0

I have an ASP.NET webpage that reads a user's CAC card. When publishing to a test server, it works fine; however, in my local development environment with IIS Express I get empty strings when using Request.ServerVariables("CERT_SUBJECT"). I AM able to retrieve the "LOGON_USER" variable, but the "CERT_*" are all empty strings.

Currently my project settings contain

Anonymous Authentication = false
Windows Authentication = true
SSL Enabled = true   // Created the default IIS express cert.  Have also tried false with no luck

In addition, I have also attempted to modify the applicationhost.config like so

<security>

    <access sslFlags="SslRequireCert"> <!-- originally none -->

</security>

<authentication>

    <anonymousAuthentication enabled="false" userName="" /> <!--originally true-->

    <basicAuthentication enabled="false" />

    <clientCertificateMappingAuthentication enabled="false" />

    <digestAuthentication enabled="false" />

    <iisClientCertificateMappingAuthentication enabled="true"> <!--originally false-->
    </iisClientCertificateMappingAuthentication>

    <windowsAuthentication enabled="true"> <!--originally false-->
        <providers>
            <add value="Negotiate" />
            <add value="NTLM" />
        </providers>
    </windowsAuthentication>

</authentication>

Any thoughts on further configurations I need to make to allow my development environment to see these variables during debugging? Thanks.

Carlos Mendieta
  • 860
  • 16
  • 41

1 Answers1

0

The following settings turned out to be correct. The project properties should be set to

Anonymous Authentication = false
Windows Authentication = true
SSL Enabled = true

and the applicationhost.config like so

<access sslFlags="Ssl,SslNegotiateCert,SslRequireCert"> <!-- originally none -->

<anonymousAuthentication enabled="false" userName="" /> <!--originally true-->

<basicAuthentication enabled="false" />

<clientCertificateMappingAuthentication enabled="false" />

<digestAuthentication enabled="false" />

<iisClientCertificateMappingAuthentication enabled="true"> <!--originally false-->
</iisClientCertificateMappingAuthentication>

<windowsAuthentication enabled="true"> <!--originally false-->
    <providers>
        <add value="Negotiate" />
        <add value="NTLM" />
    </providers>
</windowsAuthentication>

In addition, in the project settings under the web tab, click the Create Virtual Directory button.

Finally, look at the project properties. There is a setting called Ssl URL. Copy that. When debugging, unless you have your project to start up in SSL mode it will start up with a regular http address and render an access forbidden error. Paste the Ssl URL in the browser and hit enter. The page will now prompt you for your CAC password and you'll be able to view the CERT server variables using Request.ServerVariables.

Carlos Mendieta
  • 860
  • 16
  • 41