views:

98

answers:

0

I need to capture user's X.509 certificates from their cards and map to a user table for forms authentication in ASP.NET MVC. I have created an MVC (ver 2) project in VS 2008, configured to run as a virtual directory under the Default Web Site in the local IIS on Vista using the default template but added RequireHttpsAttribute to the Account/LogOn ActionResult. No other changes. Using the local IIS Manager, I created a self-signed cert and applied it, then set the Account/Logon.aspx page to Require SSL and Require client certificates.

Running in debug, when I click the 'Log On' link from the Welcome page (Home/Index view), it correctly routes to Account/Logon.aspx using https but no prompt for certificate. Using Dynatrace (awesome, http://ajax.dynatrace.com), I can see that the response status is getting set to 403 but again, no cert prompt.

As a sanity check, I set up a default asp.net web app project to run in a virtual directory in the default Web Site (same as MVC project above) in Vista and configured the default.aspx page to Require SSL and Require client certificates, as done in the MVC project above. Ran it, works fine, I get the certificate prompt and can choose cert and enter PIN for card and read my X.509 from request.clientcertificate object in the code behind.

The application pool for both virtual directories is set to Classic .NET AppPool in integrated pipeline mode.

Help?!

Update: Super kludgy workaround in progress. I added a folder 'Auth' and an 'GetCert.aspx' file to it that is marked SSL/Require client certificates to the MVC project and then added "routes.IgnoreRoute("Auth/{*pathInfo}")" to the global.asax. The codebehind of the GetCert.aspx response.writes the data I want from the X.509. Then I added a jquery.get call in LogOn.aspx which calls GetCert.aspx and returns the cert Subject results as a string to a div in LogOn.aspx. I now get the cert prompt and get the results in my MVC view, but this can't be the way to do this!