In Chapter 9, you will examine how digital certificates uniquely identify a user. When you create a network application that requires authentication, your program can request the client program to provide the user’s digital certificate as a form of identification. Within Windows 2000, you can map client certificates to specific user accounts. In this way, the client program does not have to submit username and password information. The following method illustrates how a web service method might test whether the client request has included a digital certificate:
<WebMethod()> Public Function ClientCert() As Boolean ClientCert = Context.Request.ClientCertificate.IsPresent End Function
Using IIS, you can specify that a page or web service requires that the user submit a client certificate using the Secure Communications dialog box, shown in Figure 8.6.
Figure 8.6: Requiring a client program to specify a client certificate before the client can access the server
You can configure your browser so that it will automatically return your digital certificate when the browser is so prompted by a remote server. If you are creating a client program yourself, you can create an instance of the X509Certificate class, to which you can assign your certificate from a file. Then, you can assign the certificate object to the web service object, as shown here:
Dim Cert As X509Certificate Cert = X509Certificate.CreateFromCertFile( _ Ä Server.MapPath("CertificateFilename.Cer")) WS.ClientCertificates.Add(Cert)