clientHow To: Set Up Client Certificates
J.D. Meier, Alex Mackman, Michael Dunner, and Srinath Vasireddy
Microsoft Corporation

November 2002

Microsoft® ASP.NET
Microsoft Visual Studio® .NET

See the Landing Page for a starting point and complete overview of Building Secure ASP.NET Applications.

Summary: IIS supports client certificate authentication. This How To shows you how to configure a Web application to require client certificates. It also shows you how to install a certificate on a client computer and use it when calling the Web application. (5 printed pages)

Contents
Requirements
Summary
Additional Resources

Web services often need to be able to authenticate their callers (other applications) in order to perform authorization. Client certificates provide an excellent authentication mechanism for Web services. When you use client certificates, your application also benefits from the creation of a secure channel (using Secure Sockets Layer [SSL]) between the client application and Web service. This allows you to securely send confidential information to and from the Web service. SSL ensures message integrity and confidentiality.

This How To includes step-by-step instructions to call a Web service that is configured to require client certificates.

Note The information in this How To also applies to remote components hosted by IIS.

Requirements
The following items describe the recommended hardware, software, network infrastructure, skills and knowledge, and service packs you will need.

· Microsoft® Windows® 2000 Server operating system with Service Pack 2

· Microsoft Visual Studio® .NET development system

· Access to a Certificate Authority (CA) to generate new certificates

· A Web server with an installed server certificate

For more information about installing Web server certificates, see How To: Set Up SSL on a Web Server in the Reference section of this guide.

The procedures in this How To also require that you have knowledge of ASP.NET Web development with the Microsoft Visual C#™ development tool.

Summary
This How To includes the following procedures:

1. Create a Simple Web Application

2. Configure the Web Application to Require Client Certificates

3. Request and Install a Client Certificate

4. Verify Client Certificate Operation

1. Create a Simple Web Application
To create a simple Web application

1. Start Visual Studio .NET and create a new C# ASP.NET Web application called SecureApp.

2. Drag a label control from the toolbox onto the WebForm1.aspx Web form, and then set its ID property to message.

3. Drag a second label onto WebForm1.aspx and set its ID property to certData.

4. Add the following code to the Page_Load event procedure.

5. string username;
6. username = User.Identity.Name;
7. message.Text = "Welcome " + username;
8. HttpClientCertificate cert = Request.ClientCertificate;
9. if (cert.IsPresent)
10. {
11. certData.Text = "Client certificate retrieved";
12. }
13. else
14. {
15. certData.Text = "No client certificate";
16. }
17. On the Build menu, click Build Solution.

18. Start Internet Explorer and navigate to http://localhost/SecureApp/WebForm1.aspx.

The page should be displayed with the messages "Welcome" (no user name is displayed because the user has not been authenticated) and "No client certificate."

19. Close Internet Explorer.

2. Configure the Web Application to Require Client Certificates
This procedure uses Internet Information Services (IIS) to configure your Web application's virtual directory to require certificates.

This procedure assumes that you have a valid certificate installed on your Web server. For more information about installing Web server certificates, see How To: Set Up SSL on a Web Server.

To configure your Web appl