none
How to tell if a user is authenticated by certificate RRS feed

  • Question

  • Using IIS with AD on a WinServer 2003 x64 impelmentation. How can I tell if a user has been authenticated by using a PKI Certificate rather than entering their credentials through the 'Connect to' Windows Login? We are using IIS and Basic authentication, which prompts the user. I want to tell if the authentication was performed by the PKI Credentials or the 'Connect to' Login prompt.

    Thank you.

    Thursday, June 3, 2010 7:13 PM

Answers

  • Built a solution:

    protected bool UserAlreadyMapped (DirectoryEntry de, string strClientCert)
    {
     try
     {
      PropertyValueCollection pvcServerCert=de.Properties["altSecurityIdentities"];
      if ((null != pvcServerCert) && (pvcServerCert.Count > 0))
      {
       string certInfo = pvcServerCert[0].ToString();
       if (certInfo.Equals(strClientCert))
        return true;
       else
        return false;
      }
      return false;
     }
     catch (Exception)
     {
      return false;
     }
    }
    • Marked as answer by jkormann Wednesday, June 9, 2010 10:14 AM
    Wednesday, June 9, 2010 10:14 AM

All replies

  • It might be the WinVerifyTrust Win32 API - I don't know if there's a managed equivalent. The docs here:

    http://msdn.microsoft.com/en-us/library/aa388208(VS.85).aspx 

    also point off to some certificate functions.


    Phil Wilson
    Friday, June 4, 2010 7:35 PM
  • Hi jkormann,

    I'm writing to check the issue status, please feel free to let us know if you have any concern.


    Sincerely,
    Eric
    MSDN Subscriber Support in Forum
    If you have any feedback of our support, please contact msdnmg@microsoft.com.
    Please remember to mark the replies as answers if they help and unmark them if they provide no help.
    Welcome to the All-In-One Code Framework! If you have any feedback, please tell us.
    Monday, June 7, 2010 2:20 AM
  • Hello eryang and Phil. WinVerifyTrust seems to check if the certificate is verified, not if the certificate was used to verify this session.

    As an example, you log into http://mysite.com and specify the certificate to use. The site prompts for windows nt credentials, which it uses to verify your login, not using your certificate. All that happens at the IIS level. How does the application know what was used to authenticate? All it can see, from what I can tell, is the user passed a certificate and they are authenticated. Not how they were authenticated (windows nt or certificate).

    Thank you.

    Monday, June 7, 2010 10:17 AM
  •  

    It sounds to be an authentication of web application issue, http://forums.asp.net/ and http://forums.iis.net are dedicate for this kind of questions.


    Sincerely,
    Eric
    MSDN Subscriber Support in Forum
    If you have any feedback of our support, please contact msdnmg@microsoft.com.
    Please remember to mark the replies as answers if they help and unmark them if they provide no help.
    Welcome to the All-In-One Code Framework! If you have any feedback, please tell us.
    Wednesday, June 9, 2010 8:58 AM
  • Built a solution:

    protected bool UserAlreadyMapped (DirectoryEntry de, string strClientCert)
    {
     try
     {
      PropertyValueCollection pvcServerCert=de.Properties["altSecurityIdentities"];
      if ((null != pvcServerCert) && (pvcServerCert.Count > 0))
      {
       string certInfo = pvcServerCert[0].ToString();
       if (certInfo.Equals(strClientCert))
        return true;
       else
        return false;
      }
      return false;
     }
     catch (Exception)
     {
      return false;
     }
    }
    • Marked as answer by jkormann Wednesday, June 9, 2010 10:14 AM
    Wednesday, June 9, 2010 10:14 AM