473,618 Members | 3,170 Online
Bytes | Software Development & Data Engineering Community
+ Post

Home Posts Topics Members FAQ

Client Cert Delegation to Web Service

I have some secure ASP.NET Web Services (which could become WCF
services) used to generate a secure ASP.NET page. Is there any way to
delegate (impersonate?) the client cert from the user accessing the
page to the secure service ?

Thanks in advance

Doug

Aug 29 '07 #1
2 1817
IIS has a certificate mapping feature - this allows to map the certificate
to a Windows account (i can't remember if this gives you an impersonatable
token - Joe?).

You could also use protocol transition to do this - but this requires a domain.

-----
Dominick Baier (http://www.leastprivilege.com)

Developing More Secure Microsoft ASP.NET 2.0 Applications (http://www.microsoft.com/mspress/books/9989.asp)
I have some secure ASP.NET Web Services (which could become WCF
services) used to generate a secure ASP.NET page. Is there any way to
delegate (impersonate?) the client cert from the user accessing the
page to the secure service ?

Thanks in advance

Doug

Aug 29 '07 #2
Yes, the certificate mapping does give you an impersonatable token and if
you use protocol transition (S4U), it should be then possible to delegate
the impersonated security context to the web service via Kerberos
delegation.

As I said before, you can't actually delegate the client certificate SSL
handshake itself since you don't have the private key, but the Kerberos
delegation approach can be made to work.

Joe K.

--
Joe Kaplan-MS MVP Directory Services Programming
Co-author of "The .NET Developer's Guide to Directory Services Programming"
http://www.directoryprogramming.net
--
"Dominick Baier" <dbaier@pleasep leasenospam_lea stprivilege.com wrote in
message news:8e******** *************** ***@news.micros oft.com...
IIS has a certificate mapping feature - this allows to map the certificate
to a Windows account (i can't remember if this gives you an impersonatable
token - Joe?).

You could also use protocol transition to do this - but this requires a
domain.

-----
Dominick Baier (http://www.leastprivilege.com)

Developing More Secure Microsoft ASP.NET 2.0 Applications
(http://www.microsoft.com/mspress/books/9989.asp)
>I have some secure ASP.NET Web Services (which could become WCF
services) used to generate a secure ASP.NET page. Is there any way to
delegate (impersonate?) the client cert from the user accessing the
page to the secure service ?

