Restrict website access based on certificate

Discussion in 'ASP .Net Security' started by jetpoet@yahoo.com, Oct 29, 2003.

  1. Guest

    Hi all!

    I would like to know how I can restrict access to a specific website
    or subdirectory in a website based on certificates.

    I have a webbased administration interface for a website that I
    administer. This is in a subdirectory on the webserver. This
    subdirectory has restricted access based on IP addresses and
    passwords, but unfortunately I also have people that need access to
    this who are on dynamic IP addresses.

    So I would like to just have them install a certificate on their
    client machine and have this be the authentication. I am not sure if I
    can issue a personal certificate to each client so I can "turn off"
    certain clients if I want to.

    I am not interested in these certificates being authenticated or
    issued by somebody like Verisign. I just want to issue them myself.

    What would I need for this scenario? I have a Windows 2003 server
    where this runs. The application is programmed in C# and ASP.NET.

    I would need to install a Certificate Server on the webserver to issue
    certificates, that much I know. But how do I configure IIS to request
    the certificates from the clients.

    What are the security implications with this approach as opposed to
    the IP filter?

    All the best, and thank you in advance for your time.

    Pete
     
    , Oct 29, 2003
    #1
    1. Advertising

  2. Teemu Keiski Guest

    Hi,

    you need first to issue a server certificate for IIS (can be done with
    certificate services). Then you are able to manage security settings related
    to certificates, SSL etc and one option there is to map client certificates
    to users and so on. With certificate services you are also able to issue
    client certificates.

    --
    Teemu Keiski
    MCP, Microsoft MVP (ASP.NET), AspInsiders member
    ASP.NET Forum Moderator, AspAlliance Columnist


    <> wrote in message
    news:...
    > Hi all!
    >
    > I would like to know how I can restrict access to a specific website
    > or subdirectory in a website based on certificates.
    >
    > I have a webbased administration interface for a website that I
    > administer. This is in a subdirectory on the webserver. This
    > subdirectory has restricted access based on IP addresses and
    > passwords, but unfortunately I also have people that need access to
    > this who are on dynamic IP addresses.
    >
    > So I would like to just have them install a certificate on their
    > client machine and have this be the authentication. I am not sure if I
    > can issue a personal certificate to each client so I can "turn off"
    > certain clients if I want to.
    >
    > I am not interested in these certificates being authenticated or
    > issued by somebody like Verisign. I just want to issue them myself.
    >
    > What would I need for this scenario? I have a Windows 2003 server
    > where this runs. The application is programmed in C# and ASP.NET.
    >
    > I would need to install a Certificate Server on the webserver to issue
    > certificates, that much I know. But how do I configure IIS to request
    > the certificates from the clients.
    >
    > What are the security implications with this approach as opposed to
    > the IP filter?
    >
    > All the best, and thank you in advance for your time.
    >
    > Pete
     
    Teemu Keiski, Nov 3, 2003
    #2
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Anan
    Replies:
    8
    Views:
    15,677
    John C. Bollinger
    Dec 8, 2004
  2. Boris Twila
    Replies:
    0
    Views:
    364
    Boris Twila
    Nov 14, 2006
  3. Helena Cai
    Replies:
    0
    Views:
    402
    Helena Cai
    Aug 29, 2004
  4. GTN170777
    Replies:
    5
    Views:
    244
    Evertjan.
    Feb 25, 2008
  5. Replies:
    0
    Views:
    417
Loading...

Share This Page