login to Website using a SmartCard

G

Guest

Hi,

anyone has experience of Website login (AD Integrated) using a Smart Card ?
In actually using the ASP:Login control to login the users usign they AD
credentials. User also have a smart card that permit them to logon locally
to Windows XP clients. I'd like to have them login on the extranet without
having to insert username and password, but just Smart Card and PIN. Is is
possible ?

Thanks.

Massimo Piceni
 
D

Dominick Baier [DevelopMentor]

Hi,

yes this is possible - there are some steps necessary

- ssl must be enabled
- in IIS / directory security / secure communication you can specify that
you accept client certificates (IE will transparently use the certs from
the smartcard on the client)

in ASP.NET you can query for client cert with Context.Request.ClientCertificate.IsPresent,
and if you trust the cert, you can issue an authentication ticket without
requiring cleartext credentials. A module would be a good place for that.
 
G

Guest

Thank you Dominick for your fast reply.

If I understand well, this means I've to check (trust) the certificate in
some way and then bind it to the corresponding user. Is not possible to
simply leave the work to AD, exacly as I do using ASP:login with Username
and Password ?
In any case, do you know where can I find some examples ? I'm not a Web
programmer, but a system administrator and happens not very often that I
program ASP.NET.

Thanks a lot.

Massimo.

"Dominick Baier [DevelopMentor]" <[email protected]> ha
scritto nel messaggio
 
L

Luke Zhang [MSFT]

Hello Massimo,

If you want to authenticate the extranet user totally with AD, you may
consider a solution a VPN conncetion. Extranet user can build a VPN
conncetion to your intranet and authenticate with Smart Card and AD. After
the VPN connection is built, it just like the user is in your intranet, and
you can still use the original ASP.NET application without any additional
programming work.

Regards,

Luke Zhang
Microsoft Online Community Lead

==================================================
When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.
==================================================

(This posting is provided "AS IS", with no warranties, and confers no
rights.)
 
G

Guest

Hi Luke,

thanks for your suggestion, but I don't like to enable a VPN access, because
I think is not needed and will increase a lot the impact of a security
incident. External users just need to access a Website, not any other
network resource, so I think a VPN is too much for this purpose.

Thanks anyway for your reply.

Massimo.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Members online

No members online now.

Forum statistics

Threads
473,744
Messages
2,569,484
Members
44,903
Latest member
orderPeak8CBDGummies

Latest Threads

Top