All geek questions in one place

Implement certificate authorization in asp.net

First of all, I apologize for my poor English.

Over the past two days, I read a lot, but did not find a solution to my problem.

I need to implement this permission: An open user web page appears, a special form appears. There is only one "Select Certificate File" button in this form. When the user clicks on him, he must select the certificate file that will be used for authorization. This file must be stored on a flash drive, etc. Not on the hard drive of computers.

I read about cer / pfx files but didn't know anything about such a model.

It may not be possible to do this with these classes in .net

System.Security.Cryptography.X509Certificates.X509Certificate System.Security.Cryptography.X509Certificates.X509Certificate2

At the same time, authorization of forms will be implemented on this site, so the user can choose the method of authorization.

Update: I think these classes cannot be used for this model. Can you advise me anything else?

+4
source share
1 answer

First of all, you will need an SSL enabled web page. You cannot develop it with the development web server (cassini) turned on. It is possible to create such an authentication model using IIS Express or a local IIS instance. SSL authentication cannot be controlled directly from your code and depends on the settings of the IIS web page folder. Take a look at this article .

As with the GUI, certificates are usually stored in certificate stores that are secure and cannot be monitored on client pages / scripts. When the web browser receives a request to reconcile the client certificate, a browser / platform dialog box displays showing all compatible client certificates. On the server side, you can control which certificates are viable for the client to select by installing the appropriate root certificates from trusted certificate authorities. However, you cannot control which certificates (the weather that they store on a supported smart card or are stored locally on the hard drive) is available to the client for further selection.

UPDATE

In your case, I think that what you want is not possible in the web browser through an HTTPS session with client authentication, since you cannot control how it manages the certificate store.

However, it would be possible if you developed a plug-in that will access the portable certificate store on a client USB drive. I think that I will use the JAVA applet in the background and create an open API that can be accessed from the javascript page for the following reasons:

  • Available for multiple platforms / browsers
  • Trust mode can fully work on an SSL-enabled web page.
  • May threaten PFX files as certificate stores ( see )

You will need to implement the authentication / handshake part yourself, say, having the applet sign of the XML document / fragment (it may also contain the addition of a username and password) using XMLDSIG (which may contain the singer’s public key and is supported in .net). After successfully validating the signed XML, you can return the regular cookie to the client for validation.

+1
source

Source: https://habr.com/ru/post/1347857/

More articles:


All Articles