In the previous section, we saw how to set up the server so that it would request a client certificate to be supplied by visitors. Active Server Pages code can help us to interrogate the contents of these client certificates, and act upon them accordingly. This might include additional verification, or personalization of page content.
We looked briefly at the Request object's ClientCertificate collection back in Chapter 3, without really letting on where the information in it actually came from. Well, now you know. The ClientCertificate collection contains the contents of the personal digital certificate that is released by the user.
The Key parameter to the collection is the name of the certification field to retrieve. A list of all possible values for the client certificate we created is shown in the example, and the corresponding screen dump given below. The following code simply iterates through the ClientCertificate collection, placing the contents into the page:
<HTML>
<HEAD>
</HEAD>
<BODY>
SECURED DOCUMENT<br><br>
<H3>Client certificate</H3>
<% For Each key in Request.ClientCertificate
Response.Write(key & " = " &
Request.ClientCertificate(key) & "<BR>")
Next %>
</BODY>
</HTML>
When we access the page from the browser where we installed the VeriSign client certificate earlier, we get this—notice that the URL in the Address box specifies a secure communications link using https rather than http.
We can also inspect the Web server's certificate credentials while we have the page displayed. This is done by right clicking on the Web page, selecting the Properties option, and opening the Certificates tab:
A list of the main key values for this collection is given in Chapter 3. Recapping, the most interesting ones include:
| SUBJECT | A comma-separated list of fields within the certificate |
| SUBJECTCN | The Common name (i.e. users name) |
| SUBJECTOU | The Organization Unit (i.e. certificate authority) |
| VALIDUNTIL | The expiry date of certificate |
| VALIDFROM | The start date of certificate |
So we could welcome someone to our site using the following code:
<HTML>
<BODY>
Hello <% = Request.ClientCertificate("SubjectCN") %>,
Welcome to our site <P>
</BODY>
</HTML>
If the browser does not present a certificate, all the members of the collection are Empty. The usual way to test for the presence of a certificate, as we saw in Chapter 3, is to check for a Subject. If all the collection fields are empty, we get an empty string:
<% If Len(Request.ClientCertificate("Subject")) = 0 %>
You did not present a client certificate.
<% End if %>