Digital Certificate Login

#native_company# #native_desc#

#native_cta#

This site is best viewed in a modern browser with JavaScript enabled.

gustavoaspnet

Hi everyone!

I need to discover the technology that was used in the web site below to implement the digital certificate login:

https://www.fazenda.sp.gov.br/DEC/UCLogin/login.aspx

(on the site, click the digital certificate image then the site authenticates you using your plugged in smart card or cipher token)

I presume it is not CAPICOM, since I don't have it installed and I were able to try the login...

Could anyone, please give me a clue? Basically, it is web application that access the digital certificate store... Anyone knows how to do it?

Thanxs in advance!
:o

Ribeyed

Hi,

I can't understand the site but I think I get what your looking for. I don't know of out of the box solution but then I've not googled it. I asume your planning to build it yourself then?

Not sure what type of device your cipher toekn is but bellow is a link to integrating a smart card to your program.

http://www.codeproject.com/KB/smart/smartcardapi.aspx

I guess they encrypt a file on your device when you register, then decrypt and read that file to validate you when you click the image.

regards

Ribs

gustavoaspnet

Thanks for the answer Ribeyed!

Since you pointed this API, I've read about it and i think it seems to work for a lower level solution... Maybe there is a solution that uses this API to deliver more abstract functions, the ones that I need... (sorry for the bad english )

Let me explain better..

I'm using this code inside a console application to read my digital certificate (smart card)

public static X509Certificate2 GetCertificate()
{

        X509Store st = new X509Store(StoreName.My, StoreLocation.LocalMachine);
        st.Open(OpenFlags.ReadOnly);
        X509Certificate2Collection col = st.Certificates;
        X509Certificate2 card = null;
        X509Certificate2Collection sel = X509Certificate2UI.SelectFromCollection(col, "Certificates", "Select one to sign", X509SelectionFlag.SingleSelection);
        if (sel.Count > 0)
        {
            X509Certificate2Enumerator en = sel.GetEnumerator();
            en.MoveNext();
            card = en.Current;
        }
        st.Close();
        return card;
    }

This code works fine in the case of console applications... But what I need is to use it inside a .NET Web Application, what means that this code should ask for the digital certificate of the client, and after some googling, I got the conclusion that this library doesn´t apply to such scenario (client server architecture)...

If I execute this code I get a exception thrown by the method X509Certificate2UI.SelectFromCollection. (session is not interactive)

So, I found this similar web site (the one from the link above) which ask for a digital certificate, exactly the way I wan't (it seems to look at the certificate store of Windows)... Then I thought maybe someone knows the technology applyed there...

Any other clues? (other than CAPICOM + javascript)?

Thanx so much!

Ribeyed;1161765 wrote:
Hi,

I can't understand the site but I think I get what your looking for. I don't know of out of the box solution but then I've not googled it. I asume your planning to build it yourself then?

Not sure what type of device your cipher toekn is but bellow is a link to integrating a smart card to your program.

http://www.codeproject.com/KB/smart/smartcardapi.aspx

I guess they encrypt a file on your device when you register, then decrypt and read that file to validate you when you click the image.

regards

Ribs

Ribeyed

Hi,

Have a look over this article http://securitythroughabsurdity.com/2007/04/implementing-smart-card-authentication.html its Implementing Smart Card Authentication with ASP.NET - Introduction, maybe be closer to what your needing. I think the above would be for a win forms app.

regards

Ribs

gustavoaspnet

That's what I'm talking about, Ribeyed, thanks very much!

Did a first successful test, now i'll look for crl/ocsp...

thanx again

Ribeyed;1162003 wrote:
Hi,

Have a look over this article http://securitythroughabsurdity.com/2007/04/implementing-smart-card-authentication.html its Implementing Smart Card Authentication with ASP.NET - Introduction, maybe be closer to what your needing. I think the above would be for a win forms app.

regards

Ribs

Ribeyed

Hi,

no worries here is a solution for c#.net using ocsp verification:

http://bouncy-castle.1462172.n4.nabble.com/c-ocsp-verification-td3160243.html

give that try

P.s

Since posting I had a look at that forum its very interesting for this sort of thing. Maybe a look through there you will find all you answers.

http://bouncy-castle.1462172.n4.nabble.com/

regards

Ribs

gustavoaspnet

Thanks again Ribeyed! I'll try the code then I post a feedback here... (and probably more questions... )

Ribeyed;1162164 wrote:
Hi,

no worries here is a solution for c#.net using ocsp verification:

http://bouncy-castle.1462172.n4.nabble.com/c-ocsp-verification-td3160243.html

give that try

P.s

Since posting I had a look at that forum its very interesting for this sort of thing. Maybe a look through there you will find all you answers.

http://bouncy-castle.1462172.n4.nabble.com/

regards

Ribs

Homero

Olá Gustavo

Você consegui implementar essa solução para login a partir de um certificado digital, como na página da Fazenda? Em caso positivo, poderia me enviar um exemplo, ou uma sugestão de modelo?

Qualquer ajuda é bem-vinda.:-)

Um abraço.

Homero

Hello Gustavo

You could implement this solution to login from a digital certificate, such as the page's Fazenda? If so, could you send me an example or a hint?

Any help is welcome. :-)

Tanks.

Homero

lokeshssnghl

Hello sir

I a facing same problem as you.

Please can you share me your code to resolve this problem if you can???

i required it very urgently.

Please reply me on lokesh.snghl@gmail.com as well as here.

I will be very thankful your

gustavoaspnet;1161922 wrote:
Thanks for the answer Ribeyed!

Since you pointed this API, I've read about it and i think it seems to work for a lower level solution... Maybe there is a solution that uses this API to deliver more abstract functions, the ones that I need... (sorry for the bad english )

Let me explain better..

I'm using this code inside a console application to read my digital certificate (smart card)

public static X509Certificate2 GetCertificate()
{
        X509Store st = new X509Store(StoreName.My, StoreLocation.LocalMachine);
        st.Open(OpenFlags.ReadOnly);
        X509Certificate2Collection col = st.Certificates;
        X509Certificate2 card = null;
        X509Certificate2Collection sel = X509Certificate2UI.SelectFromCollection(col, "Certificates", "Select one to sign", X509SelectionFlag.SingleSelection);
        if (sel.Count > 0)
        {
            X509Certificate2Enumerator en = sel.GetEnumerator();
            en.MoveNext();
            card = en.Current;
        }
        st.Close();
        return card;
    }
This code works fine in the case of console applications... But what I need is to use it inside a .NET Web Application, what means that this code should ask for the digital certificate of the client, and after some googling, I got the conclusion that this library doesn´t apply to such scenario (client server architecture)...

If I execute this code I get a exception thrown by the method X509Certificate2UI.SelectFromCollection. (session is not interactive)

So, I found this similar web site (the one from the link above) which ask for a digital certificate, exactly the way I wan't (it seems to look at the certificate store of Windows)... Then I thought maybe someone knows the technology applyed there...

Any other clues? (other than CAPICOM + javascript)?

Thanx so much!