Smart Card Authentication with ASP.NET

Question

What are the steps required to get smart-cards authentication working in ASP.net?

Smart-card reader is installed and works properly on the client's machine
user navigates to Login.aspx page and is prompted to swipe his access card
how do i authenticate the user

thanks.

What's the Make & Model of your smart card reader? Can't even begin to help without this. — Jaimal Chohan, May 08 '12 at 10:01
ACR 122 U from ACS it's a windows plug and play device. i am able to access it from vb.net windows and console applications. — Charles Okwuagwu, May 08 '12 at 10:04

score 6 · Accepted Answer · answered May 11 '12 at 19:51

6

The only way that I know to access a hardware device on a client machine through ASP.Net is by writing an ActiveX control. Doing this will render the site useless to anyone not running Internet Explorer. Based on my experience, you can say that IE is your standard, but there will be people attempting to use other browsers. And that's fine as long as you have the support of your App Admin team to say, "Sorry, use IE or don't use it at all".

answered May 11 '12 at 19:51

TimWagaman

980
1
10
31

2

I've just written an activeX control for this. I will also investigate doing plugins for chrome & fire fox. – Charles Okwuagwu May 12 '12 at 07:08
1

Could you please explain more about the ActiveX you've written? If you're interested, you can start an open source project and people will help to write chrome/firefox/etc. plugins. – Saber Jan 26 '13 at 07:16

score 1 · Answer 2 · answered May 08 '12 at 10:10

Assuming you already know how to access the Smart Card reader's API, and you can successfully read and decode that data, your next step is Authenticating that data.

Again, you haven't given me any information here, so I'll assume that you have a database, against which you will need to validate the data you got from the smart card.

If the above returns true then it's simply a case of calling FormsAuthentication.RedirectFromLoginPage, or if you want a more granular control of the Authentication Cookie, then you can create your own FormsAuthenticationTicket

hi Jaimal, are you saying that i don't need to configure anything special on IIS? Also, how will the asp.net web application access the data from the smart card? that's the main issue — Charles Okwuagwu, May 08 '12 at 10:15

score 0 · Answer 3 · answered May 16 '12 at 11:05

0

If this is a plug and play device and your clients are part of an AD domain then by simply enabling windows authentication allows you to enable smart card authentication without needing to resort to custom ActiveX controls and browser plugins.

A couple of pointers in that direction:

answered May 16 '12 at 11:05

Anastasiosyal

6,494
6
34
40

the clients are not on an AD domain – Charles Okwuagwu May 16 '12 at 15:06

Smart Card Authentication with ASP.NET

3 Answers3