use same client certificate in two frame

am 23.05.2007 16:38:03 von ginnone

Let's suppose we're trying to access this page:
https://www.test.com/index.aspx
The user has to select a Valid Client Certificate (IIS option is
"Require Client Certificate").
Everything is fine.
The page contains one link to "index2.aspx", which consists of two
frames.
One frame's src is "index3.aspx", and the other is "https://
www.newtest.com/newindex.aspx", which means two different DNS, both
SSL secured, and both with the IIS option "Require Client
Certificate".
While loading "index2.aspx", the user can view the frame with
"index3.aspx", as it is in the same path of "index.aspx", for which
the user has already chosen his Certificate.
The problem is that to view the frame with "newindex.aspx", the user
is asked again to choose a certificate, as this page is in a different
path with a different DNS.
Is there a way to avoid the Browser to display the Certificate Dialog
for two times? Some IIS option, or maybe a programmatic way to pass
the certificate from one frame to another?

Re: use same client certificate in two frame

am 23.05.2007 22:56:15 von David Wang

What you are asking is not possible with standard HTTP browser/server
and actually has nothing to do with IIS.

I think you have a misunderstanding of how HTTP browser/server work.

The server actually has no idea of the "frames" that you are talking
about. The browser also has no idea that choice of client certificate
for URL1 should also apply for URL2. And you have no programmatic/
configuration control over any of it. Standard security protocols do
not work like that. Custom Authentication protocols may work like
that, but it is not secure.

For example, you may be thinking that the server tell the client "hey,
you trusted URL1 with this certificate, so do the same thing with URL2
and don't pop up the user dialog", but that logic is not secure. Why
should the client trust what the server tells it to do, especially
without user consent? If things worked like that, then the server
would also be able to ask the client to send over all its passwords
without user consent -- it's the same sort of action.

I suspect you are trying to stitch together a seamless user experience
with single sign-on/authorization, but security realities prevent that
from ever happening. Generic browsers/servers simply do not support
the notions you want.

//David
http://w3-4u.blogspot.com
http://blogs.msdn.com/David.Wang
//

On May 23, 7:38 am, ginn...@gmail.com wrote:
> Let's suppose we're trying to access this page:https://www.test.com/index.aspx
> The user has to select a Valid Client Certificate (IIS option is
> "Require Client Certificate").
> Everything is fine.
> The page contains one link to "index2.aspx", which consists of two
> frames.
> One frame's src is "index3.aspx", and the other is "https://www.newtest.com/newindex.aspx", which means two different DNS, both
> SSL secured, and both with the IIS option "Require Client
> Certificate".
> While loading "index2.aspx", the user can view the frame with
> "index3.aspx", as it is in the same path of "index.aspx", for which
> the user has already chosen his Certificate.
> The problem is that to view the frame with "newindex.aspx", the user
> is asked again to choose a certificate, as this page is in a different
> path with a different DNS.
> Is there a way to avoid the Browser to display the Certificate Dialog
> for two times? Some IIS option, or maybe a programmatic way to pass
> the certificate from one frame to another?

Re: use same client certificate in two frame

am 23.05.2007 23:18:44 von David Wang

Re: use same client certificate in two frame

am 23.05.2007 23:19:15 von David Wang

Re: use same client certificate in two frame

am 23.05.2007 23:19:40 von David Wang