Request.ClientCerficate

M

Meels Lilbok

Hi

I have a problem with Request.ClientCerficate
IIS 6. ASP solution,Win2003R2

Whe i call Request.ClientCerficate it does to nothing.
All settings , certifcates aso. are OK. because on another server same
solution works perfectly!
No errors, nothing., it just does not work.

Any ideas?


Best regards;
Meelis
 
A

Andy

How and where are you requesting the client certificate? Is this
through program code (ie VB.NET), a properties sheet (from what
application), or because of a call to a website from inside of
internet explorer?

Client certificates identify client computers to server computers
under the Kerberos scheme. Does your server need to have kerberos
setup?

Its hard to tell what's wrong without really knowing what you are
trying to do...because there are so many things you can do with
certificates.

Andy
 
M

Meelis Lilbok

Hi Andy

Im requesting client certificate trough ASP(old asp) code.
ASP page runs under IIS 6.Server certificate is ok, and webpage is set to
accept client certificates.
Testing with Internet Explorer 6 and 7. Client certificate is read from
Estonian National ID Card.


testing with code;
<%
For Each strKey in Request.ClientCertificate
Response.Write strkey & " = " & Request.ClientCertificate(strkey) & "<BR>"
Next
%>

On another server all works fine, when i call this asp page, "select a
digital certificate" window pops up even when no id-card is inserted.
On this problematic server it does not work.




Meelis
 
A

Andy

In your code, you aren't checking to see if any certificates were
received at all (by checking for a count before you go into the for
each loop). If the count is zero, you should display an error message
stating no certificates were received.

<%
For Each strKey in Request.ClientCertificate
Response.Write strkey & " = " & Request.ClientCertificate(strkey) &
"<BR>"
Next
%>

Because you don't crash, your results indicate that no certificates
have been sent by the client when it issued a request to your server.
Check your client browser security settings to ensure that the browser
isn't stopping this information from being sent.

Also, should the in clause of your for each be
Request.ClientCertificates, which is the actual collection of the
certificates sent?

Andy
 
M

Meels Lilbok

Hi Andy

Yes, i'm not checking Count beacuse i wanted to get error message.
But there is no error, Count is always 0.

As i sayd, its not browser related problem, because on another server all
works fine when i call this asp page from IE.

Meelis
 
D

David Wang

This sounds like user misconfiguration of the server because as you
say, the same code works on another server, and it works from
different clients.

Verify you actually have identifical configuration between the working
and non-working server. If you automate and script the deployment of
your servers that would not be an issue, but if you hand-configure
servers, they will likely fall out of sync no matter what you do.


//David
http://w3-4u.blogspot.com
http://blogs.msdn.com/David.Wang
//
 
F

Freddy Rios

Hi,

I am also facing the same issue on my vista development computer.

I think it is an undocumented behavior around iis+asp.net2.0+certificates.
This is the analysis so far:
- My computer is running vista, iis and vs 2008.
- I am using asp.net 2.0 web services and iis. I had to activate iis6
compatibility in order to run this web service on iis.
- After activating IIS certificates and running a test with an untrusted
client certificate (sample certificate issued with the test root),
iis+asp.net issued an error about the client certificate being invalid.
- After switching the test to use a valid+trusted client certificate, the
request to the web method gets processed normally.

Previous behavior reveals the client certificate gets validated by
iis+asp.net. This isn't consistent with "Request.ClientCertificate.IsPresent"
being false (no client certificate). I even can get to the subject and issuer
through Request.ServerVariables.

I am still looking at the issue, but so far my only guess it only gets
populated when you get iis to map it to a windows account. I haven't verified
it since that is the configuration we (me and my client) wanted to avoid in
the first place. Since I want it to do some authorization, once the mapping
is done there is no longer a point to get the client certificate.

Is there any special additional configuration on this?
 
B

Bob Barrows [MVP]

Freddy said:
Hi,

I am also facing the same issue on my vista development computer.

I think it is an undocumented behavior around
iis+asp.net2.0+certificates.
You should remove .inetserver.asp.general from your crosspost and add
..dotnet.framework.aspnet
This is a classic ASP group and you want the ASP.Net group.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Members online

Forum statistics

Threads
474,082
Messages
2,570,587
Members
47,209
Latest member
Ingeborg61

Latest Threads

Top