Submit My Question - Recent Questions - Recent Answer
Msdn Tech >> Windows Live Developer Forums >> Windows Live Data Development

Mutual SSL Authentication

I am trying to setup access to Live Contacts using mutual SSL authentication as I don't want to have to store the domainauthtoken for each user. I have installed a valid certificate on my site but I'm unsure of the steps I need to take to configure IIS and the code I need to associate the certificate with the request. Can anyone on the dev team help please? The documentation on MSDN doesnt explain how to set it up.

Thanks

Richard

[462 byte] By [RichieBoy] at [2008-2-22]
«« Implementing Globalization for Windows smart client desktop application
»» How to make PC move in TicTacToe best possible move?
# 1

Hello, Richard:

I am assuming you are using the .NET platform. In order to send a client certificate you must first add the certificate and the corresponding private key to a certificate store on the client computer. You can then use the .NET framework to open the certificate store, read the certificate and attach it to an HTTPS request to our servers.

Here is some code (untested) that can read a certificate from a store:

Code Snippet

publicstaticbool GetCertFromStore(string certStoreName, StoreLocation storeLocation,

OpenFlags openFlags, string certThumbprint, outX509Certificate2 targetCert)

{

targetCert = null;

X509Store store = null;

try

{

store = newX509Store(certStoreName, storeLocation);

store.Open(openFlags);

foreach (X509Certificate2 cert in store.Certificates)

if (0 == string.Compare(certThumbprint, cert.Thumbprint, true))

{

targetCert = cert;

break;

}

}

catch (Exception ex)

{

/* log it */

}

finally

{

if (null != store)

store.Close();

}

returnnull != targetCert;

}

Adding a certificate to an HTTPS request is as simple as:

Code Snippet

((HttpWebRequest)request).ClientCertificates.Add(certificate);

Having said all this, due to a problem in http.sys/schannel.dll in Win2003 (the OS we deploy our software on), mutual TLS may or may not work for you (it depends on which certification authorities you are using). We are working actively with the OS people to resolve the issue and we hope that we will have it resolved in our next release.

Bill

BillZissimopoulos(MSFT) at 2007-10-11 > top of Msdn Tech,Windows Live Developer Forums,Windows Live Data Development...
Windows Live Developer Forums
Windows Live Data Development

Windows Live Developer Forums Hot Topic

Windows Live Developer Forums New Topic

Windows Live Developer Forums

Java / MSDN / Linux Tech / PHP Tech / MSDN DotNet / MSDN TECH / Health Library / Programmers Tech / visual basic Tech / Developer Tech / Ipod faqs / Msdn China Tech

Site Classified