Getting Smart Card credentials on the client side

Posted on 2007-08-07
Last Modified: 2013-11-05
I am a developer on a webapplication sitting on a server using/having/implementing SSL and is behind a reverse proxy.  I am attempting to make it recognize smart card certificates to verifies a user instead of a username/password.  The little tidbit that it is behind a reverse proxy is temporary but presents the problem for now.  The certificates cannot communicate across the reverse proxy to the server.  I don't know why and there's nothing I can do about it,  it's not our server.  That being said, is there any way to pick up the credentials on the client side?  I know very little about this.  I'm imagining not as this would probably present a security problem.  I'm thinking as I write this that the web app must sit on a server that is either getting information from or is the server administering the activeclient setup.
Question by:HyperBPP
    LVL 7

    Expert Comment

    Can the (reverse) proxy understand and pass on certificates? Perhaps it is just not configured to accept anything but username/password as authentication.
    LVL 6

    Author Comment

    No it cannot understand and pass certificates.  I've been this an issue that they've yet to find a solution for.  Was primarily curious about what could be picked up on the client side.

    LVL 7

    Accepted Solution

    Verifying credentials on the client side doesn't help, as the authentication has to be with the server, I presume. You *can* perhaps code your application so that the smart card credentials authentication becomes part of the application rather than the web server infrastructure (depending on what programming api you have with the smart cards). But that is less than ideal.

    Featured Post

    Enabling OSINT in Activity Based Intelligence

    Activity based intelligence (ABI) requires access to all available sources of data. Recorded Future allows analysts to observe structured data on the open, deep, and dark web.

    Join & Write a Comment

    Don’t let your business fall victim to the coming apocalypse – use our Survival Guide for the Fax Apocalypse to identify the risks and signs of zombie fax activities at your business.
    Password hashing is better than message digests or encryption, and you should be using it instead of message digests or encryption.  Find out why and how in this article, which supplements the original article on PHP Client Registration, Login, Logo…
    Sending a Secure fax is easy with eFax Corporate ( First, Just open a new email message.  In the To field, type your recipient's fax number You can even send a secure international fax — just include t…
    Excel styles will make formatting consistent and let you apply and change formatting faster. In this tutorial, you'll learn how to use Excel's built-in styles, how to modify styles, and how to create your own. You'll also learn how to use your custo…

    746 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    14 Experts available now in Live!

    Get 1:1 Help Now