Hi everyone!

I need to discover the technology that was used in the web site below to implement the digital certificate login:

:confused:

https://www.fazenda.sp.gov.br/DEC/UCLogin/login.aspx

(on the site, click the digital certificate image then the site authenticates you using your plugged in smart card or cipher token)

I presume it is not CAPICOM, since I don't have it installed and I were able to try the login...

Could anyone, please give me a clue? Basically, it is web application that access the digital certificate store... Anyone knows how to do it?


Thanxs in advance!
:o

Hi,

I can't understand the site but I think I get what your looking for. I don't know of out of the box solution but then I've not googled it. I asume your planning to build it yourself then?

Not sure what type of device your cipher toekn is but bellow is a link to integrating a smart card to your program.

http://www.codeproject.com/KB/smart/smartcardapi.aspx

I guess they encrypt a file on your device when you register, then decrypt and read that file to validate you when you click the image.

regards

Ribs

Thanks for the answer Ribeyed!

Since you pointed this API, I've read about it and i think it seems to work for a lower level solution... Maybe there is a solution that uses this API to deliver more abstract functions, the ones that I need... (sorry for the bad english :D)

Let me explain better..

I'm using this code inside a console application to read my digital certificate (smart card)

public static X509Certificate2 GetCertificate()
{


X509Store st = new X509Store(StoreName.My, StoreLocation.LocalMachine);
st.Open(OpenFlags.ReadOnly);
X509Certificate2Collection col = st.Certificates;
X509Certificate2 card = null;
X509Certificate2Collection sel = X509Certificate2UI.SelectFromCollection(col, "Certificates", "Select one to sign", X509SelectionFlag.SingleSelection);
if (sel.Count > 0)
{
X509Certificate2Enumerator en = sel.GetEnumerator();
en.MoveNext();
card = en.Current;
}
st.Close();
return card;
}


This code works fine in the case of console applications... But what I need is to use it inside a .NET Web Application, what means that this code should ask for the digital certificate of the client, and after some googling, I got the conclusion that this library doesn´t apply to such scenario (client server architecture)...

If I execute this code I get a exception thrown by the method X509Certificate2UI.SelectFromCollection. (session is not interactive)

So, I found this similar web site (the one from the link above) which ask for a digital certificate, exactly the way I wan't (it seems to look at the certificate store of Windows)... Then I thought maybe someone knows the technology applyed there...

Any other clues? (other than CAPICOM + javascript)?

Thanx so much! :)

Hi,

I can't understand the site but I think I get what your looking for. I don't know of out of the box solution but then I've not googled it. I asume your planning to build it yourself then?

Not sure what type of device your cipher toekn is but bellow is a link to integrating a smart card to your program.

http://www.codeproject.com/KB/smart/smartcardapi.aspx

I guess they encrypt a file on your device when you register, then decrypt and read that file to validate you when you click the image.

regards

Ribs

Hi,

Have a look over this article http://securitythroughabsurdity.com/2007/04/implementing-smart-card-authentication.html its Implementing Smart Card Authentication with ASP.NET - Introduction, maybe be closer to what your needing. I think the above would be for a win forms app.

regards


Ribs

That's what I'm talking about, Ribeyed, thanks very much!

Did a first successful test, now i'll look for crl/ocsp...

thanx again



Hi,

Have a look over this article http://securitythroughabsurdity.com/2007/04/implementing-smart-card-authentication.html its Implementing Smart Card Authentication with ASP.NET - Introduction, maybe be closer to what your needing. I think the above would be for a win forms app.

regards


Ribs

Hi,

no worries here is a solution for c#.net using ocsp verification:

http://bouncy-castle.1462172.n4.nabble.com/c-ocsp-verification-td3160243.html

give that try :)

P.s

Since posting I had a look at that forum its very interesting for this sort of thing. Maybe a look through there you will find all you answers.

http://bouncy-castle.1462172.n4.nabble.com/

regards

Ribs

Thanks again Ribeyed! I'll try the code then I post a feedback here... (and probably more questions... :D )


Hi,

no worries here is a solution for c#.net using ocsp verification:

http://bouncy-castle.1462172.n4.nabble.com/c-ocsp-verification-td3160243.html

give that try :)

P.s

Since posting I had a look at that forum its very interesting for this sort of thing. Maybe a look through there you will find all you answers.

http://bouncy-castle.1462172.n4.nabble.com/

regards

Ribs