Getting credentials from a smart card reader.

Posted on 2007-07-30
Last Modified: 2008-01-09
I am working on a web application in which we are wanting to verify users using a smart card with a USB smart card reader.  Will these create a client side variable that a web application can read?  If so, how would one go about finding that?  Let me know if this is too vague.  I know very little about smart card readers.
Question by:HyperBPP
    LVL 5

    Expert Comment

    Do you have anything like the GemSafe Libraries, which would allow you to interface with the smart card?
    LVL 6

    Author Comment

    I just have the smart card reader installed.  Will a commercial library like GemSafe need to be installed in order to use the reader?  Or will it read at least the ostensible data on the card.  Once, again I apologize for how little I know on this matter.

    Can anyone suggest a site that might dispel some of my ignorance on this matter.  
    LVL 5

    Expert Comment

    Normally you would either host a SSL certificate on the card and authenticate against the cert, or perhaps in some cases you might be able to identify the card itself.

    One port of call assuming this is an IIS / AD implementation, would be here:

    Depending on the infrastructure you have, though, you might consider using middleware rather than trying to develop the authentication method on the site itself. Especially if you have any kind of access to a RADIUS infrastructure that supports smart cards.

    It really depends on your budget and infrastructure as to what solution's best for you, especially if this is just one application in a smorgasbord of web apps that you need to think about securing via smart card authentication.

    Just as an example, I know of people using Imprivata (a single sign-on appliance solution) with RADIUS and smart card technology that's not only interfaced to the VPN solution, but also to the door entry system. Under this setup it's possible to ensure there are only two ways to log into a web app that uses a back-end database for its user store- go in through a VPN with the smart card and PIN, or badge into the building itself with your smart card before you log into a PC on the local subnet.
    LVL 5

    Accepted Solution

    If you're using Windows 2003 and XP on the clients then in theory you don't need any "third party" software for smart card login, but that doesn't mean it's a no-brainer.

    I found this link which pretty much covers the Microsoft end of things...

    But bear in mind, one thing Microsoft do NOT provide, is CMS (aka Smart Card Management).

    So, it might be fairly easy to enable an individual for smart card login without putting your hand in your pocket, since it's not massively difficult to assign a card to a user, but you probably wouldn't want to roll out 500 smart cards without a third party solution - Intercede, ActiveCard and GemAlto are the three players that immediately spring to mind.

    This then brings into question how you'd develop an app that's portable to different customers with different CMS solutions, certification options etc - if you're developing an off-the-shelf solution for resale then this definitely needs more consideration but if it's for internal use only and you're working in a corporate environment then the best thing I can think of is that you talk to the network infrastructure team (assuming there is one) to find out if they have a PKI infrastructure, and work it from there.


    Featured Post

    How to run any project with ease

    Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
    - Combine task lists, docs, spreadsheets, and chat in one
    - View and edit from mobile/offline
    - Cut down on emails

    Join & Write a Comment

    Great sound, comfort and fit, excellent build quality, versatility, compatibility. These are just some of the many reasons for choosing a headset from Sennheiser.
    In the modern office, employees tend to move around the workplace a lot more freely. Conferences, collaborative groups, flexible seating and working from home require a new level of mobility. Technology has not only changed the behavior and the expe…
    Here's a very brief overview of the methods PRTG Network Monitor ( offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…
    In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor ( If you're interested in additional methods for monitoring bandwidt…

    745 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    14 Experts available now in Live!

    Get 1:1 Help Now