C
Craig Humphrey
Hi People,
I know in IIS Admin you can tick the box to request a client certificate
(over an SSL connection), but does anyone know of a way, programmatically,
to force this to happen for a particular page for a particular user?
Basically I've got a site that uses a common code base to run, however we
want to offer differing levels of security, primarily, with and without the
use of client certs, but I haven't found an easy way to do this
programmatically...
The hard way, that I've thought of is:
if a cert is required (in the DB) for the current user
if a cert has been presented by the browser
validate it
else
return an HTTP 401 and WWW-Authenticate : client cert
fi
fi
But I'd rather not be doing this.
The user is already authenticated using Forms authentication over an HTTPS
connection.
Any other ideas?
Later'ish
Craig
I know in IIS Admin you can tick the box to request a client certificate
(over an SSL connection), but does anyone know of a way, programmatically,
to force this to happen for a particular page for a particular user?
Basically I've got a site that uses a common code base to run, however we
want to offer differing levels of security, primarily, with and without the
use of client certs, but I haven't found an easy way to do this
programmatically...
The hard way, that I've thought of is:
if a cert is required (in the DB) for the current user
if a cert has been presented by the browser
validate it
else
return an HTTP 401 and WWW-Authenticate : client cert
fi
fi
But I'd rather not be doing this.
The user is already authenticated using Forms authentication over an HTTPS
connection.
Any other ideas?
Later'ish
Craig