ssl - ASP.NET MVC 2 and request client certificate (Smart Card authentication) -

-

i need capture user's x.509 certificates cards , map user table forms authentication in asp.net mvc. have created mvc (ver 2) project in vs 2008, configured run virtual directory under default web site in local iis on vista using default template added requirehttpsattribute account/logon actionresult. no other changes. using local iis manager, created self-signed cert , applied it, set account/logon.aspx page require ssl , require client certificates.

running in debug, when click 'log on' link welcome page (home/index view), correctly routes account/logon.aspx using https no prompt certificate. using dynatrace (awesome, http://ajax.dynatrace.com), can see response status getting set 403 again, no cert prompt.

as sanity check, set default asp.net web app project run in virtual directory in default web site (same mvc project above) in vista , configured default.aspx page require ssl , require client certificates, done in mvc project above. ran it, works fine, certificate prompt , can choose cert , enter pin card , read x.509 request.clientcertificate object in code behind.

the application pool both virtual directories set classic .net apppool in integrated pipeline mode.

help?!

update: super kludgy workaround in progress. added folder 'auth' , 'getcert.aspx' file marked ssl/require client certificates mvc project , added "routes.ignoreroute("auth/{*pathinfo}")" global.asax. codebehind of getcert.aspx response.writes data want x.509. added jquery.get call in logon.aspx calls getcert.aspx , returns cert subject results string div in logon.aspx. cert prompt , results in mvc view, can't way this!

i have working solution using forms authentication , authorize attribute on base controller class non-authenticated requests go account/logon. logon page post button routes action called authorize decorated requirehttps attribute correctly triggers prompt client cert. once cert selected authorize action handles parsing httpclientcertificate user info want , doing match lookup in users table , writes authentication cookie. have httpmodule reads cookie create custom principal in authenticaterequest event. works great. i'm opening question next issue regarding iis configuration of 'ignore client certificates' here: https://stackoverflow.com/questions/4141272/iis-6-ssl-client-certificates-configuration


Comments

Post a Comment

Popular posts from this blog

c++ - Convert big endian to little endian when reading from a binary file -

-
this question has answer here: how convert between big-endian , little-endian values in c++? 28 answers i've been looking around how convert big-endian little-endians. didn't find solve problem. seem there's many way can conversion. anyway following code works ok in big-endian system. how should write conversion function work on little-endian system well? this homework, since systems @ school running big-endian system. it's got curious , wanted make work on home computer also #include <iostream> #include <fstream> using namespace std; int main() { ifstream file; file.open("file.bin", ios::in | ios::binary); if(!file) cerr << "not able read" << endl; else { cout << "opened" << endl; int i_var; double d_var; while(!file.eof()) {...
Read more

C#: Application without a window or taskbar item (background app) that can still use Console.WriteLine() -

-
i'm trying create application adheres following: no taskbar no console or form window can utilize console.writeline() . (i.e. if executes app command prompt write console.) the problem if create windows form (or wpf) application can have there no taskbar, console or window show up, console.writeline() nothing. if create console app, writes console, can't figure out how hide (and if did hide it, write command prompt window?)... how do this? just create standard console application. callers responsibility hide window caused program (from how run c# console application console hidden ): system.diagnostics.processstartinfo start = new system.diagnostics.processstartinfo(); start.filename = dir + @"\myprocesstostart.exe"; start.windowstyle = system.diagnostics.processwindowstyle.hidden;
Read more

unicode - Are email addresses allowed to contain non-alphanumeric characters? -

-
i'm building website using `django. website have significant users non-english speaking countries. i want know if there technical restrictions on types of characters email address contain. are email addresses allowed contain english alphabets, numbers, "_", "@" , "."? are allowed contain non-english alphabets "é" or "ü"? are allowed contain chinese or japanese or other unicode characters? email address consists of 2 parts local before @ , domain goes after. rules these parts different: for local part can use ascii: latin letters - z - z digits 0 - 9 special characters !#$%&'*+-/=?^_`{|}~ dot ., not first or last, , not in sequence space , "(),:;<>@[] characters allowed restrictions (they allowed inside quoted string, backslash or double-quote must preceded backslash) plus since 2012 can use international characters above u+007f , encoded as utf-8 . domain part more res...
Read more