'Re: IIS4 and Client Certificates'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       ms-cryptoapi
Subject:    Re: IIS4 and Client Certificates
From:       De-Boeck Pierre <Pierre.De-Boeck () WINTERTHUR ! BE>
Date:       2000-02-23 13:56:21
[Download RAW message or body]


Note that this "parsing" is very limited in that it
gives access only to some fields of the certificates.
If you need more, like to parse the PKI extensions,
get the public key,..., you must parse the binary
DER stream of the certificate (Certificate attribute).   

> -----Original Message-----
> From: Olofsson, Christian [mailto:cholo@WMDATA.COM]
> Sent: Wednesday, February 23, 2000 2:45 PM
> To: CryptoAPI@DISCUSS.MICROSOFT.COM
> Subject: SV: [CRYPTOAPI] IIS4 and Client Certificates
> 
> 
> Hi Amol
> 
> Thanks for your answer, I will read the topic.
> 
> I'll get back to you
> 
> Regards
> Christian
> 
> -----Ursprungligt meddelande-----
> Från: Amol Natu [mailto:amolnatu@EMIRATES.NET.AE]
> Skickat: den 23 februari 2000 14:20
> Till: CryptoAPI@DISCUSS.MICROSOFT.COM
> Ämne: Re: [CRYPTOAPI] IIS4 and Client Certificates
> 
> 
> Hi Christian
> 
> From what I understand, you are trying to give access only to certain
> users based on the types of certificates, maybe differentiate 
> based on the
> CA or on reliance value.
> The client mapping functionality only provides options of 
> mapping to NT
> accounts. To impose access restrictions based on certificate 
> contents you
> would need to based your rules on the Request Object ClientCertificate
> Collection that is passed by the browser along with the HTTP request.
> I suggest you read the following information from MSDN : "How 
> to Parse a
> Certificate using ASP" and "Checking Client Certificates".
> 
> Regards
> Amol
> 
> p.s. This topic would barely fit into the context of this 
> discussion list.
> I am working on a similar issue and shall get back to you 
> after I succeed
> in this.
> Would surely appreciate if you send me sample code if you 
> manage the same.
> 
> -----Original Message-----
> From: Microsoft Cryptographic API
> [mailto:CryptoAPI@DISCUSS.MICROSOFT.COM]On Behalf Of 
> Christian Olofsson
> Sent: Wednesday, February 23, 2000 3:21 PM
> To: CryptoAPI@DISCUSS.MICROSOFT.COM
> Subject: IIS4 and Client Certificates
> 
> 
> Hi
> 
> I have an IIS4 server with sp6a.
> Using IE 5.01, high encryption (1024)
> Have got a Server certificate from ID2 (1024)
> 
> Now I would like to authenticate all users with personal certificates.
> Which means that i register all user certificates in the IIS4 and only
> these
> users will get access to the web.
> The problem now is that IIS doesn't seem to check if the certificate
> exists
> in the IIS4 Client mapping, everyone with a client certificate get's
> access
> to the web.
> I also tried to set up certificate rules but I can't get this to work
> either.
> 
> What a'm  I doing wrong ???
> 
> //Christian
> 
> ----------------------------------------------------------------
> Users Guide http://msdn.microsoft.com/workshop/essentials/mail.asp
> contains important info including how to unsubscribe.  Save 
> time, search
> the archives at http://discuss.microsoft.com/archives/index.html
> 
> ----------------------------------------------------------------
> Users Guide http://msdn.microsoft.com/workshop/essentials/mail.asp
> contains important info including how to unsubscribe.  Save 
> time, search
> the archives at http://discuss.microsoft.com/archives/index.html
> 

----------------------------------------------------------------
Users Guide http://msdn.microsoft.com/workshop/essentials/mail.asp
contains important info including how to unsubscribe.  Save time, search
the archives at http://discuss.microsoft.com/archives/index.html

[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic