Client digital certificates are compared with basic authentication, digest authentication for domain servers, integrated Windows authentication, or custom form authentication, although the deployment and management aspects are slightly more complex, the security is also better, and the application is also more flexible.
It is very easy to process and recognize client digital certificates in ASP and ASP. NET. The Code is as follows:
ASP (VBScript) Syntax:
Dim subject
Subject = request. servervariables ("cert_subject ")
Or
Subject = request. clientcertifate ("subject") '-- applicable to subject certificates without Chinese Characters
ASP. NET (C #) Syntax:
String subject;
Httpclientcertificate HCC = request. clientcertificate;
If (HCC. isvalid) = HCC. subject;
The obtained subject string is a list of subfields separated by commas. For example, c = Cn, O = BOC, Cn = Moslem, and then separate the strings to obtain the final CN value (maybe more than one CN). This value is the user's common name, that is, "regular name", which is generally the user's name or ID.
After obtaining the CN in the digital certificate, you can further process it, such as authorizing the user. In my opinion, one of the most effective ways is to enable digital certificate and form authentication at the same time on the client. You can perform multi-factor authentication by comparing the value of the user name entered in CN and form.
ASP. NET provides a dedicated httpclientcertificate class for processing client digital certificates, which makes processing in programs more convenient.