Request.ClientCerficate

TheMSsForum.com: The Microsoft Software Forum

Hi

I have a problem with Request.ClientCerficate
IIS 6. ASP solution,Win2003R2

Whe i call Request.ClientCerficate it does to nothing.
All settings , certifcates aso. are OK. because on another server same
solution works perfectly!
No errors, nothing., it just does not work.

Any ideas?


Best regards;
Meelis
Top

Re: Request.ClientCerficate by Andy

Andy
Tue Feb 26 11:14:19 CST 2008

How and where are you requesting the client certificate? Is this
through program code (ie VB.NET), a properties sheet (from what
application), or because of a call to a website from inside of
internet explorer?

Client certificates identify client computers to server computers
under the Kerberos scheme. Does your server need to have kerberos
setup?

Its hard to tell what's wrong without really knowing what you are
trying to do...because there are so many things you can do with
certificates.

Andy
Top

Re: Request.ClientCerficate by Meelis

Meelis
Tue Feb 26 11:53:26 CST 2008

Hi Andy

Im requesting client certificate trough ASP(old asp) code.
ASP page runs under IIS 6.Server certificate is ok, and webpage is set to
accept client certificates.
Testing with Internet Explorer 6 and 7. Client certificate is read from
Estonian National ID Card.


testing with code;
<%
For Each strKey in Request.ClientCertificate
Response.Write strkey & " = " & Request.ClientCertificate(strkey) & "<BR>"
Next
%>

On another server all works fine, when i call this asp page, "select a
digital certificate" window pops up even when no id-card is inserted.
On this problematic server it does not work.




Meelis


"Andy" <anedza@infotek-consulting.com> kirjutas sõnumis news:
3c2f5d4e-afc5-480a-8c63-4cc06cca5469@72g2000hsu.googlegroups.com...
> How and where are you requesting the client certificate? Is this
> through program code (ie VB.NET), a properties sheet (from what
> application), or because of a call to a website from inside of
> internet explorer?
>
> Client certificates identify client computers to server computers
> under the Kerberos scheme. Does your server need to have kerberos
> setup?
>
> Its hard to tell what's wrong without really knowing what you are
> trying to do...because there are so many things you can do with
> certificates.
>
> Andy

Top

Re: Request.ClientCerficate by Andy

Andy
Tue Feb 26 13:41:42 CST 2008

In your code, you aren't checking to see if any certificates were
received at all (by checking for a count before you go into the for
each loop). If the count is zero, you should display an error message
stating no certificates were received.

<%
For Each strKey in Request.ClientCertificate
Response.Write strkey & " = " & Request.ClientCertificate(strkey) &
"<BR>"
Next
%>

Because you don't crash, your results indicate that no certificates
have been sent by the client when it issued a request to your server.
Check your client browser security settings to ensure that the browser
isn't stopping this information from being sent.

Also, should the in clause of your for each be
Request.ClientCertificates, which is the actual collection of the
certificates sent?

Andy
Top

Re: Request.ClientCerficate by Meels

Meels
Wed Feb 27 01:02:18 CST 2008

Hi Andy

Yes, i'm not checking Count beacuse i wanted to get error message.
But there is no error, Count is always 0.

As i sayd, its not browser related problem, because on another server all
works fine when i call this asp page from IE.

Meelis



"Andy" <anedza@infotek-consulting.com> kirjutas sõnumis news:
3c631a9f-477e-4acf-b8c3-4459fc146c0b@o10g2000hsf.googlegroups.com...
> In your code, you aren't checking to see if any certificates were
> received at all (by checking for a count before you go into the for
> each loop). If the count is zero, you should display an error message
> stating no certificates were received.
>
> <%
> For Each strKey in Request.ClientCertificate
> Response.Write strkey & " = " & Request.ClientCertificate(strkey) &
> "<BR>"
> Next
> %>
>
> Because you don't crash, your results indicate that no certificates
> have been sent by the client when it issued a request to your server.
> Check your client browser security settings to ensure that the browser
> isn't stopping this information from being sent.
>
> Also, should the in clause of your for each be
> Request.ClientCertificates, which is the actual collection of the
> certificates sent?
>
> Andy

Top

Re: Request.ClientCerficate by Meels

Meels
Wed Feb 27 01:52:11 CST 2008

found similar problem in archives

http://www.webservertalk.com/archive122-2005-5-1044901.html


Meelis





"Meels Lilbok" <meelis.lilbok@deltmar.ee> kirjutas sõnumis news:
u#rqTYIeIHA.4712@TK2MSFTNGP04.phx.gbl...
> Hi
>
> I have a problem with Request.ClientCerficate
> IIS 6. ASP solution,Win2003R2
>
> Whe i call Request.ClientCerficate it does to nothing.
> All settings , certifcates aso. are OK. because on another server same
> solution works perfectly!
> No errors, nothing., it just does not work.
>
> Any ideas?
>
>
> Best regards;
> Meelis

Top

Re: Request.ClientCerficate by David

David
Sat Mar 01 04:59:30 CST 2008

This sounds like user misconfiguration of the server because as you
say, the same code works on another server, and it works from
different clients.

