views:

376

answers:

0

I'm having a problem with a site that uses client side certificates for authentication. The site contains an iframe which loads a page hosted on a different server. This page also uses the client certificate.

This works perfectly, except that a hiccup in the "inner page" webserver sometimes causes it to lose the authenticated state of the user (the site in question is ASP.NET). I'm trying to find a way to gracefully recover from this, but I can't get Internet Explorer to retransmit the client certificates by setting HTTP response code and/or WWW-authenticate header. At most, it'll bring up a basic username/password prompt instead.

When I open a new tab in Internet Explorer 8 with the same site, it'll work fine in that tab, but in the original tab the client certificate will only be visible to the "outer" website. Reloading the page doesn't help. My only option is to close that tab and start using a new one..

Has anyone seen this behavior in IE before? Is there any way to get it to retransmit the client certificate?