Last post May 26, 2011 06:03 PM by roby.kaufman
Mar 17, 2008 01:04 PM|joshbeagley|LINK
I'm working on an app for the government, where everyone logged into their computer uses a Common Access Card (CAC) which has a certificate built into it. If I run the code <% = Request.ClientCertificate("subjectcn") %> it returns BEAGLEY.JOSHUA.WADE.123456789
or something like that. Anyway, the great thing about this is it acts as both a username and password, because as far as
I'm concerned, it can't be duplicated. So by running a simple SQL statement, I can bring up the profile of that person OR redirect them to a sign up form.
I'm doing all of this without the asp.net profiles/membership thing - basically at this point I find it too confusing to add/edit/delete fields, and I don't even need a username/password field right now.
I know I can set certain parameters as session vars, like Session["name"] = rank + first + last. Am I on the right track? how would you guys do it? thanks
Mar 17, 2008 01:36 PM|docluv|LINK
I guess I am confused, but I think you are trying to set the IPrinciple object for the user so you can authenticate them. I think using Forms Authentication is the way you want to do it. Doing this will set the IPrinicple object for you and you will have
an authenication ticket and therefore a Username you can access.
I hope I am on the right track to what you are trying to accomplish.
Mar 18, 2008 08:20 AM|joppo|LINK
I think that from the position you are at the moment you are just fine and its ok to use FormsAutnentication. You have this string "BEAGLEY.JOSHUA.WADE.123456789" and SQL tells you if it's ok or not. Then you "login" with FormsAuthentication.SetAuthCookie(username,
) and that's it. Having in mind that the users are accessing you application using these cards - you won't need usrnames and psswords. For the future if you are going to have to restrict particular users or something roles are going to be needed but for the
purpose you described - formsAuth. will work just fine. In case you have this ID "BEAGLEY.JOSHUA.WADE.123456789" stored you can show the specific personal page you want (like profile page) and I don't think there is need for someone to sign up if everybody
uses access card. I see I provide you with nothing specific but general things so if you give some more details maybe you'll get more.
May 26, 2011 06:03 PM|roby.kaufman|LINK
Can you guys explain how I get the clients card reader data. I am trying to give them a popup that allows them to select which certificate to use to sign some data. They may have multple card readers installed the server cannot see their readers.