How to require X.509 certificate authentication in ASP.NET MVC?

Question

How to require X.509 certificate authentication in ASP.NET MVC?

There is a lot of material on how to authenticate with an X.509 certificate through HttpWebRequest from the client side, but no certificate is sent because the server sends a call to the client to send it. How to configure an ASP.NET MVC site to have an X.509 client certificate for specific MVC actions?

Note that I saw the X.509 client configuration of the client in IIS, but I do not want to always require X.509 - only with certain actions.

+4

security authentication asp.net-mvc x509certificate

Andrew Arnott Nov 07 '10 at 23:52

source share

1 answer

Mormegil · Answer 1 · 2011-02-18T22:38:20+0000

AFAIAA, the HTTPS handshake is always handled by IIS / Windows, you do not control it from your application. The only possible way is to have a specially configured part of your application that requires a client certificate, and the rest without it. Then, when you want the user to provide their certificate, redirect them to this page in a special part (which will probably just save / confirm the received certificate and redirect it back).

How to require X.509 certificate authentication in ASP.NET MVC?

More articles: