Whether or not authentication will succeed is completely dictated by ... Server's SSL certificate must be configured on root of v-server via ...
    (microsoft.public.exchange.connectivity)
  • Re: Cant get SSL to work locally
    ... SelfSSL just lowers the bar to enabling SSL on IIS (many people mistake ... needing Certificate Server or is just not possible "for free" with IIS). ... does not attempt to address the issue of trust. ...
    (microsoft.public.inetserver.iis.security)