none
WebBrowser and Client Certificates RRS feed

  • Question

  • I am using the System.Windows.Forms.WebBrowser class in a C# application to provide a browser window to a remote server.   The remote server requires the client to present a client SSL certificate.  I have a certificate loaded in the Windows Certificate store and when I access the server I get a pop up to select the certificate.  Once selected, it works as desired.

    Since I know in advance the remote server and I already have the certificate loaded, is there a way to tell it which certificate to use and avoid the popup to select it from a list of one.  


    • Moved by CoolDadTx Thursday, February 16, 2017 3:14 PM Winforms related
    Wednesday, February 15, 2017 7:23 PM

Answers

  • Hi,

    Welcome to the MSDN forum.

    >> is there a way to tell it which certificate to use and avoid the popup to select it from a list of one.  

    Not sure, but I think is can be done. WebBrowser is based on IE, so what you want can be implemented in IE. By default, Internet Explorer doesn’t display client certificates when no certificate or only one certificate exists. 

    When the server requires a digital certificate for client authentication, the server sends a "client certificate request" that includes a list of the types of certificates supported and the Distinguished Names of acceptable Certification Authorities .This secure handshake process is completely based on the basCertSelectCertificateChains function API. Maybe you can find a way to select a specified certificate via this API.

    Please refer to this article: Troubleshooting 403.7 “Client Certificate Required errors” & Step by step to make sure your client certificate is displayed and selected

    Best Regards,

    Bob


    MSDN Community Support
    Please remember to click "Mark as Answer" the responses that resolved your issue, and to click "Unmark as Answer" if not. This can be beneficial to other community members reading this thread. If you have any compliments or complaints to MSDN Support, feel free to contact MSDNFSF@microsoft.com.

    • Marked as answer by Karl Melcher Thursday, February 23, 2017 1:36 PM
    Friday, February 17, 2017 2:48 AM
    Moderator

All replies

  • Hi,

    Welcome to the MSDN forum.

    >> is there a way to tell it which certificate to use and avoid the popup to select it from a list of one.  

    Not sure, but I think is can be done. WebBrowser is based on IE, so what you want can be implemented in IE. By default, Internet Explorer doesn’t display client certificates when no certificate or only one certificate exists. 

    When the server requires a digital certificate for client authentication, the server sends a "client certificate request" that includes a list of the types of certificates supported and the Distinguished Names of acceptable Certification Authorities .This secure handshake process is completely based on the basCertSelectCertificateChains function API. Maybe you can find a way to select a specified certificate via this API.

    Please refer to this article: Troubleshooting 403.7 “Client Certificate Required errors” & Step by step to make sure your client certificate is displayed and selected

    Best Regards,

    Bob


    MSDN Community Support
    Please remember to click "Mark as Answer" the responses that resolved your issue, and to click "Unmark as Answer" if not. This can be beneficial to other community members reading this thread. If you have any compliments or complaints to MSDN Support, feel free to contact MSDNFSF@microsoft.com.

    • Marked as answer by Karl Melcher Thursday, February 23, 2017 1:36 PM
    Friday, February 17, 2017 2:48 AM
    Moderator
  • Using the recommendations in the link "Troubleshooting 403.7..." resulted in it not popping up the selection box.  I had to ensure there was only one certificate by the target issuer, the site was in the trusted zone, and the "Don't prompt for client certificate selection when only one cert..." is enabled.

    Thank you for the pointers.

    Karl

    Thursday, February 23, 2017 1:36 PM