I am trying to digitally sign information with a private key. I know how to do this on in a desktop client application with .Net, but am not sure how to do it in ASP.Net. It would be used on an intranet using IE8. If it is done via ASP.Net, I am guessing that the private key is not sent to the server when the user types in their certificate passowrd when going to the site (https, 2-way SSL), but am not sure. If there is no way to access the client private key on the server, then how can I sign something in the browser? Can I use javascript?
Edit: I guess what would be helpful to know first is if this can be done on the server or does it have to be done on the client?
Answers:
Thank you for visiting the Q&A section on Magenaut. Please note that all the answers may not help you solve the issue immediately. So please treat them as advisements. If you found the post helpful (or not), leave a comment & I’ll get back to you as soon as possible.
Method 1
The private key of the client-cert is NOT transmitted to the server.
IF you really want/need to sign something with client-cert THEN you need a client-side component… AFAIK this is not possible with javascript… there are solutions out there using Flash, Silverlight, Java Applets as part of the ASP.NET page for doing what you ask…
Making it possible to do this purely on the server-side is a sure sign for broken security (regarding the client-cert) IMHO.
All methods was sourced from stackoverflow.com or stackexchange.com, is licensed under cc by-sa 2.5, cc by-sa 3.0 and cc by-sa 4.0