Thanks in advance

Doug


Aug 29 '07 #3

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics
1
1842
How to create a cerfiticate and install it on client machine automatically.
by: luciano | last post by:
Hi everyone, I want to create a application and a webservice, application connect to web service to activate, web sevice will create a certificate to authenticate this client, for each transaction between client anh server, server will check cerfiticate of client connect to it. How do i do that? Thanks for your reply.
C# / C Sharp
3
2810
ASPNET To Web Service using SSL w/Client Certs
by: Tim Burris | last post by:
At the top here i will put a quick description of my problem followed by the long description. This way you want get bored reading! : short version what is the best/recommended way for ASPNET apps to call web services that REQUIRE Client Certificates via SSL long version our company has new requirements, all servers must REQUIRE SSL and Server/client certificates i have setup a test Win2003 server to issue certs so i have a full test...
ASP.NET
1
3276
VB.NET Client accessing Webservice at JavaServerHost
by: Paul NGPC | last post by:
Hi folks This is a challenging and interesting topic. Need HELP on this, would be good if some tips/techniques can be given for the topic. Using VB.NET client to connect to JavaWebserver. Don't know how to use the 2-way SSL to communicate and make the SSL handshake process( at Transport level https://) transparent. Any .NET classes to make all the 2-way SSL
Visual Basic .NET
0
4531
2-way SSL VB.NET Client Consuming Webservices(JavaServer)
by: paulngpc | last post by:
> Hi folks > > This is a challenging and interesting topic. Need HELP on > this, would be good if some tips/techniques can be given > for the topic. > > Using VB.NET client to connect to JavaWebserver. Don't > know how to use the 2-way SSL to communicate and make the > SSL handshake process( at Transport level https://) > transparent. Any .NET classes to make all the 2-way SSL
.NET Framework
1
4966
Accessing Secured web service from C#.net Client
by: vineet.jsl | last post by:
Hello Everybody, i am facing some problem in accessing secured web service. i have some experience with web services but not with Secured web services. Actually what i have to do is, first, i made a windows application to access a web service. its running fine. But later, the web service provider changed the web service into Secured web service. and they have given me a "echoserviceclient.cert" Certificate file. now i dont know what the...
.NET Framework
2
16354
HttpWebRequest and client certificates
by: steveS | last post by:
Hi all, I'm having trouble connecting to a Java web service using HttpWebRequest. I get the error message "The request was aborted: Could not create SSL/TLS secure channel". The Java service requires a client certificate which they have provided in .cer format. I can connect ok to their test service which uses SSL but doesnt require a client certificate with the code below. I dont have great deal of knowledge about client certificates...
.NET Framework
0
1478
Capturing a Client Cert and Passing it to a Secure Web Service
by: hepsubah | last post by:
I'm trying to capture a client cert in my ASP.NET application, and use that cert as the client cert for a call to secure web service. I've used the following code, but am getting a 403 error on the invocation of the service. All the service is supposed to do is return the subject of the passed cert (I'll do more with it later) ...
ASP.NET
0
938
Client Cert Delegation to Web Service
by: hepsubah | last post by:
I have some secure ASP.NET Web Services (which could become WCF services) used to generate a secure ASP.NET page. Is there any way to delegate (impersonate?) the client cert from the user accessing the page to the secure service ? Thanks in advance Doug
.NET Framework
9
7262
Automatically add trusted publisher to client store
by: =?Utf-8?B?U3RldmVuIFRhbmc=?= | last post by:
I want to download pfx from my asp.net server, add the pfx to client's X509Store as a trusted publisher, Is it possible? my func in aspx is like this: void InstallCertification() { try{ WebClient web = new WebClient(); string url = "http:/myaspserver/mydir/mykey_2008.pfx"; byte b = web.DownloadData(url);
ASP.NET
0
8650
Oralloy
Problem With Comparison Operator <=> in G++
by: Oralloy | last post by:
Hello folks, I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>". The problem is that using the GNU compilers, it seems that the internal comparison operator "<=>" tries to promote arguments from unsigned to signed. This is as boiled down as I can make it. Here is my compilation command: g++-12 -std=c++20 -Wnarrowing bit_field.cpp Here is the code in...
C / C++
0
8593
jinu1996
Maximizing Business Potential: The Nexus of Website Design and Digital Marketing
by: jinu1996 | last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven tapestry of website design and digital marketing. It's not merely about having a website; it's about crafting an immersive digital experience that captivates audiences and drives business growth. The Art of Business Website Design Your website is...
Online Marketing
1
8303
The easy way to turn off automatic updates for Windows 10/11
by: Hystou | last post by:
Overview: Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows Update option using the Control Panel or Settings app; it automatically checks for updates and installs any it finds, whether you like it or not. For most users, this new feature is actually very convenient. If you want to control the update process,...
Windows Server
0
7124
agi2029
AI Job Threat for Devs
by: agi2029 | last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing, and deployment—without human intervention. Imagine an AI that can take a project description, break it down, write the code, debug it, and then launch it, all on its own.... Now, this would greatly impact the work of software developers. The idea...
Career Advice
0
5552
Couldn’t get equations in html when convert word .docx file to html file in C#.
by: conductexam | last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and then checking html paragraph one by one. At the time of converting from word file to html my equations which are in the word document file was convert into image. Globals.ThisAddIn.Application.ActiveDocument.Select();...
C# / C Sharp
0
4064
Trying to create a lan-to-lan vpn between two differents networks
by: TSSRALBI | last post by:
Hello I'm a network technician in training and I need your help. I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs. The last exercise I practiced was to create a LAN-to-LAN VPN between two Pfsense firewalls, by using IPSEC protocols. I succeeded, with both firewalls in the same network. But I'm wondering if it's possible to do the same thing, with 2 Pfsense firewalls...
Networking - Hardware / Configuration
0
4147
Windows Forms - .Net 8.0
by: adsilva | last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
Visual Basic .NET
1
1760
muto222
How to add payments to a PHP MySQL app.
by: muto222 | last post by:
How can i add a mobile payment intergratation into php mysql website.
PHP
2
1455
bsmnconsultancy
Comprehensive Guide to Website Development in Toronto: Expert Insights from BSMN Consultancy
by: bsmnconsultancy | last post by:
In today's digital era, a well-designed website is crucial for businesses looking to succeed. Whether you're a small business owner or a large corporation in Toronto, having a strong online presence can significantly impact your brand's success. BSMN Consultancy, a leader in Website Development in Toronto offers valuable insights into creating effective websites that not only look great but also perform exceptionally well. In this comprehensive...
General

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.

BYTES.COM © 2024
About Bytes
Terms Of Use
Privacy Policy
Sitemap
Advertise on Bytes
How to Post and Respond on Bytes
How to Promote and Link on Bytes
How to increase your Ranking on Bytes
Become a Recognized Expert on Bytes
Feedback Welcomed! Contact Us