Client authentication - dealing with client-side ceritificates

Question

I have an ASP.net web application and my clients need to authenticate to my website with client-side v3 certificates.

All I need to check is that: 1- the certificate is valid 2- The "Issued To CN" has a specific value

I do the following in my MVC action:

var req = Request.ClientCertificate;

req has a property called IsValid which is enough for requirement (1). Now, the issue here is that I cannot check the CN because I believe it is stored in another property of the type byte[0] called Certificate.

I tried reading the certificate like this:

var x509 = new X509Certificate(req.Certificate);

But I get two exceptions:

'x509.Issuer' threw an exception of type 'System.Security.Cryptography.CryptographicException'
'x509.Subject' threw an exception of type     'System.Security.Cryptography.CryptographicException'

How can I read the certificate?

score 0 · Answer 1 · edited May 23 '17 at 12:15

0

The typical approach is to map certificate attributes (e.g. the Subject or CN) to one or more users. This is done via IIS configuration.

After that is completed, all MVC has to do is check the current user.

Client authentication - dealing with client-side ceritificates

1 Answers1