tags:

views:

913

answers:

2
+1  Q: 

Configuring 'Cassini' (ASP.NET Development server) for CAC cards for testing - How?

I'm developing a new website (ASP.Net, VB codebehind pages, .Net 3.5) to replace a "Classic ASP" site.

Some of the pages are 'public' and the rest require authentication - in this case it's done by reading DoD-issued CAC cards through the keyboard.

Now, for 'production', they configure IIS so that it does the authentication challenge (reading the card and requesting a PIN) when it hits a certain directory (/secure in this case) so that all pages in that tree are secured.

I'm coming ot the point where I need to see some of the information fomr the card - but when I "F5" the website I'm developing, all the Request.Clientcertificate stuff is empty - there's no 'challenge' happening with the Cassini ASP.Net development server.

I see references to "configure IIS to put SSL on the target directory" - but I'm not running IIS on this development PC (nor is the other developer who's going to run into this shortly). The network support people will be doing this when the site is eventually copied into production but I need to test certain security features now.

How can I configure the server that came with VS2008 to read the CAC card and 'load up' the server/session variables that I need to query? Alternatively, is there anything I can put into the .aspx or .aspx.vb pages themselves that can simulate or trigger the security challenge?

Thanks in advance.

+2  A: 

Short answer. Cassini doesn't support that kind of security.

David  2009-05-27 12:29:17
A: 

I would hope you found a solution to this by now... but just in case, I will tell you that I do similar development and I ran into the same problem. The only "solution" I found was to simply publish the website/webpage to a server with IIS configured to require client certificates, etc...

Of course, this does prevent you from using the "debug" feature in Visual Studio, but there is always the method of injecting debug statements into code [e.g.: response.write() followed by response.end() if necessary]... I also built a page I used for enumerating all the strings available from request.clientcertificate(), and even later expanded it to run a provided regex for searching the entire certificate...

Hope those ideas prove useful!

 2009-07-30 17:14:15
It does not prevent you from using Debug. Simply open the project properties and go to the "Web" tab. Set the project to use IIS, and you should be able to debug just fine.
John Saunders  2009-07-30 17:20:04
I had no trouble using debug provided I pulished to the *local* IIS. Of course I can't debug the version on our production machine but that's production :)
David  2009-08-06 14:54:06
Visual Studio supports remote debugging. It will work with your local machine running IIS or a remote machine running the Remote Debugger Service. From Visual Studio choose Debug->Attach to Process and select the specific aspnet_wp.exe process you want to attach to.
RJBrady  2010-09-09 14:31:15

related questions

Is it better to create Model classes, or just stick with generic database utility class?
What are effective options for embedding video in an ASP.NET web site?
Visual Studio 2008 debugger already attached work-around
Tracking state using ASP.NET AJAX / ICallbackEventHandler
ASP.NET Display SVN Revision Number
ASP.NET URL Rewriting
How can I change the background of a masterpage from the code behind of a content page?
Easy way to AJAX WebControls
How do I define custom web.config sections with potential child elements and attributes for the properties?
ASP.NET MVC "CRUD" Database Sample
Are Multiple DataContext classes ever appropriate?
How to RedirectToAction in ASP.NET MVC without losing request data
Triple Quotes? How do I delimit a databound Javascript string parameter in ASP.NET?
ASP.NET built in user profile, Vs old stile user class/tables
What's a good book for learning ASP?
Bandwith throttling in IIS 6 by IP Address
ASP .Net Custom Client-Side Validation
How to get the value of built, encoded ViewState?
Decent, simple, GIS/mapping component for ASP.NET?
Checklist for IIS 6/ASP.NET Windows Authentication?
How to write to Web.Config in Medium Trust ?
ASP.NET, Visual Studio and Subversion - how to integrate?
Floating Point Number parsing: Is there a Catch All algorithm?
How do I sync the SVN revision number with my ASP.NET web site?
ASP.NET Site Maps