HttpClientCertificate

[Bill]

Hello,

I'm currently checking if someone has submitted a certificate using the
following upon logon:
=======
HttpClientCertificate cs = Request.ClientCertificate;

if(cs.IsPresent)
{
....
}
======
Which works great. The only problem is when the user logs out the
certificate is still present.
======
private void OnLogout()
{
Session.Abandon();
FormsAuthenticate.SignOut();

Response.Redirect("Login.aspx", true);
}
=======
Is there a way to remove the certificate so after "OnLogout()" the following
code will return false:
=======
if(cs.IsPresent)
{
....
}
=======

 

[[MSFT]]

Hello Bill,

If a Web client uses the SSL3.0/PCT1 protocol (the URL begins with https://
instead of http://) to connect to a server and the server requires client
certificates, the browser sends the client certificate fields contained in
its digital certificate. So the certificate is sent by client side, we
cannot disable this from server side.

Hope this help,

Luke

 

[Bill]

I was just wondering if there was a way to programatically invlalidate the
certificate upon logout so that the IsPresent property would equate to
"false". Also, is there a way to programatically have the digital certificate
dialog open up upon a button click?

 

[[MSFT]]

The Client Certificate will always be sent with client request. This
doesn't depend on if the user is log in/out. If a request contains the
client certificate, "IsPresent" will always be true. I believe there is no
such a programatical to make it false.

Luke

 

[Dominick Baier [DevelopMentor]]

Hello [MSFT],

client certificates happen much much earier during the SSL handshake...you
can't programmatically invalidate them (at least not from ASP.NET) - this
would mean that the connection has to be negotiated again.