配置“卡西尼号” (ASP.NET 开发服务器)用于 CAC 卡的测试 - 如何?

发布于 2024-07-11 11:51:30 字数 587 浏览 12 评论 0原文

我正在开发一个新网站(ASP.Net、VB 代码隐藏页面、.Net 3.5)来替换“经典 ASP”网站。

一些页面是“公共”的,其余页面需要身份验证 - 在这种情况下,这是通过键盘读取国防部颁发的 CAC 卡来完成的。

现在,对于“生产”,他们配置 IIS,以便在访问某个目录(在本例中为 /secure)时执行身份验证质询(读取卡并请求 PIN),以便该树中的所有页面都受到保护。

我现在需要查看卡片上的一些信息 - 但是当我“F5”我正在开发的网站时,所有 Request.Clientcertificate 内容都是空的 - 没有发生“挑战” Cassini ASP.Net 开发服务器。

我看到“配置 IIS 以将 SSL 放在目标目录上”的引用 - 但我没有在这台开发 PC 上运行 IIS(很快就会遇到这种情况的其他开发人员也不是)。 当站点最终复制到生产中时,网络支持人员将执行此操作,但我现在需要测试某些安全功能。

如何配置VS2008附带的服务器来读取CAC卡并“加载”我需要查询的服务器/会话变量? 或者,我可以在 .aspx 或 .aspx.vb 页面本身中放入一些可以模拟或触发安全挑战的内容吗?

提前致谢。

I'm developing a new website (ASP.Net, VB codebehind pages, .Net 3.5) to replace a "Classic ASP" site.

Some of the pages are 'public' and the rest require authentication - in this case it's done by reading DoD-issued CAC cards through the keyboard.

Now, for 'production', they configure IIS so that it does the authentication challenge (reading the card and requesting a PIN) when it hits a certain directory (/secure in this case) so that all pages in that tree are secured.

I'm coming ot the point where I need to see some of the information fomr the card - but when I "F5" the website I'm developing, all the Request.Clientcertificate stuff is empty - there's no 'challenge' happening with the Cassini ASP.Net development server.

I see references to "configure IIS to put SSL on the target directory" - but I'm not running IIS on this development PC (nor is the other developer who's going to run into this shortly). The network support people will be doing this when the site is eventually copied into production but I need to test certain security features now.

How can I configure the server that came with VS2008 to read the CAC card and 'load up' the server/session variables that I need to query? Alternatively, is there anything I can put into the .aspx or .aspx.vb pages themselves that can simulate or trigger the security challenge?

Thanks in advance.

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(2

箹锭⒈辈孓 2024-07-18 11:51:30

简短的回答。 卡西尼号不支持这种安全性。

Short answer. Cassini doesn't support that kind of security.

初吻给了烟 2024-07-18 11:51:30

我希望你现在找到了解决方案......但为了以防万一,我会告诉你我做了类似的开发,并且遇到了同样的问题。 我发现的唯一“解决方案”是简单地将网站/网页发布到配置有 IIS 的服务器,要求客户端证书等...

当然,这确实会阻止您使用 Visual Studio 中的“调试”功能,但有始终是将调试语句注入代码的方法[例如:response.write(),如果需要,后跟response.end()]...我还构建了一个页面我用于枚举 request.clientcertificate() 中可用的所有字符串,甚至后来将其扩展为运行提供的正则表达式来搜索整个证书...

希望这些想法有用!

I would hope you found a solution to this by now... but just in case, I will tell you that I do similar development and I ran into the same problem. The only "solution" I found was to simply publish the website/webpage to a server with IIS configured to require client certificates, etc...

Of course, this does prevent you from using the "debug" feature in Visual Studio, but there is always the method of injecting debug statements into code [e.g.: response.write() followed by response.end() if necessary]... I also built a page I used for enumerating all the strings available from request.clientcertificate(), and even later expanded it to run a provided regex for searching the entire certificate...

Hope those ideas prove useful!

~没有更多了~
我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
原文