Encapsulate the CAPICOM call code into ActiveX -- solve the security issue that IE prompts when JavaScript calls CAPICOM to read the digital certificate information

Source: Internet
Author: User

1. How to Use Capicom to read a digital certificate

I. Using javascript:

<object id="oCAPICOM" codebase="http://download.microsoft.com/download/E/1/8/E18ED994-8005-4377-A7D7-0A8E13025B94/capicom.cab#version=2,0,0,3"classid="clsid:A996E48C-D3DC-4244-89F7-AFA33EC60679"></object>

<Script language = "javascript">
Var CAPICOM_CURRENT_USER_STORE = 2
Var CAPICOM_STORE_OPEN_READ_WRITE = 1

Function auto_run (){
Var CertSubject;
Var CertSerial;
Var oSignerCert;
Var oSelects;
Var oSignerCert;

Var st = new ActiveXObject ("CAPICOM. Store ");
Var Certificate = new ActiveXObject ("CAPICOM. Certificate ");

St. open (CAPICOM_CURRENT_USER_STORE, "my", CAPICOM_STORE_OPEN_READ_WRITE );

If (st. Certificates. Count = 1 ){
OSignerCert = st. Certificates (1 );
}
Else {
OSelects = new ActiveXObject ("CAPICOM. Certificates ");
OSelects = st. Certificates. Select ();
OSignerCert = oSelects (1 );
}

Document. all. text1.value = oSignerCert. Getinfo (6 );
Document. all. text2.value = oSignerCert. SerialNumber;

}

</Script>

Other references: http://www.yyable.com/zll? P = 37

Http://blog.csdn.net/PKI_CA/article/details/2340261
 

Ii. use Cryptography Objects:

See http://msdn.microsoft.com/en-us/library/aa380254 (v = VS.85). aspx

Http://msdn.microsoft.com/en-us/library/ms867087

SDK download: http://www.microsoft.com/download/en/details.aspx? Displaylang = en & id = 25281

Note the MSDN prompt. The original text is as follows:

Requirements

Redistributable

CAPICOM 2.0 or later on Windows Server 2003, Windows XP, Windows 2000 Server with SP3 and later, and Windows 2000 Professional with SP3 and later

DLL

Capicom. dll

2. problems encountered when reading the serial number of a digital certificate

1. Solve the security prompt in the browser:

As stated in the title, when using JS to call Capicom, a security prompt is displayed for IE. The original MSDN text is explained as follows:

ImportantWhen this method is called from a web script, the script needs to access digital certificates on the local computer. if you allow the script to access your digital certificates, the website from which the script is run will also gain access to any personal information stored in the certificates. the first time this method is called from a participating domain, a dialog box is generated in which the user must indicate whether access to the certificates shoshould be allowed. stores opened from a web script automatically force the CAPICOM_STORE_OPEN_EXISTING_ONLY flag.

One solution I have come up with is to write an ActiveX program in C #, and then use a script to call this ActiveX open method to read the information of the digital certificate, in this way, the browser security check is skipped. The actual verification successfully solved the problem of pop-up security prompt for IE.

My ActiveX function is to read the serial number and expiration time of the USB key digital certificate (use the getChainFromStore method in the SDK to obtain the certificate strength, find the specified certificate, and then read the required information ), the code will not be pasted out. (Project Metadata refers to capicom, which is registered using the regsvr32.exe Capicom. dll command if it is not found)

For more information about how to use. NET to develop Activex controls, see my other article (including source code download): ActiveX printing Control Implemented by C #.

Emphasize two points: 1. After selecting "register for com inerop" in the "generate" item of ActiveX project properties, local debugging will automatically register the control (windows7 needs to run the project as an administrator ). You can use oleview. EXE in Microsoft Visual Studio 8 \ common7 \ tools \ bin to check whether the registration is successful (take 2005 as an example ).

2. In the ActiveX Control Project referenced in the Installation File project or its DLL file attributes, the Register must be set to "vsdrpcom ".

2. Solve the problem that ActiveX control developed by C # Or ActiveX with the. ocx extension developed by C ++ cannot be successfully installed in IE. You need to reduce the browser permission or the installation fails.

This is related to IE certificate check. One solution is to create an ActiveX Installation File instead of A. dat package.

C # When developing ActiveX, you only need to pay attention to the attribute settings I mentioned above. Here CAPICOM is used, and you have to write the installation file to register CAPICOM.

For ActiveX controls with the. ocx extension, you need to write a program to automatically register them. The command used is regsvr32.exe/s youfilename. ocx.

The effect achieved by/s here is that the registration success or failure prompt is not displayed.

Use the program to register ActiveX controls with the. ocx extension:

/// <Summary>
/// Copy the file to the system installation path
/// </Summary>
/// <Param name = "FILENAME"> file name </param>
Private void addresourcefile (string filename)
{
Try
{
If (! File. exists (environment. getfolderpath (environment. specialfolder. System) + "\" + filename) // create a file if the file does not exist
{
Assembly ASM = assembly. getexecutingassembly ();

Using (Stream stream = ASM. getmanifestresourcestream ("installactivex." + filename) // the file has been added to the project as an "embedded resource file ".
{
Int len = (int) stream. Length;
Byte [] byts = new byte [len];

Stream. Read (byts, 0, len );
Stream. Close ();

Using (FileStream fs = new FileStream (Environment. GetFolderPath (Environment. SpecialFolder. System) + "\" + fileName, FileMode. Create ))
{
Fs. Write (byts, 0, len );
}
}
}
}
Catch (Exception ex)
{
MessageBox. Show (ex. Message + "in" + ex. StackTrace );
}
}

Class Register
{
/// <Summary>
/// Register the control using regsvr
/// </Summary>
/// <Param name = "strdll"> file name </param>
Public void registerdll (string strdll)
{
Try
{
PROCESS p = new process ();
P. startinfo. filename = "regsvr32.exe ";
P. startinfo. Arguments = "" + strdll;
P. Start ();
P. Close ();
}
Catch (Exception ex)
{
MessageBox. Show (ex. Message + "in" + ex. StackTrace );
}
}
}

Usage:

AddResourceFile ("youfilename. ocx"); // copy the file first

Register r = new Register ();
R. RegisterDll ("/s youfilename. ocx"); // register ocx

To run this program during installation, you can create a new installer class and add the class library to the "Install" folder in "Custom operations.

During the Add process, right-click the Installation File Project and choose View> Custom operations ".

Iii. How to package. Net Framework to the Installation File

Settings:

In the properties of the Installation File Project, click "system essential" settings.

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.