Click here to Skip to main content
15,921,028 members
Please Sign up or sign in to vote.
1.00/5 (1 vote)
Using visual studio 2022 and IIS Express to write and modify a lot of code that requests a user to select a certificate. Using IIS Express works perfectly but when I run the site from within IIS manager the website does not prompt for the certificate. I currently have forms and Anonymous authentication enabled. I can turn on "Require SSL" in the SSL settings but this has nothing to do with my code and will not populate the box on the web form that will hold the selected certificate.

Any ideas on getting this to work with the Local IIS?

code that prompts for the certificate:
C#
public static X509Certificate2 GetClientCertificate()
        {
            IntPtr ptr = IntPtr.Zero;
            X509Certificate2 certificate = null;

            var store = new X509Store(StoreName.My, StoreLocation.CurrentUser);
            try
            {
                store.Open(OpenFlags.ReadOnly | OpenFlags.OpenExistingOnly);

                if (store.Certificates != null && store.Certificates.Count > 0)
                {
                    if (store.Certificates.Count == 1)
                    {

                        certificate = store.Certificates[0];

                    }
                    else
                    {

                        var certificates = X509Certificate2UI.SelectFromCollection(store.Certificates, "Digital Certificates", "Select a certificate from the following list:", X509SelectionFlag.SingleSelection, ptr);

                        

                        if (certificates != null && certificates.Count > 0)
                            certificate = certificates[0];


                    }
                }
            }
            finally
            {
                store.Close();
            }

            return certificate;

        }
    }
}


the results of this certificate selection is hashed and stored in a dropdownlistbox until it is stored in a sql database.

What I have tried:

I have made various setting changes within the IIS manager but it does not produce the desired result. not sure if there is something I should change within the IIS Manager "Session State" (mode settings or cookie settings) or some other settings. I have looked in the IIS Logs and see aspxautodetectcookiesupport lines but I dont see any "crumbs" that would point to any specific thing I can test.

Of course if I could capture the certificate request that IIS makes when enabling the "require SSL" setting in IIS then I could use that instead of the code above, but not sure how to capture that certificate request.
Posted
Updated 17-Feb-22 5:36am
v6

1 solution

Your code is running on the server. You are displaying a prompt on the server, where nobody will ever see it, to select a certificate from the server's local certificate store.

It might appear to work when you debug it in IIS Express. But that's only because, in that specific case, the server and client are the same machine.

When you deploy to IIS, in the best case scenario your code will fail with an exception telling you that you cannot display UI from a non-interactive session. In the worst case, the UI will pop up on the server, and your code will hang waiting for an administrator to log in to your server and acknowledge the hundreds of "select a cert" requests you've flooded the system with.

You can configure your site to use client certificate authentication[^]. But you cannot run C# code on the client, and you cannot access the user's certificate store from Javascript.
 
Share this answer
 

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)



CodeProject, 20 Bay Street, 11th Floor Toronto, Ontario, Canada M5J 2N8 +1 (416) 849-8900