session on IIS?

Asked Oct 27 '11 at 16:47

Active Jan 17 '12 at 20:18

Viewed 1,277 times

I'm trying to find out if there is some sort of API or control from IIS to allow me to somehow control the SSL session like for instance close the session, or ask for re-authentication.

Bottom line i'm asking if someone know a way to manage SSL connection from C# to IIS 7, simillar to what Tomcat 7 have:

// Invalidate the SSL Session

org.apache.tomcat.util.net.SSLSessionManager mgr =
    (org.apache.tomcat.util.net.SSLSessionManager)
        request.getAttribute("javax.servlet.request.ssl_session_mgr");
mgr.invalidateSession();

With this code it's possible to shutdown the SSL connection preventing connections re-use. I've noticed that simple close http session is not enought.

Does someone know how can i do something here?

edited Jan 17 '12 at 20:18

Bruno

119,590
31
270
376

asked Oct 27 '11 at 16:47

Tomax

Btw, if there is someone interested in knowing, the firefox behave is fine with this tomcat solution, but the InternetExplorer and chrome do not behave that well. I haven't manage to understand why, but i suspect that's something to do with windows CAPI (crypto API). – Tomax Mar 01 '12 at 18:45

Is it possible to close/manage a SSL connection/session on IIS?

0 Answers0

Linked