By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
446,188 Members | 1,004 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 446,188 IT Pros & Developers. It's quick & easy.

SSL Mutual Authentication: How to determine user?

P: n/a
Hi All,
We are developing a web service that will be consumed by an external
java-based client (using AXIS if that helps). Their specification dictates
that we will use SSL Mutual Authentication. In order for this to work, I
assume they will provide me with the public key of their certificate and we
will configure IIS to accept the root authority (who will be their own
internal CA I'm assuming) on the certificate as a trusted CA. I'm OK with
that but my question is how do I validate the EXACT identity of the
certificate. I don't want to (and am not sure if I can) use the
client-mapping stuff including IIS as we have little control over the
infrastructure and may not be able to create a mapped account.

Are there properties I can check of the HttpClientCertificate class that can
give me this information in a valid secure way? Is there a better way of
handling this? Or am I just talking a lot of nonsense. If anyone has done
something even remotely similar, I'd love to hear about it.

Thanks All,

Nov 23 '05 #1
Share this question for a faster answer!
Share on Google+

This discussion thread is closed

Replies have been disabled for this discussion.