how to set up smart-card authorization in web form i can read ATR of smart card...
try {
m_iCard.Connect( DropDownList1.SelectedItem.Text, SHARE.Shared, PROTOCOL.T0orT1);
try {
// Get the ATR of the card
byte[] atrValue = m_iCard.GetAttribute(SCARD_ATTR_VALUE.ATR_STRING);
} catch {
}
} catch {
}
But further from that no idea.
Do you have the authentication process in place? If not, you can access the link below, it has a tutorial for that: http://securitythroughabsurdity.com/2007/04/implementing-smartcardauthenticationmod.html
Once the users were authenticated by the SM, you can authorize them: http://securitythroughabsurdity.com/2007/04/implementing-authorization-in-aspnet.html
You can see on this link the full tutorial: http://securitythroughabsurdity.com/2007/04/implementing-smartcard-authentication.html
Edited - it’s possible to implement authorization on the following forms:
Declarative
using System.Security.Permissions;
...
[PrincipalPermission(SecurityAction.Demand, Role="Administrator"),
PrincipalPermission(SecurityAction.Demand, Role="Auditors")]
public void DoSomethingImportant()
{
...
}
Imperative
using System.Security.Permissions;
...
public void DoSomethingImportant()
{
PrincipalPermission permCheck = new PrincipalPermission(Nothing, "Administrators");
permCheck.Demand();
}
IPrincipal.IsInRole() Check
if (myPrincipal.IsInRole("Administrators")
{
...
}
Web.Config - Specify access permissions to files and/or folders in the web.config
<configuration>
<system.web>
...
</system.web>
<location path="Admin">
<system.web>
<authorization>
<allow roles="Administrator" />
<deny users="*" />
</authorization>
</system.web>
</location>
<location path="Reports">
<system.web>
<authorization>
<allow roles="Auditor" />
<deny users="*" />
</authorization>
</system.web>
</location>
</configuration>
