分享
 
 
 

Set Up Client Certificates

王朝asp·作者佚名  2006-01-09
窄屏简体版  字體: |||超大  

How To: Set Up Client Certificates

J.D. Meier, Alex Mackman, Michael Dunner, and Srinath Vasireddy

Microsoft Corporation

November 2002

Microsoft® ASP.NET

Microsoft Visual Studio® .NET

See the Landing Page for a starting point and complete overview of Building Secure ASP.NET Applications.

Summary: IIS supports client certificate authentication. This How To shows you how to configure a Web application to require client certificates. It also shows you how to install a certificate on a client computer and use it when calling the Web application. (5 printed pages)

Contents

Requirements

Summary

Additional Resources

Web services often need to be able to authenticate their callers (other applications) in order to perform authorization. Client certificates provide an excellent authentication mechanism for Web services. When you use client certificates, your application also benefits from the creation of a secure channel (using Secure Sockets Layer [SSL]) between the client application and Web service. This allows you to securely send confidential information to and from the Web service. SSL ensures message integrity and confidentiality.

This How To includes step-by-step instructions to call a Web service that is configured to require client certificates.

Note The information in this How To also applies to remote components hosted by IIS.

Requirements

The following items describe the recommended hardware, software, network infrastructure, skills and knowledge, and service packs you will need.

· Microsoft® Windows® 2000 Server operating system with Service Pack 2

· Microsoft Visual Studio® .NET development system

· Access to a Certificate Authority (CA) to generate new certificates

· A Web server with an installed server certificate

For more information about installing Web server certificates, see How To: Set Up SSL on a Web Server in the Reference section of this guide.

The procedures in this How To also require that you have knowledge of ASP.NET Web development with the Microsoft Visual C#™ development tool.

Summary

This How To includes the following procedures:

1. Create a Simple Web Application

2. Configure the Web Application to Require Client Certificates

3. Request and Install a Client Certificate

4. Verify Client Certificate Operation

1. Create a Simple Web Application

To create a simple Web application

1. Start Visual Studio .NET and create a new C# ASP.NET Web application called SecureApp.

2. Drag a label control from the toolbox onto the WebForm1.aspx Web form, and then set its ID property to message.

3. Drag a second label onto WebForm1.aspx and set its ID property to certData.

4. Add the following code to the Page_Load event procedure.

5. string username;

6. username = User.Identity.Name;

7. message.Text = "Welcome " + username;

8. HttpClientCertificate cert = Request.ClientCertificate;

9. if (cert.IsPresent)

10. {

11. certData.Text = "Client certificate retrieved";

12. }

13. else

14. {

15. certData.Text = "No client certificate";

16. }

17. On the Build menu, click Build Solution.

18. Start Internet Explorer and navigate to http://localhost/SecureApp/WebForm1.aspx.

The page should be displayed with the messages "Welcome" (no user name is displayed because the user has not been authenticated) and "No client certificate."

19. Close Internet Explorer.

2. Configure the Web Application to Require Client Certificates

This procedure uses Internet Information Services (IIS) to configure your Web application's virtual directory to require certificates.

This procedure assumes that you have a valid certificate installed on your Web server. For more information about installing Web server certificates, see How To: Set Up SSL on a Web Server.

To configure your Web application's virtual directory to require certificates

1. On the Web service host computer, start IIS.

2. Navigate to the SecureApp virtual directory.

3. Right-click SecureApp, and then click Properties.

4. Click the Directory Security tab.

5. Under Secure communications, click Edit.

If Edit is unavailable, it is likely that a Web server certificate is not installed.

6. Select the Require secure channel (SSL) check box.

7. Select the Require client certificates option.

8. Click OK, and then click OK again.

9. In the Inheritance Overrides dialog box, click Select All, and then click OK to close the SecureApp properties dialog box.

This applies the new security settings to all subdirectories in the virtual directory root.

10. To confirm that the Web site is configured correctly, start Internet Explorer and browse (using HTTPS) to https://localhost/secureapp/webform1.aspx.

11. A Client Authentication dialog box is displayed by Internet Explorer asking you to select a client certificate. Because you have not yet installed a client certificate, click OK, and confirm that an error page is displayed informing you that the page requires a client certificate.

12. Close Internet Explorer.

3. Request and Install a Client Certificate

This procedure installs a client-side certificate. You can use a certificate from any certificate authority, or you can generate your own certificate using Microsoft Certificate Services as described in the following sections.

This procedure assumes that Microsoft Certificate Services is configured for pending requests, which require an administrator to explicitly issue the certificate. It can also be configured to automatically issue certificates in response to certificate requests.

To check the certificate request status setting

1. On the Microsoft Certificate Services computer, select Certification Authority from the Administrative Tools programs group.

