Last post Nov 21, 2018 07:28 PM by ASPDevNUS
Nov 16, 2018 12:01 AM|ASPDevNUS|LINK
Our current application maps LDAP username to Aspnet Membership database for role authorization after MS Username and Password provided.
What is be requested is to use Certificate mapping and the user's SSL certificate Subject Alternate Name in the same fashion. I.e. query the SAN presented on the certificate and pass this to the aspnet membership database to authorize and then serve the
proper content to the user's browser.
Is this even possible? I've been searching the internet but don't seem to have the vocabulary to find an item which matches this request. The part that I can't seem to find is passing the Certificate SAN to the aspnet membership database.
Thank you in advance.
Nov 19, 2018 08:59 AM|Brando ZWZ|LINK
In my opinion, this is possible, we could create a custom filter to get the user certificate and get the SAN from the certificate and check it in the database.
I suggest you could refer to below article to know how to create the custom filter and how to get the certficate from requrst and get the SAN.
For how to create a custom filter in MVC, you could refer to below article:
What is custom filter:https://docs.microsoft.com/en-us/aspnet/mvc/overview/older-versions/hands-on-labs/aspnet-mvc-4-custom-action-filters
How to get the request in the custom filter and how to register it.https://stackoverflow.com/a/6940798/7609093
About how to get the SAN in the requrest's certificate, you could refer to below article:
Get the certificate from request:
HttpRequestBase request = filterContext.HttpContext.Request;
var re = request.ClientCertificate;
Nov 21, 2018 07:28 PM|ASPDevNUS|LINK
@Brando ZWZ, Thanks for the ideas, sorry for the late reply, I forgot to tell the forum to notify me. I will post back with additional questions/information or results. Thanks again.