Search Search

#1 worldwide
FREE Coding Lessons
since 1996
   THE BEST WAY to learn ASP & Asp.net!
Advertise Here!
click for details 		Credits Host:
DiscountASP.net 		Server Admin:
The "Team" 		Contact Info.
Charles M. Carroll
my Blog
[prev. Lesson]  Authenticate: Cookies by Kevin Flick
     [next Lesson]  Authenticate: Build Your Own by Kevin Flick

Authentication -- Certificate Based
written and ©1998, 99 by Kevin Flick www.flicks.com creator of Authentix

Client certificates are an advanced form of authentication, and at this time they are still very much in their infancy with respect to compatibility and ease of use.

Certificate based authentication is the way to go if :

  • you want a high degree of certainty of the identity of the users accessing your site
  • You accept the need for SSL and don't mind paying the performance penalty.
  • You already have a certificate or you don't mind paying for one and setting it up.

You won't want Certificate based authentication if :

  • The process of issuing a client certificate is too complex and intimidating for both you and your users
  • You do not want the performance hit of having all protected information exchanged via SSL

Definitions

  • SSL = secure socket layer.
  • MMC = Microsoft Management Console.

How to use Certificate based authentication

Since this technology is still maturing, be sure to have the latest version of IIS4 installed on your system.

  • Obtain a certificate from a certificate issuing authority such as Verisign or Thawte. Refer to the IIS documentation on Key Manager.
  • Select a directory you want to protect in the MMC
  • Click on the Secure Communicatations Edit button on the Directory Security property sheet and use the certificate you obtained. Select both Enable Client Certificates and Require Client Certificate
  • Enable client certificates for this resource
  • Issue client certificates for access to this resource.

There are several good references to help understand and use Client Certificate technology. Some articles that are recommended include:

  • "Internet Information Server 4.0 - Security for the Web-Enabled Enterprise" by Nick Evans in the Premier Edition of Security Advisor by Advisor.com publications, and
  • "Web Project, Digital IDs" by Jon Udell in the March Edition of Byte magazine.
  • "Issuing digital certificates with Microsoft Certificate Server" section of the IIS Security White Paper by Microsoft.
There are many worthy charities!!. But perhaps help starving children in Africa or South America AND help Charles too. a $5 tip buys him lunch at McDonalds, a $20 tip buys his kid Hitoshi a new computer game, a $39 tip buys his daughter Michiko a few nice outfits. See our donor list.