Prompting for client certificates, ASP or AJAX solution needed...

Posted on 2007-10-04
Last Modified: 2012-08-13

Im setting up an area on our website to accept client certificates. I have the setup working, have configured an OCSP module to check the validity of the certificate. The website is running on IIS6.

The issue im trying to get around at the moment is how to prompt for the certificate - currently the only method i know off is to configure IIS to either Accept or Require client certs - and again this works fine. In our website we have a registration page, which allows users to either manually enter their details, or hopefully click on a button that will prompt them to use their client certificate (at which point i will extract information from the certificate and pre-populate the registration form). The only way i can currently achieve this is to have a link from the registration page to page that requires a client certificate - however because its a link the user has then navigated away from the registration page. Ideally what id like to be able to do is to prompt for the certificate from the registration page and then extract the information. I thought this would be possible using either AJAX or MSXML (ASP) however it appears that call requires a client certificate to have been presented before the remote request is made.

Any clever ideas anyone?

Thhanks in advance
Question by:partnershipdev
    LVL 75

    Expert Comment

    by:Michel Plungjan
    Never tried this.

    How about loading an image from a directory that needs certificate?

    Author Comment

    Ho mplungian,

    It could be a possiblity, but how would the registration page return values from the certificate - effectively the image in the secured directory would be the only object with access to the clients certificate (and of course that isnt possible either!)

    Any thoughts?
    LVL 75

    Accepted Solution

    It does not have to be an image.

    <img name="regImage" src="blank.gif" width="1" height="1"
    onLoad="if (this.src.indexOf('blank')==-1) getCertificateStuff()">

    and have

    <a href="#"
    return false">Whatever</a>

    and have the someServerprocess.asp set a cookie and have getCertificateStuff() read that cookie

    Author Comment


    Great solution....with some modifications i got this solution to work perfectly.

    Thanks for your suggestions.

    Featured Post

    What Should I Do With This Threat Intelligence?

    Are you wondering if you actually need threat intelligence? The answer is yes. We explain the basics for creating useful threat intelligence.

    Join & Write a Comment

    Microservice architecture adoption brings many advantages, but can add intricacy. Selecting the right orchestration tool is most important for business specific needs.
    International Data Corporation (IDC) prognosticates that before the current the year gets over disbursing on IT framework products to be sent in cloud environs will be $37.1B.
    The viewer will learn the basics of jQuery, including how to invoke it on a web page. Reference your jQuery libraries: (CODE) Include your new external js/jQuery file: (CODE) Write your first lines of code to setup your site for jQuery.: (CODE)
    The viewer will learn the basics of jQuery including how to code hide show and toggles. Reference your jQuery libraries: (CODE) Include your new external js/jQuery file: (CODE) Write your first lines of code to setup your site for jQuery…

    746 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    17 Experts available now in Live!

    Get 1:1 Help Now