2

I have a web site that uses a CAC client certificate, which is functioning like it should.

The problem is, there's a requirement that the site regurgitate a message warning that it's a US Government system (etc.), which has to show up BEFORE the person logs on. Currently, the server won't say anything to you until after you either authenticate or fail to authenticate.

Does anyone know how to put up a message before asking the user for their CAC PIN and attempting to authenticate them?

I've searched the 'net and haven't found a solution to this issue, which surprises me as I'm sure people have needed to do it before... Searching for IIS and login banner gets stuff about how to add banner ads, etc. Every other combination of search terms I tried seemed to lean toward client side CAC configuration.

Any assistance would be GREATLY appreciated!

HopelessN00b
  • 53,795
  • 33
  • 135
  • 209
tjobrien21
  • 21
  • 1
  • 1
    I'm having trouble figuring out the problem you're running into. Use a landing page or set the warning you have to regurgitate as the default site page. Provide a link or whatever ("click here to accept", "OK" button, etc.) that leads to the login page, or even separate the two into different IIS sites. (One for the warning, one for the CAC-protected site). No? – HopelessN00b Feb 13 '15 at 22:45

1 Answers1

1

Your CaC authentication request will be executed once the SSL page is requested. The way I would consider implementing this type of behavior would be to have a virtual directory which does not force SSL (DoD PKI) on the log-in button (or link); use non SSL splash screen with the verbiage, then redirect via Jquery/javascript (if allowed) after acknowledgement.

Like this: JSfiddle

Fergus
  • 1,313
  • 9
  • 19