Client Certificates


ASP.NET Developer's JumpStart
By Paul D. Sheriff, Ken Getz
Table of Contents
Chapter 31.  Securing Web Services

You can also use client certificates to authenticate users. A client certificate is a digital ID that is passed from the client machine to the server. This ID is "signed" with a digital signature that is verified by a third-party certification authority. This third party is someone you trust to check out users prior to issuing a client certificate.

A digital signature is basically a hash of a message (in this case, the certificate) that is encrypted with the sender's private key. IIS can be configured to ignore, accept, or require client certificates. It's important to understand how each setting changes how IIS responds to client certificates:

  • Ignore certificates. IIS doesn't care if a user sends his certificate with a request; IIS will simply authenticate the user using another method, such as Challenge/Response.

  • Accept certificates. If a client certificate is sent, IIS will use this certificate information to authenticate the user. If no certificate is sent, IIS will use another method.

  • Require certificates. IIS will only fulfill requests from users with valid certificates.

IIS client certificate mapping associates (or maps) client certificate information with Windows NT user accounts. This form of authentication can be very secure and flexible, and most newer browsers support the use of client certificates.

The certificate itself is a special text file that contains two sections: a clear text section (readable by humans) containing the information about the owner, issuer, and so on, and an encrypted section (not readable by humans) that contains the digital signature and public key of the certification authority.

The text file is given the .cer extension so that when you open it, the operating system uses whatever certificate utility it has to view the file. If you open one of these files in Notepad, it will look something like this:



    ASP. NET Developer's JumpStart
    ASP.NET Developers JumpStart
    ISBN: 0672323575
    EAN: 2147483647
    Year: 2002
    Pages: 234 © 2008-2017.
    If you may any questions please contact us: