iis security: Is there a way to determine if the certificate had a pin/password entered
prior to submitting it to a site? That is, can I tell from the server side
if the certificate is from a smart card with a pin or a soft certificate
with a password?

Thanks,
Mark

[quoted text, click to view]

Without running some code on the client - in a nutshell - no. IIS only sees
what's sent in the HTTP header.

Cheers
Ken

--
My IIS Blog: www.adOpenStatic.com/cs/blogs/ken

Hi Mark,

Just as Ken stated, at IIS server side we can only ensure the following two
points of a client certificate:

1. The client certificate is valid and has a corresponding private key for
authentication.

2. Create a Certificate Trust List(CTL) to verify if the client certificate
is issued by a Certification Authority(CA) which is recognized and trusted.
If not, deny the client access.

There is indeed no standard approach at web server side to determine if a
client certificate is from smartcard or requires password.

Please update here if you have more concern on this issue.

Thanks and have a nice weekend.

Sincerely,

WenJun Zhang

Microsoft Online Community Support

==================================================

Get notification to my posts through email? Please refer to:
http://msdn.microsoft.com/subscriptions/managednewsgroups/default.aspx#notif
ications.

Note: The MSDN Managed Newsgroup support offering is for non-urgent issues
where an initial response from the community or a Microsoft Support
Engineer within 1 business day is acceptable. Please note that each follow
up response may take approximately 2 business days as the support
professional working with you may need further investigation to reach the
most efficient resolution. The offering is not appropriate for situations
that require urgent, real-time or phone-based interactions or complex
project analysis and dump analysis issues. Issues of this nature are best
handled working with a dedicated Microsoft Support Engineer by contacting
Microsoft Customer Support Services (CSS) at:

http://msdn.microsoft.com/subscriptions/support/default.aspx.

==================================================

This posting is provided "AS IS" with no warranties, and confers no rights.