0

I have a service-oriented webapp that uses IIS 8.5 and client certificate authentication via smartcard. The statically served front-end calls multiple services via AJAX. The smartcards with the certificates are protected with a PIN. When using Chrome, Firefox, etc. the PIN prompt appears once and is seemingly cached for subsequent use.

However, we need to embed the webapp inside a Windows 10 .NET desktop application using cefsharp. The webapp works, but the user is requested to enter their PIN constantly, once per service is seems, and then shortly after some timeout again, for (I think) each service.

I don't know where to begin to know if it's possible to implement caching with cefsharp. From what I read this data should have been cached by Windows, but it doesn't look like this is the case or the embedded chromium is confusing the caching strategy.

Is smartcard PIN caching something that can be done with cefsharp (or IIS, or even the client's Windows machine if we must)?

Nick
  • 4,901
  • 40
  • 61
  • Better to ask on https://magpcss.org/ceforum/index.php likely changes would need to be made in `CEF`. – amaitland Feb 12 '20 at 02:55
  • Look at [this answer](https://stackoverflow.com/a/9263726/1435475) to a similar question for pitfalls. – guidot Feb 12 '20 at 13:22

1 Answers1

1

With Gemalto, you need to change the sleep time for the smartcard (registry action for EACH CLIENT):

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\calais
“CardDisconnectPowerDownDelay”= dword:xxh Type: REG_DWORD Value: xx is the delay period in seconds.

In our case we have set this to 180 seconds, and works fine for us (75000 cards deployed)

Daniel Szabo
  • 11
  • 1