I am making an application in which a user would see a login page, enter his email address and a password. At that time I want the system to read his CAC certificates and permit him to choose. Right now all I can do is require the SSL and it asks for the certificate before the user logs in. Is there any way to do this? I am testing this locally with VS 2015 and changing the applicationhost.config file. I am not sure how it will function differently on a server at this point. Basically, I want to ask the user for a certificate when I need it and not before.
I found some data but it still doesn't work on the server. I changed the SSL settings on the server to not require SSL and to ignore. Then I added this to my web.config file:
 <location path="FileSharing/Index" allowOverride="true">
<system.webServer>
  <security>
    <access sslFlags="Ssl,SslNegotiateCert,SslRequireCert"/>
  </security>
</system.webServer>
With this I am getting a 500 error and the browser is trying to go to:
https://server/FileSharing/FileSharing/Index
where the FileSharing is in the address twice. Any ideas?
The first page, which is simply a welcome page and does not require SSL, comes up fine but I want it to read the cert when going to the Index.
Navigate to Computer. Right-click Computer, and then select Properties. Under Tasks, select Device Manager. In Device Manager, expand Smart card readers, select the name of the smart card reader you want to check, and then select Properties.
The contactless smart card contains an antenna embedded within the plastic body of the card (or within a key fob, watch or other document). When the card is brought into the electromagnetic field of the reader, the chip in the card is powered on.
Proximity Cards store only a facility code and card number, while Smart Cards provide this information PLUS the ability to authenticate and store biographical information. Many systems utilize proximity technology.
You should probably add a secondary page in-between, right after the login, redirect to that "proxy" page that will require the certificate and then if everything checks out, move the flow along.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With