Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Programming > ASP .Net > ASP .Net Security > login to Website using a SmartCard

Reply
Thread Tools

login to Website using a SmartCard

 
 
Guest
Posts: n/a
 
      06-23-2006
Hi,

anyone has experience of Website login (AD Integrated) using a Smart Card ?
In actually using the ASP:Login control to login the users usign they AD
credentials. User also have a smart card that permit them to logon locally
to Windows XP clients. I'd like to have them login on the extranet without
having to insert username and password, but just Smart Card and PIN. Is is
possible ?

Thanks.

Massimo Piceni


 
Reply With Quote
 
 
 
 
Dominick Baier [DevelopMentor]
Guest
Posts: n/a
 
      06-23-2006
Hi,

yes this is possible - there are some steps necessary

- ssl must be enabled
- in IIS / directory security / secure communication you can specify that
you accept client certificates (IE will transparently use the certs from
the smartcard on the client)

in ASP.NET you can query for client cert with Context.Request.ClientCertificate.IsPresent,
and if you trust the cert, you can issue an authentication ticket without
requiring cleartext credentials. A module would be a good place for that.

---------------------------------------
Dominick Baier - DevelopMentor
http://www.leastprivilege.com

> Hi,
>
> anyone has experience of Website login (AD Integrated) using a Smart
> Card ? In actually using the ASP:Login control to login the users
> usign they AD credentials. User also have a smart card that permit
> them to logon locally to Windows XP clients. I'd like to have them
> login on the extranet without having to insert username and password,
> but just Smart Card and PIN. Is is possible ?
>
> Thanks.
>
> Massimo Piceni
>



 
Reply With Quote
 
 
 
 
Guest
Posts: n/a
 
      06-23-2006
Thank you Dominick for your fast reply.

If I understand well, this means I've to check (trust) the certificate in
some way and then bind it to the corresponding user. Is not possible to
simply leave the work to AD, exacly as I do using ASP:login with Username
and Password ?
In any case, do you know where can I find some examples ? I'm not a Web
programmer, but a system administrator and happens not very often that I
program ASP.NET.

Thanks a lot.

Massimo.

"Dominick Baier [DevelopMentor]" <(E-Mail Removed)> ha
scritto nel messaggio
news:(E-Mail Removed). com...
> Hi,
> yes this is possible - there are some steps necessary
>
> - ssl must be enabled - in IIS / directory security / secure communication
> you can specify that you accept client certificates (IE will transparently
> use the certs from the smartcard on the client)
>
> in ASP.NET you can query for client cert with
> Context.Request.ClientCertificate.IsPresent, and if you trust the cert,
> you can issue an authentication ticket without requiring cleartext
> credentials. A module would be a good place for that.
>
> ---------------------------------------
> Dominick Baier - DevelopMentor
> http://www.leastprivilege.com
>
>> Hi,
>>
>> anyone has experience of Website login (AD Integrated) using a Smart
>> Card ? In actually using the ASP:Login control to login the users
>> usign they AD credentials. User also have a smart card that permit
>> them to logon locally to Windows XP clients. I'd like to have them
>> login on the extranet without having to insert username and password,
>> but just Smart Card and PIN. Is is possible ?
>>
>> Thanks.
>>
>> Massimo Piceni
>>

>
>



 
Reply With Quote
 
Luke Zhang [MSFT]
Guest
Posts: n/a
 
      06-26-2006
Hello Massimo,

If you want to authenticate the extranet user totally with AD, you may
consider a solution a VPN conncetion. Extranet user can build a VPN
conncetion to your intranet and authenticate with Smart Card and AD. After
the VPN connection is built, it just like the user is in your intranet, and
you can still use the original ASP.NET application without any additional
programming work.

Regards,

Luke Zhang
Microsoft Online Community Lead

==================================================
When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.
==================================================

(This posting is provided "AS IS", with no warranties, and confers no
rights.)

 
Reply With Quote
 
Guest
Posts: n/a
 
      06-26-2006
Hi Luke,

thanks for your suggestion, but I don't like to enable a VPN access, because
I think is not needed and will increase a lot the impact of a security
incident. External users just need to access a Website, not any other
network resource, so I think a VPN is too much for this purpose.

Thanks anyway for your reply.

Massimo.


 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
SmartCard PKI Marek Marecki Java 3 09-13-2007 03:02 PM
Studying for exam: Smartcard question Wingnut MCSE 0 11-03-2006 12:39 AM
Need to reformat smartcard gr Digital Photography 7 12-18-2003 02:07 AM
Unreadable SmartCard - salvageable? Irwin Digital Photography 5 12-13-2003 06:50 AM
Unreadable SmartCard - salvageable? Irwin Digital Photography 1 12-12-2003 04:41 AM



Advertisments