Client digital certificates are slightly more complex to deploy and manage than Basic authentication (elementary), Digest authentication for domain servers, integrated Windows authentication, or custom Form authentication, but are more secure and more flexible in application.
It is very easy to process and identify client digital certificates in ASP and ASP.net, the code is as follows:
ASP (VBscript) syntax:
Dim subject
Subject=request.servervariables ("Cert_subject")
Or
Subject=request.clientcertifate ("subject") '--apply to subject without Chinese certificate
Asp. NET (C #) syntax:
String subject;
HttpClientCertificate HCC = request.clientcertificate;
if (HCC). IsValid) = HCC. Subject;
The resulting subject string is a comma-delimited list of child fields. For example, C=cn,o=boc,cn=moslem, and then separating the strings, takes the final CN value (possibly more than one CN), which is the user's Common name, the "General name," which is typically the user's name or ID.
The digital certificate in the CN, you can do further processing, such as the user authorization and so on. I think a more effective approach is to enable the client at the same time digital certificate and form authentication, you can compare the CN and form entered the user name of the match to achieve a multiple factor identity authentication.
In contrast, ASP.net provides a special HttpClientCertificate class for handling client digital certificates, so it is easier to handle them in a program.