I have a client that wants to implement CAC with our website. Usually the user already has access based on the certificates assigned to them.
They want to be validated by entering their CAC pin code when they click a button to log in.
I'm using ActivClient to manage the CAC but I don't know how to have the website communicate with the card reader to have the user input the pin code and validate it.
Is this done through IIS settings or do I have to update my code to somehow communicate with the middleware?
Thanks in advance
The solution we used involved a few configuration changes to IIS as well as some code changes to use the information provided by the CAC.
In IIS (8.0), we just set the Authentication to Anonymous Authentication. In SSL Settings, we checked Require SSL and under Client Certificates, select the Require option.
After you've authenticated, depending on what information you need access to from the certificate, you can access it using this method:
X509Certificate2 certificate = new X509Certificate2(Request.ClientCertificate.Certificate);
This will give you the certificate object that contains the information that the CAC carries. You can access some of these properties by using
certificate.GetNameInfo(X509NameType.SimpleName); //X509NameType.EmailName, etc