vb.net 智能卡身份验证 ASP.NET
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/15792348/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
Smart Card Authentication ASP.NET
提问by bopbopbee
We currently have a site that is hosted within a cloud environment. Let's say for sake of discussion, that the site is https://abc.site.com.
我们目前有一个托管在云环境中的站点。为了讨论起见,假设该站点是https://abc.site.com。
We have a wildcard SSL certificate (*.site.com)that is used to secure the site.
我们有一个通配符 SSL 证书(*.site.com),用于保护站点。
We have been asked to implement a CAC Card / Smart Card implementation. Is there a way to read the user's smart card / client certificate upon a button click?
我们被要求实施 CAC 卡/智能卡实施。有没有办法在单击按钮时读取用户的智能卡/客户端证书?
We are able to read the card in our development environment, but only when we are using the client's certificate to actually secure the site (which is not how we want this implemented).
我们能够在我们的开发环境中读取卡片,但只有当我们使用客户端的证书来实际保护站点时(这不是我们想要的实现方式)。
I have done a lot of research on this, however I've been unable to find a solution to our problem. From what I've read an ActiveXcontrol is the only way to read the client cert store with the smart card cert, but ActiveXis not an option for us.
我对此进行了大量研究,但是我一直无法找到解决我们问题的方法。从我读过的内容来看,ActiveX控件是使用智能卡证书读取客户端证书存储的唯一方法,但ActiveX对我们来说不是一种选择。
Any help would be greatly appreciated!
任何帮助将不胜感激!
回答by Dai
This is done at the webserver-layer by requiring a client-side certificate. The user's browser will prompt the user to provide a smartcard (or other certificate). You can ensure they provided a valid smartcard cert by checking the cert's CA roots.
这是通过要求客户端证书在网络服务器层完成的。用户的浏览器会提示用户提供智能卡(或其他证书)。您可以通过检查证书的 CA 根来确保他们提供了有效的智能卡证书。
There's an (old) tutorial for ASP.NET here: http://support.microsoft.com/kb/315588
这里有一个 ASP.NET 的(旧)教程:http: //support.microsoft.com/kb/315588
Other than this, there is no universal way to retrieve a client certificate without resorting to Java applets or ActiveX controls as you've seen.
除此之外,没有如您所见,不借助 Java 小程序或 ActiveX 控件来检索客户端证书的通用方法。
回答by Guilherme de Jesus Santos
First, you need to configure IIS to use client certificates for authentication. You also need to have in the WebServer all certificate chain installed.
首先,您需要将 IIS 配置为使用客户端证书进行身份验证。您还需要在 WebServer 中安装所有证书链。
And in your ASP.NET Page, you could use Request.ClientCertificateto access the certificate informations that you'll use to give authentication on your system.
在您的 ASP.NET 页面中,您可以Request.ClientCertificate用来访问证书信息,您将使用这些信息在您的系统上进行身份验证。
