 | ||
|
| ||
| ||
|
| ||
December 1996
A Web site visitor using a browser that supports either the Secure Sockets Layer (SSL) 3.0 protocol or the Private Communications Technology (PCT1) protocol can send a client certificate to prove his or her identity. A client certificate is an encrypted number that is stored in a file on the user’s computer. The browser sends the number along with a request for an ASP page. Client certificates provide a way to secure access to a Web site; they are available from a number of certification authorities.
Note: You cannot use client certificates with Personal Web Server on Windows 95.
As an ASP application developer, you can write scripts to confirm the presence of a certificate and read certificate fields. For example, you can access the user name or company name fields from the certificate. Active Server Pages stores certificate information in the ClientCertificate collection of the Request object. For more information, see Object Reference.
Your Web server must be configured to request a client certificate; otherwise the ClientCertificate collection will be empty. By default, Internet Information Server and Peer Web Services do not request certificates. You can set up your Web server to request certificates for one or more virtual directories.
To configure your server to request a certificate:
For Internet Explorer version 3.0 and later, requesting a certificate is the same as requiring a certificate because the user cannot continue if no certificate is provided.
You can use client certificates alone or together with certificates installed on your Web server that authenticate your Web site to browsers. For more information on installing server certificates, see "Securing Your Site Against Intruders" in your Web server’s Installation and Administration Guide.
Did you find this material useful? Gripes? Compliments? Suggestions for other articles? Write us!
© 1999 Microsoft Corporation. All rights reserved. Terms of use.
Next page
Back to top