|
Home > Archive > IIS Server Security > August 2007 > Client Certificate - Password Check
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
Client Certificate - Password Check
|
|
| Mark Pfeifer 2007-08-16, 1:22 pm |
| Is there a way to determine if the certificate had a pin/password entered
prior to submitting it to a site? That is, can I tell from the server side
if the certificate is from a smart card with a pin or a soft certificate
with a password?
Thanks,
Mark
| |
| Ken Schaefer 2007-08-17, 1:18 am |
| "Mark Pfeifer" <mpfeifer@online.nospam> wrote in message
news:u4nsAvC4HHA.536@TK2MSFTNGP06.phx.gbl...
> Is there a way to determine if the certificate had a pin/password entered
> prior to submitting it to a site? That is, can I tell from the server
> side if the certificate is from a smart card with a pin or a soft
> certificate with a password?
Without running some code on the client - in a nutshell - no. IIS only sees
what's sent in the HTTP header.
Cheers
Ken
--
My IIS Blog: www.adOpenStatic.com/cs/blogs/ken
| |
| WenJun Zhang[msft] 2007-08-17, 7:23 am |
| Hi Mark,
Just as Ken stated, at IIS server side we can only ensure the following two
points of a client certificate:
1. The client certificate is valid and has a corresponding private key for
authentication.
2. Create a Certificate Trust List(CTL) to verify if the client certificate
is issued by a certification Authority(CA) which is recognized and trusted.
If not, deny the client access.
There is indeed no standard approach at web server side to determine if a
client certificate is from smartcard or requires password.
Please update here if you have more concern on this issue.
Thanks and have a nice weekend.
Sincerely,
WenJun Zhang
Microsoft Online Community Support
========================================
==========
Get notification to my posts through email? Please refer to:
http://msdn.microsoft.com/subscript...ault.aspx#notif
ications.
Note: The MSDN Managed Newsgroup support offering is for non-urgent issues
where an initial response from the community or a Microsoft Support
Engineer within 1 business day is acceptable. Please note that each follow
up response may take approximately 2 business days as the support
professional working with you may need further investigation to reach the
most efficient resolution. The offering is not appropriate for situations
that require urgent, real-time or phone-based interactions or complex
project analysis and dump analysis issues. Issues of this nature are best
handled working with a dedicated Microsoft Support Engineer by contacting
Microsoft Customer Support Services (CSS) at:
http://msdn.microsoft.com/subscript...t/default.aspx.
========================================
==========
This posting is provided "AS IS" with no warranties, and confers no rights.
|
|
|
|
|