Home | Contact Us | FAQ | Search & Site Map | Link to Us
Sign In | Join | Other 45 Sites in Network
HomeAnnouncementsFree MagazinesWhite PapersSubmit Content
Discussion GroupsASP.NETWindows FormsLanguages.NET FrameworkVisual Studio.NET
Articles.NET FrameworkASP.NETToolsWindows Forms
.NET DirectoryOpen Source ProjectsUser GroupsWeb Resources
Related Topics
Visual Basic 6SQL ServerMS AccessOther DB ProductsMS Server ProductsMore Topics ...
.NET Forum / .NET Framework / Security / January 2006

Tip: Looking for answers? Try searching our database.

Question about client certificates retrieval process in ASP.NET

Thread view: 
Enable EMail Alerts  Start New Thread
Thread rating: 
José Ignacio Aguillo - 04 Jan 2006 09:23 GMT
Hi all,

I'm developing a web application (ASP.NET, VB.NET) with client
authentication based on personal certificates. My web server (IIS 5.0) is
configured correctly to perform the authentication but here it is my
problem:
To retrieve the client certificate in server I can use the traditional
method (method one) (that is calling
Request.ClientCertificate("CERTIFICATE")) or I can use the Certificate field
of HTTPClientCertificate framework class (method
two)(Request.ClientCertificate.Certificate). First method returns a String
and the second one returns an array of bytes (Byte()).
Well, I would like to know if it's possible (and, of course, how to get it)
to transform the result of the first method into the result of the second
one and vice-versa.

Thanks
Happy New Year from Spain
Reply to this Message
Dominick Baier [DevelopMentor] - 05 Jan 2006 06:37 GMT
Hi,

just use Request.ClientCertificate to inspect the cert values - if you need
the cert in its raw binary format, use the .Certificate property.

---------------------------------------
Dominick Baier - DevelopMentor
http://www.leastprivilege.com

> Hi all,
>
[quoted text clipped - 18 lines]
> Thanks
> Happy New Year from Spain
Reply to this Message
José Ignacio Aguillo - 05 Jan 2006 08:33 GMT
Hi Dominick,

Actually I need to convert the raw binary data format of .Certificate
property to a String formatted like
Request.ClientCertificate("CERTIFICATE"). But I don't know how to get it.

Let me explain the situation:

I'm working with several CAs to perform client authentication based on
certificates. Of course, I would like to check the revocation status of the
certificate before granting access for users to the application.

I thought in developing a web service. This web service takes the
.Certificate property base-64 encoded, loads a CAPICOM Certificate object
and checks the revocation status:
<WebMethod()> Public Function ValidaCertificado(ByVal certB64 As String) As
Integer

Dim oCert As CAPICOM.CertificateClass

oCert = New CAPICOM.CertificateClass

oCert.Import(certB64)

oCert.IsValid.CheckFlag =
CAPICOM.CAPICOM_CHECK_FLAG.CAPICOM_CHECK_TRUSTED_ROOT Or _

CAPICOM.CAPICOM_CHECK_FLAG.CAPICOM_CHECK_TIME_VALIDITY Or _

CAPICOM.CAPICOM_CHECK_FLAG.CAPICOM_CHECK_SIGNATURE_VALIDITY Or _

CAPICOM.CAPICOM_CHECK_FLAG.CAPICOM_CHECK_ONLINE_REVOCATION_STATUS

If oCert.IsValid.Result Then

'CERTIFICATE IS VALID!

Return 1

Else

Dim chain As New CAPICOM.Chain

chain.Build(oCert)

If CAPICOM.Constants.CAPICOM_TRUST_IS_REVOKED And chain.Status Then

'AT LEAST ONE CERTIFICATE IN THE CHAIN HAS BEEN REVOKED

Return 0

End If

If CAPICOM.Constants.CAPICOM_TRUST_REVOCATION_STATUS_UNKNOWN And
chain.Status Then

'THE REVOCATION STATUS COULD NOT BE DETERMINED

return 0

End If

End If

...

It works for every CAs, excepting one.

This CA emits its certificates with a CRL Distribution Point malformed. For
example:

[1]CRL Distribution Point

Distribution Point Name:

Full Name:

Directory Address:

CN=CRL1942

OU=FNMT Clase 2 CA

O=FNMT

C=ES

As you can see, there is not reference to the server where the LDAP
directory is stored.

This field only contains the necessary information to determine the
revocation status using a module provided by the CA (They consider it as a
service and, of course, it's not a free of charge service).

The function provided by this CA to validate the certificate expects to
receive the certificate as a string like the returned by
Request.ClientCertificate("CERTIFICATE").

That is the reason why I want to convert the raw binary format field
.Certificate into a String like Request.ClientCertificate("CERTIFICATE"). In
this way, my web service will be able to determine the revocation status of
every certificate.

Any idea?

Thanks in advance.

> Hi,
>
[quoted text clipped - 27 lines]
> > Thanks
> > Happy New Year from Spain
Reply to this Message

Free Magazines

Get these publications absolutely FREE for up to 12 months. There are no hidden fees and no obligation. Simply choose a title, complete the application form and submit it. Read more ...

Oracle MagazineNetwork ComputingComputer WorldBio-IT WorldeWeekInformation WeekInfosecurity
 
Sign In
Join
My Latest Posts
My Monitored Threads
My Blog
My Photo Gallery
My Profile
My Homepage
Start New Thread
Enable EMail Alerts
Rate this Thread



©2008 Advenet LLC   Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.