Re: use same client certificate in two frame



What you are asking is not possible with standard HTTP browser/server
and actually has nothing to do with IIS.

I think you have a misunderstanding of how HTTP browser/server work.

The server actually has no idea of the "frames" that you are talking
about. The browser also has no idea that choice of client certificate
for URL1 should also apply for URL2. And you have no programmatic/
configuration control over any of it. Standard security protocols do
not work like that. Custom Authentication protocols may work like
that, but it is not secure.

For example, you may be thinking that the server tell the client "hey,
you trusted URL1 with this certificate, so do the same thing with URL2
and don't pop up the user dialog", but that logic is not secure. Why
should the client trust what the server tells it to do, especially
without user consent? If things worked like that, then the server
would also be able to ask the client to send over all its passwords
without user consent -- it's the same sort of action.

I suspect you are trying to stitch together a seamless user experience
with single sign-on/authorization, but security realities prevent that
from ever happening. Generic browsers/servers simply do not support
the notions you want.


//David
http://w3-4u.blogspot.com
http://blogs.msdn.com/David.Wang
//




On May 23, 7:38 am, ginn...@xxxxxxxxx wrote:
Let's suppose we're trying to access this page:https://www.test.com/index.aspx
The user has to select a Valid Client Certificate (IIS option is
"Require Client Certificate").
Everything is fine.
The page contains one link to "index2.aspx", which consists of two
frames.
One frame's src is "index3.aspx", and the other is "https://www.newtest.com/newindex.aspx";, which means two different DNS, both
SSL secured, and both with the IIS option "Require Client
Certificate".
While loading "index2.aspx", the user can view the frame with
"index3.aspx", as it is in the same path of "index.aspx", for which
the user has already chosen his Certificate.
The problem is that to view the frame with "newindex.aspx", the user
is asked again to choose a certificate, as this page is in a different
path with a different DNS.
Is there a way to avoid the Browser to display the Certificate Dialog
for two times? Some IIS option, or maybe a programmatic way to pass
the certificate from one frame to another?


.



Relevant Pages

  • Re: security header is not present in the incoming message
    ... Similar problem appears when I run my client directly under IIS instead of under ASP.NET Development Server. ... There are no certificates in the certificate store that match the find value of 'CN=WSE2QuickStartServer'. ... 'Hello World with certificate policy. ...
    (microsoft.public.dotnet.security)
  • RE: Authorization issues with WSE 3.0 running on IIS 5.0
    ... The certificate is stored in your user profile, while the client application ... Change the policy to look in the "Local Computer / Personal" store for the ... > on IIS. ...
    (microsoft.public.dotnet.framework.webservices.enhancements)
  • Re: Confused about SSL/Client Authentication
    ... that we want the user name off of the client cert to appear in the IIS ... > My certificate might contain an OU field that says I ... >> client authentication, in general. ...
    (comp.security.misc)
  • Re: Obtaining an SSL (test) certificate
    ... Typical "client certificates" which can be used for client authentication ... You can generate your own certificate for this purpose automatically using ... installation has nothing to do with the IIS server. ... with a "choose one of your certs to present to server". ...
    (microsoft.public.platformsdk.security)
  • Re: Obtaining an SSL (test) certificate
    ... Typical "client certificates" which can be used for client authentication ... You can generate your own certificate for this purpose automatically using ... installation has nothing to do with the IIS server. ... with a "choose one of your certs to present to server". ...
    (microsoft.public.dotnet.security)