Where is your list of users? You could hash a test value and then store that in your table of user's and then when authenticating hash the value again and use that value to look up a valid user. But that leaves the test value which if compromised might make it easier to spoof a certificate. You could hash something particular to the user, like their name.
Cleve Littlefield -----Original Message----- From: Moderated discussion of advanced .NET topics. [mailto:[EMAIL PROTECTED] On Behalf Of Paul Gale Sent: Tuesday, February 24, 2004 11:46 AM To: [EMAIL PROTECTED] Subject: [ADVANCED-DOTNET] Authenticating a user by their certificate Hi, [I posted this to the DOTNET-CLR list a few days ago and received no replies] Does anyone know how to authenticate a user using just a certificate in a Winform based application? I know that ASP.NET suports certificate based authentication but I believe that IIS is performing the mapping between certs and users ids. What I am trying to do here is see how I can allow a user to logon to my winform app by pointing (as it were) at a cert instead of entering a user id and password. I have my reasons why. I know how to encrypt and sign using a cert just not authenticate. Any suggestions? Paul =================================== This list is hosted by DevelopMentor(r) http://www.develop.com Some .NET courses you may be interested in: NEW! Guerrilla ASP.NET, 17 May 2004, in Los Angeles http://www.develop.com/courses/gaspdotnetls View archives and manage your subscription(s) at http://discuss.develop.com =================================== This list is hosted by DevelopMentor� http://www.develop.com Some .NET courses you may be interested in: NEW! Guerrilla ASP.NET, 17 May 2004, in Los Angeles http://www.develop.com/courses/gaspdotnetls View archives and manage your subscription(s) at http://discuss.develop.com
