Re: smart card authentication api
- From: "Jan Spooren" <jspooren@xxxxxxxxxxxxx>
- Date: Wed, 28 Mar 2007 13:02:20 +0200
Hi Y Iguchi,
I have a server app running in 2000 server. It is not web application , it
is a windows .net application written in C#.
To use my server app people used to input user name , password and domain.
Now there are some users who want to use the smart card facility instead
of
manually entering the user name , password and domain name.
My client machine is not in domain.
Can i use with my application.
What client do the users use to connect to your server app?
Can i access the smart card certificate and send it to the domain server
for
authentication using the windows API.
A certificate is typically public information. Sending a certificate to the
server cannot be used to authenticate the user, because anyone could have
access to that certificate.
Typically, this is done more or less like this: Your server will need to
send a random hash to the client, which is then signed by the smart card,
using its private key. Then the client sends the signed hash and the
certificate to the server. The server can then verify that the hash was
signed with the private key corresponding to the public key in the
certificate, that the certificate was signed by the trusted certificate
authority and that the certificate has not been revoked, by consulting the
Certificate Revocation List...
Cheers,
Jan.
.
- Prev by Date: Switching from System context to User Context
- Next by Date: Questions about GPResult on W2K
- Previous by thread: Switching from System context to User Context
- Next by thread: Questions about GPResult on W2K
- Index(es):
Relevant Pages
|
|
