V
Val P
I'm trying to read a smart card from asp.net. I've succesfully done it from a
Win32 native application, so I know everything is set up correctly, including
the CSP and the certificate on the CSP.
So far, to get it to work, i've done the following on iis:
Set up a folder inside my project, and set it to require SSL and require
user certificates. I redirect to an *.aspx in that folder to grab the
certificate and return control back to my application.
The following few issues are confusing me. I know this shows my lack of
understanding, so please bear with me.
1. If I delete all my certificates from IE and then insert a smartcard in
the reader, it doesn't see my certificate. I have to go to the smartcard
utility, and tell it to "publish" the certificates. After I do that, the
certificate shows up in IE, but it still prompt me to insert the SC. I want
it to prompt me for the SC, but why do I need to publish it? That seems
impractical for every smart card that may be plugged in that reader.
2. I surfed the web a little and found a place which requires certificates
for login. For example, https://poc.anthem.com/POC/GenericServlet ... This
one pops up a dialog asking me to select a certificate, but the list is
empty. If I go to my page, it pops up a dialog and I see my certificate in
there. Is there some criteria by which IE decides to show or not show certain
certificates for selection? WHy is that web site not seeing my certificate?
3. In my application, I apparently can read some of the non-critical
extensions (Email field for example) without entering a PIN. On the asp.net
application, it prompt me for a PIn during establishment of the SSL
connection? Are there any other ways to access the certificate without doing
any encryption? I don't NEED ssl.. or rather, I don't need to use SSL with
client certificates.
4. If all I want to do is read the email address from a certificate on this
card, am I doing this the right away, or is it overkill? Should I just drop
an activex that reads the email address?
Thanks for any help you can provide!
I'm using .NET 2.0, and currently testing on XP, eventually to deploy to
IIS6/SRV2003.
Win32 native application, so I know everything is set up correctly, including
the CSP and the certificate on the CSP.
So far, to get it to work, i've done the following on iis:
Set up a folder inside my project, and set it to require SSL and require
user certificates. I redirect to an *.aspx in that folder to grab the
certificate and return control back to my application.
The following few issues are confusing me. I know this shows my lack of
understanding, so please bear with me.
1. If I delete all my certificates from IE and then insert a smartcard in
the reader, it doesn't see my certificate. I have to go to the smartcard
utility, and tell it to "publish" the certificates. After I do that, the
certificate shows up in IE, but it still prompt me to insert the SC. I want
it to prompt me for the SC, but why do I need to publish it? That seems
impractical for every smart card that may be plugged in that reader.
2. I surfed the web a little and found a place which requires certificates
for login. For example, https://poc.anthem.com/POC/GenericServlet ... This
one pops up a dialog asking me to select a certificate, but the list is
empty. If I go to my page, it pops up a dialog and I see my certificate in
there. Is there some criteria by which IE decides to show or not show certain
certificates for selection? WHy is that web site not seeing my certificate?
3. In my application, I apparently can read some of the non-critical
extensions (Email field for example) without entering a PIN. On the asp.net
application, it prompt me for a PIn during establishment of the SSL
connection? Are there any other ways to access the certificate without doing
any encryption? I don't NEED ssl.. or rather, I don't need to use SSL with
client certificates.
4. If all I want to do is read the email address from a certificate on this
card, am I doing this the right away, or is it overkill? Should I just drop
an activex that reads the email address?
Thanks for any help you can provide!
I'm using .NET 2.0, and currently testing on XP, eventually to deploy to
IIS6/SRV2003.