please dont rip this site

ClientCertificate

The ClientCertificate collection retrieves the certification fields (specified in the X.509 standard) from the request issued by the Web browser.

If a Web browser uses the SSL3.0/PCT1 protocol (in other words, it uses a URL starting with “https://” instead of “http://”) to connect to a server and the server requests certification, the browser sends the certification fields.

If no certificate is sent, the ClientCertificate collection returns EMPTY.

Before you can use the ClientCertificate collection, you must configure your Web server to request client certificates. For more information see Using Client Certificates in the Active Server Pages Scripting Guide.

Syntax

Request.ClientCertificate( Key[SubField] )

Parameters

Key

Specifies the name of the certification field to retrieve. A client certificate consists of the following fields.

Value

Meaning

Subject

A string that contains a list of subfield values that themselves contain information about the subject of the certificate. If this value is specified without a SubField, the ClientCertificate collection returns a comma-separated list of subfields. For example: “C=US, O=Msft, …”.

Issuer

A string that contains a list of subfield values containing information about the issuer of the certificate. If this value is specified without a SubField, the ClientCertificate collection returns a comma-separated list of subfields. For example: “C=US, O=Verisign, …”.

ValidFrom

A date specifying when the certificate becomes valid. This date follows VBScript format and varies with international settings. For example: in the U.S.: 9/26/96 11:59:59 PM.

ValidUntil

A date specifying when the certificate expires.

SerialNumber

A string that contains the certification serial number as an ASCII representation of hexidecimal bytes separated by hyphens (-). For example: “04-67-F3-02”.

Certificate

A string containing the binary stream of the entire certificate content in ASN.1 format.

Flags

A set of Flags that provide additional client certificate information. The following flags may be set:

ceCertPresent - A client certificate is present.

ceUnrecognizedIssuer - The last certification in this chain is from an unknown issuer.

Note To use the preceding flags you must include the client-certificate include file in your ASP page. If you are using VBScript, include Cervbs.inc. If you are using JScript, include Cerjavas.inc. These files are installed in the \Inetpub\ASPSamp\Samples directory.

SubField

An optional parameter you can use to a retrieve an individual field in either the “Subject” or “Issuer” keys. This parameter is added to the Key parameter as a suffix. For example: “IssuerO” or “SubjectCN”. The following table lists some common SubField values.

Value

Meaning

C

Specifies the name of the country of origin.

O

Specifies the company or organization name.

OU

Specifies the name of the organizational unit.

CN

Specifies the common name of the user. (This subfield is used with the “Subject” key.)

L

Specifies a locality.

S

Specifies a state or province.

T

Specifies the title of the person or organization.

GN

Specifies a given name.

I

Specifies a set of initials.

SubField values other than those listed in the preceding table can be identified by their ASN.1 identifier. The format of the ASN.1 identifier is a list of numbers separated by a period (.). For example: “3.56.7886.34”.

Remarks

You can use an iterator to loop through the keys of the ClientCertificate collection. This is demonstrated in the following example.

<%
For Each key in Request.ClientCertificate
   Response.Write( key & ": " & Request.ClientCertificate(key) & "<BR>")
Next
%>
 

Examples

The following example uses the Subject key to test whether a client certificate has been presented.

<%
If Len(Request.ClientCertificate("Subject")) = 0
    Response.Write("No client certificate was presented")
End if
%>
 

The following example retrieves the common name of the company that issued the client certificate.

<%= Request.ClientCertificate("IssuerCN") %>
 

The following example checks the organization name of the subject of the client certification.

<% 
If (Request.ClientCertificate("SubjectO")="Msft")
   Response.Write("Good Choice!")
End if
%>
 

The following example displays the expiration date of the client certificate.

This certification will expire on 
<%= Request.ClientCertificate("ValidUntil") %>
 

The following example uses the Flags key to test whether the issuer of the certificate is known. The include statement in the first line enables this script to use the named flag ceUnrecognizedIssuer.

<!--#include file="cervbs.inc" -->
<%
   if Request.ClientCertificate("Flags") and ceUnrecognizedIssuer then
      Response.Write "Unrecognized issuer"
   end if 
%>
 

Applies To

Request Object

See Also

Cookies, Form, QueryString, ServerVariables


© Microsoft Corporation. All rights reserved.


file: /Techref/language/asp/OBJ/introbj_7.htm, 8KB, , updated: 1996/11/21 18:01, local time: 2024/11/5 19:18,
TOP NEW HELP FIND: 
3.139.105.231:LOG IN
©2024 PLEASE DON'T RIP! THIS SITE CLOSES OCT 28, 2024 SO LONG AND THANKS FOR ALL THE FISH!

 ©2024 These pages are served without commercial sponsorship. (No popup ads, etc...).Bandwidth abuse increases hosting cost forcing sponsorship or shutdown. This server aggressively defends against automated copying for any reason including offline viewing, duplication, etc... Please respect this requirement and DO NOT RIP THIS SITE. Questions?
Please DO link to this page! Digg it! / MAKE!

<A HREF="http://linistepper.com/Techref/language/asp/OBJ/introbj_7.htm"> ClientCertificate</A>

After you find an appropriate page, you are invited to your to this massmind site! (posts will be visible only to you before review) Just type a nice message (short messages are blocked as spam) in the box and press the Post button. (HTML welcomed, but not the <A tag: Instead, use the link box to link to another page. A tutorial is available Members can login to post directly, become page editors, and be credited for their posts.


Link? Put it here: 
if you want a response, please enter your email address: 
Attn spammers: All posts are reviewed before being made visible to anyone other than the poster.
Did you find what you needed?