Verify you actually have identifical configuration between the working
and non-working server. If you automate and script the deployment of
your servers that would not be an issue, but if you hand-configure
servers, they will likely fall out of sync no matter what you do.


//David
http://w3-4u.blogspot.com
http://blogs.msdn.com/David.Wang
//



On Feb 26, 11:52=A0pm, "Meels Lilbok" <meelis.lil...@deltmar.ee> wrote:
> found similar problem in archives
>
> http://www.webservertalk.com/archive122-2005-5-1044901.html
>
> Meelis
>
> "Meels Lilbok" <meelis.lil...@deltmar.ee> kirjutas s=F5numis news:
> u#rqTYIeIHA.4...@TK2MSFTNGP04.phx.gbl...
>
>
>
> > Hi
>
> > I have a problem with =A0Request.ClientCerficate
> > IIS 6. ASP solution,Win2003R2
>
> > Whe i call Request.ClientCerficate it does to nothing.
> > All settings , certifcates aso. are OK. because on another server same
> > solution works perfectly!
> > No errors, nothing., it just does not work.
>
> > Any ideas?
>
> > Best regards;
> > Meelis- Hide quoted text -
>
> - Show quoted text -

Top

Re: Request.ClientCerficate by FreddyRios

FreddyRios
Wed Mar 05 10:11:02 CST 2008

Hi,

I am also facing the same issue on my vista development computer.

I think it is an undocumented behavior around iis+asp.net2.0+certificates.
This is the analysis so far:
- My computer is running vista, iis and vs 2008.
- I am using asp.net 2.0 web services and iis. I had to activate iis6
compatibility in order to run this web service on iis.
- After activating IIS certificates and running a test with an untrusted
client certificate (sample certificate issued with the test root),
iis+asp.net issued an error about the client certificate being invalid.
- After switching the test to use a valid+trusted client certificate, the
request to the web method gets processed normally.

Previous behavior reveals the client certificate gets validated by
iis+asp.net. This isn't consistent with "Request.ClientCertificate.IsPresent"
being false (no client certificate). I even can get to the subject and issuer
through Request.ServerVariables.

I am still looking at the issue, but so far my only guess it only gets
populated when you get iis to map it to a windows account. I haven't verified
it since that is the configuration we (me and my client) wanted to avoid in
the first place. Since I want it to do some authorization, once the mapping
is done there is no longer a point to get the client certificate.

Is there any special additional configuration on this?
"David Wang" wrote:

> This sounds like user misconfiguration of the server because as you
> say, the same code works on another server, and it works from
> different clients.
>
> Verify you actually have identifical configuration between the working
> and non-working server. If you automate and script the deployment of
> your servers that would not be an issue, but if you hand-configure
> servers, they will likely fall out of sync no matter what you do.
>
>
> //David
> http://w3-4u.blogspot.com
> http://blogs.msdn.com/David.Wang
> //
>
>
>
> On Feb 26, 11:52 pm, "Meels Lilbok" <meelis.lil...@deltmar.ee> wrote:
> > found similar problem in archives
> >
> > http://www.webservertalk.com/archive122-2005-5-1044901.html
> >
> > Meelis
> >
> > "Meels Lilbok" <meelis.lil...@deltmar.ee> kirjutas sõnumis news:
> > u#rqTYIeIHA.4...@TK2MSFTNGP04.phx.gbl...
> >
> >
> >
> > > Hi
> >
> > > I have a problem with Request.ClientCerficate
> > > IIS 6. ASP solution,Win2003R2
> >
> > > Whe i call Request.ClientCerficate it does to nothing.
> > > All settings , certifcates aso. are OK. because on another server same
> > > solution works perfectly!
> > > No errors, nothing., it just does not work.
> >
> > > Any ideas?
> >
> > > Best regards;
> > > Meelis- Hide quoted text -
> >
> > - Show quoted text -
>
>
Top

Re: Request.ClientCerficate by Bob

Bob
Wed Mar 05 10:28:23 CST 2008

Freddy Rios wrote:
> Hi,
>
> I am also facing the same issue on my vista development computer.
>
> I think it is an undocumented behavior around
> iis+asp.net2.0+certificates.
You should remove .inetserver.asp.general from your crosspost and add
.dotnet.framework.aspnet
This is a classic ASP group and you want the ASP.Net group.
--
Microsoft MVP -- ASP/ASP.NET
Please reply to the newsgroup. The email account listed in my From
header is my spam trap, so I don't check it very often. You will get a
quicker response by posting to the newsgroup.


Top