数字签名在ASP.Net使用客户端证书 [英] Digitally sign using client certificate in ASP.Net
问题描述
我想数字签名使用私钥信息。我知道如何与.net桌面客户端应用程序做到这一点,但我不知道如何做到这一点在ASP.Net。它将使用IE8内部网中使用。如果通过ASP.Net完成,我猜测,当在其证书passowrd用户键入要站点时(HTTPS,2路,SSL),但我不知道的私有密钥不传送到服务器。如果没有办法访问服务器上的客户端的私钥,那么我怎么才能登录浏览器的东西吗?我可以使用JavaScript?
I am trying to digitally sign information with a private key. I know how to do this on in a desktop client application with .Net, but am not sure how to do it in ASP.Net. It would be used on an intranet using IE8. If it is done via ASP.Net, I am guessing that the private key is not sent to the server when the user types in their certificate passowrd when going to the site (https, 2-way SSL), but am not sure. If there is no way to access the client private key on the server, then how can I sign something in the browser? Can I use javascript?
编辑:我想这将是有益的第一个知道的是,如果这可以在服务器上完成或者它必须在客户端完成
I guess what would be helpful to know first is if this can be done on the server or does it have to be done on the client?
推荐答案
客户证书的私钥不被发送到服务器。
The private key of the client-cert is NOT transmitted to the server.
如果你真的想/需要签署与客户端证书的东西,那么你需要一个客户端组件......据我所知,这是不可能的JavaScript ...有解决方案在那里使用Flash,Silverlight,Java小程序的做你的要求ASP.NET页面的一部分...
IF you really want/need to sign something with client-cert THEN you need a client-side component... AFAIK this is not possible with javascript... there are solutions out there using Flash, Silverlight, Java Applets as part of the ASP.NET page for doing what you ask...
使其能够做到这一点纯粹的服务器端是的破坏的安全的(关于客户证书),恕我直言,一个明确的信号。
Making it possible to do this purely on the server-side is a sure sign for broken security (regarding the client-cert) IMHO.
这篇关于数字签名在ASP.Net使用客户端证书的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
