If you use SSL with client certificates, there are a number of interesting things you can do with the certificates in your ASP.NET application, e.g.
- do authentication/authorization based on certificate properties
- extract the UPN (if it is a Windows enterprise CA certificate) and use it for Protocol Transition
- encrypt data with the user’s public key
ASP.NET puts a client certificate in the HttpResponse.ClientCertificate property. You can check for availability using the IsPresent property. Another property is called IsValid and as long as your are hosting ASP.NET in IIS, this should be always true (IIS rejects invalid/untrusted client certs).
The returned HttpClientCertificate object is not of great use, but you can use it to turn it into a X509Certificate2 class – which has all the power of the new PKCS implementation in .NET 2.0.
X509Certificate2 cert =
Now you can use the certificate to encrypt some data…
ContentInfo content =
CmsRecipient recipient = new CmsRecipient(cert);
EnvelopedCms env = new EnvelopedCms(content);
…or pull out the subject or UPN:
string subject = Request.ClientCertificate.Subject;
string upn = cert.GetNameInfo(X509NameType.UpnName, false);