Using Client Certificates in ASP.NET

If you use SSL with client certificates, there are a number of interesting things you can do with the certificates in your ASP.NET application, e.g.

  • do authentication/authorization based on certificate properties
  • extract the UPN (if it is a Windows enterprise CA certificate) and use it for Protocol Transition
  • encrypt data with the user’s public key

ASP.NET puts a client certificate in the HttpResponse.ClientCertificate property. You can check for availability using the IsPresent property. Another property is called IsValid and as long as your are hosting ASP.NET in IIS, this should be always true (IIS rejects invalid/untrusted client certs).

The returned HttpClientCertificate object is not of great use, but you can use it to turn it into a X509Certificate2 class – which has all the power of the new PKCS implementation in .NET 2.0.

X509Certificate2 cert =
new X509Certificate2(Request.ClientCertificate.Certificate);

Now you can use the certificate to encrypt some data…

ContentInfo content =

  new ContentInfo(Encoding.UTF8.GetBytes(_txtInput.Text));

CmsRecipient recipient = new CmsRecipient(cert);

EnvelopedCms env = new EnvelopedCms(content);



…or pull out the subject or UPN:

string subject = Request.ClientCertificate.Subject;

string upn = cert.GetNameInfo(X509NameType.UpnName, false);


This entry was posted in Uncategorized. Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s