2. Expand Certification Authority (Local), right-click the certification authority and click Properties.

3. Click the Policy Module tab, and then click Configure.

4. Check the default action.

The following procedure assumes that Set the certificate request status to pending. Administrator must explicitly issue the certificate is selected.

To request a client-side certificate

1. Start Internet Explorer and navigate to http:// hostname/certsrv, where hostname is the name of the computer on which Microsoft Certificate Services is installed.

2. Click Request a certificate, and then click Next.

3. On the Choose Request Type page, click User Certificate, and then click Next.

4. Click Submit to complete the request.

5. Close Internet Explorer.

To issue the client-side certificate

1. From the Administrative Tools program group, start the Certification Authority tool.

2. Expand your certificate authority, and then select the Pending Requests folder.

3. Select the certificate request you just submitted, point to All Tasks on the Action menu, and then click Issue.

4. Confirm that the certificate is displayed in the Issued Certificates folder, and then double-click it to view it.

5. On the Details tab, click Copy to File to save the certificate as a Base-64 encoded X.509 certificate.

6. Close the properties window for the certificate.

7. Close the Certification Authority tool.

To install the client-side certificate

1. To view the certificate, start Windows Explorer, navigate to the .cer file saved in the previous procedure, and then double-click it.

2. Click Install Certificate, and then click Next on the first page of the Certificate Import Wizard.

3. Select Automatically select the certificate store based on the type of certificate, and then click Next.

4. Click Finish to complete the wizard. Dismiss the confirmation message box, and then click OK to close the certificate.

4. Verify Client Certificate Operation

This procedure verifies that you can access the SecureApp application using a client certificate.

To verify client certificate operation

1. Start Internet Explorer and navigate to https://localhost/secureapp/webform1.aspx.

2. Confirm that the Web page displays successfully.

 
 
 
免责声明:本文为网络用户发布,其观点仅代表作者个人观点,与本站无关,本站仅提供信息存储服务。文中陈述内容未经本站证实,其真实性、完整性、及时性本站不作任何保证或承诺,请读者仅作参考,并请自行核实相关内容。
2023年上半年GDP全球前十五强
 百态   2023-10-24
美众议院议长启动对拜登的弹劾调查
 百态   2023-09-13
上海、济南、武汉等多地出现不明坠落物
 探索   2023-09-06
印度或要将国名改为“巴拉特”
 百态   2023-09-06
男子为女友送行,买票不登机被捕
 百态   2023-08-20
手机地震预警功能怎么开?
 干货   2023-08-06
女子4年卖2套房花700多万做美容:不但没变美脸,面部还出现变形
 百态   2023-08-04
住户一楼被水淹 还冲来8头猪
 百态   2023-07-31
女子体内爬出大量瓜子状活虫
 百态   2023-07-25
地球连续35年收到神秘规律性信号,网友:不要回答!
 探索   2023-07-21
全球镓价格本周大涨27%
 探索   2023-07-09
钱都流向了那些不缺钱的人,苦都留给了能吃苦的人
 探索   2023-07-02
倩女手游刀客魅者强控制(强混乱强眩晕强睡眠)和对应控制抗性的关系
 百态   2020-08-20
美国5月9日最新疫情:美国确诊人数突破131万
 百态   2020-05-09
荷兰政府宣布将集体辞职
 干货   2020-04-30
倩女幽魂手游师徒任务情义春秋猜成语答案逍遥观:鹏程万里
 干货   2019-11-12
倩女幽魂手游师徒任务情义春秋猜成语答案神机营:射石饮羽
 干货   2019-11-12
倩女幽魂手游师徒任务情义春秋猜成语答案昆仑山:拔刀相助
 干货   2019-11-12
倩女幽魂手游师徒任务情义春秋猜成语答案天工阁:鬼斧神工
 干货   2019-11-12
倩女幽魂手游师徒任务情义春秋猜成语答案丝路古道:单枪匹马
 干货   2019-11-12
倩女幽魂手游师徒任务情义春秋猜成语答案镇郊荒野:与虎谋皮
 干货   2019-11-12
倩女幽魂手游师徒任务情义春秋猜成语答案镇郊荒野:李代桃僵
 干货   2019-11-12
倩女幽魂手游师徒任务情义春秋猜成语答案镇郊荒野:指鹿为马
 干货   2019-11-12
倩女幽魂手游师徒任务情义春秋猜成语答案金陵:小鸟依人
 干货   2019-11-12
倩女幽魂手游师徒任务情义春秋猜成语答案金陵:千金买邻
 干货   2019-11-12
 
推荐阅读
 
 
 
>>返回首頁<<
 
靜靜地坐在廢墟上,四周的荒凉一望無際,忽然覺得,淒涼也很美
© 2005- 王朝網路 版權所有