All geek questions in one place

Internet Explorer and client certificate in IFRAME

I have a problem with a site that uses client-side certificates for authentication. The site contains an iframe that loads a page hosted on another server. This page also uses a client certificate.

This works fine, except that the hiccups on the web server of the "internal page" sometimes cause it to lose the authenticated state of the user (the site in question is ASP.NET). I am trying to find a way to gracefully recover from this, but I cannot get Internet Explorer to re-send client certificates by setting an HTTP response code and / or WWW authentication header. In the best case, this will result in a primary username and password.

When I open a new tab in Internet Explorer 8 with the same site, it will work fine on this tab, but on the original tab, the client certificate will only appear on the "external" website. Reload the page does not help. My only option is to close this tab and start using a new one.

Has anyone seen this behavior in IE before? Is there a way to get it to re-transmit the client certificate?

+3
source share
1 answer

You will need to add the P3P header to the HTTP response to tell IE that everything is ok with the contents in the iframe.

Cache-Control:private
Content-Encoding:gzip
Content-Length:13801
Content-Type:text/html; charset=utf-8
Date:Thu, 18 Aug 2011 16:59:18 GMT
P3P:CP="CAO PSA OUR"
Server:Microsoft-IIS/7.0
Vary:Accept-Encoding
X-AspNet-Version:4.0.30319
X-Powered-By:ASP.NET

You can use Response.AddHeader()for this.

Response.AddHeader("P3P", "CP=\"CAO PSA OUR\"")

web.config, , .

0

Source: https://habr.com/ru/post/1710166/

More articles:


All Articles