.net example using client certificates in a web service call?

Question

.net example using client certificates in a web service call?

I would like to use client certificates to verify the identity of administrative users on my web service. Then I can issue certificates only to those people whom I want to call my web service, and be sure that no one else can name it. This is in a very controlled scenario where only one or two people will receive a client certificate, so distribution is not a difficult problem.

This article is a good example of how to invoke a web service using a client certificate.

But how can I check the details of the client certificate from my web service? This old article talks about configuring IIS for this, but I would like to do this programmatically in my application. I think?

Thanks for any suggestions!

+7

c # certificate ssl web-services asmx

Rory Jun 08 '10 at 23:46

source share

1 answer

Joe · Accepted Answer · 2010-06-09T00:32:57+0000

The incoming request has a ClientCertificates collection that you can query - you can check the various fields in the certificate or check the actual raw byte data (possibly in relation to the data store or other source) if you want to check it completely.

Please note that if you issue certificates from your own CA, you need to install the CA certificate on your web server in a repository that will be accessible to all users, otherwise IIS will not request these certificates from the user (due to the nature of server interaction and customer.)

.net example using client certificates in a web service call?

More articles: