Question asp.net integration
Tylka
I'm trying to integrate the beid-applet in my asp.net application.
(Visual Studio 2008, Vista Business, IE7)
I have followed these steps (as mentionned in the readme):
* Compiled the AppletService.dll with VS2008.
* Created a https website, with a ssl certifcate. And included the dll
in the bin.
* Metionned the tags in the httphandlers
* Add the snippet in session start of global.asax, concerning the
HttpOnly.
* Added following code in the default.aspx
Protected Sub Button1_Click(ByVal sender As Object, ByVal e As
System.EventArgs) Handles Button1.Click
Dim objService As New AppletService
objService.ProcessRequest(HttpContext.Current)
Response.Write("Name: " & Session("Identity.Name"))
End Sub
Without any result... What is my fault?
Kind Regards,
Cornelis Frank
Do you have an ASP.NET page that first loads the eID Applet?
Without the eID Applet ever running, you cannot have the "Identity.Name" session attributes available in your ASP.NET server.
Check out page 5 of the eID Applet Developer's Guide at:
http://eid-applet.googlecode.com/files/eid-applet-dev-guide-1.0.0-beta-4.pdf
Check out the eID Applet Beta Site to see the eID Applet in action:
https://www.e-contract.be/eid-applet-beta/
Kind Regards,
Frank.
________________________________________
Van: Tylka [t...@swylix.be]
Verzonden: donderdag 12 november 2009 15:35
Aan: eID Applet
Onderwerp: [eid-applet] Question asp.net integration
You received this message because you are subscribed to the Google Groups "eID Applet" group.
To post to this group, send email to eid-a...@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/eid-applet?hl=.
Tanguy Ingels
Thx, for quick response.
First time I work with a java-servlet...
So, I copied the WEB-INF and META-INF from the demo to my app.
I added following script, in my first page:
<script type="text/javascript"
src="https://www.java.com/js/deployJava.js"></script>
<script type="text/javascript" id="eidauth" >
var attributes = {
code :'be.fedict.eid.applet.Applet.class',
archive :'eid-applet-package-1.0.0-beta-4.jar',
width :600,
height :300
};
var parameters = {
TargetPage :'authn-result.aspx',
AppletService :'applet-service',
BackgroundColor :'#ffffff',
Language : 'en'
};
var version = '1.5';
deployJava.runApplet(attributes, parameters, version); </script>
=> The I receive a message "Idenitification required. Please select
certificate to be used for authentication". But I have no certificate to
select.
=> so I get an error:
eID Applet - Copyright (C) 2008-2009 FedICT.
Released under GNU LGPL version 3.0 license.
More info: http://code.google.com/p/eid-applet/
checking applet privileges...
security manager permission check for java 1.6...
checking web application trust...
running privileged code...
eID browser applet version: 1.0.0-beta-4 Java version: 1.6.0_16 Java vendor:
Sun Microsystems Inc.
OS: Windows Vista
OS version: 6.0
OS arch: x86
Web application URL: https://localhost/
Current time: Fri Nov 13 11:39:36 CET 2009 sending message: HelloMessage
current protocol state: null protocol state transition: INIT SSL handshake
finish cipher suite: TLS_RSA_WITH_AES_128_CBC_SHA SSL handshake finish
cipher suite: TLS_RSA_WITH_AES_128_CBC_SHA HTTP response code: 405 SSL
session Id mismatch
error: error sending message to service. HTTP status code: 405 error type:
java.io.IOException at be.fedict.eid.applet.Controller.sendMessage:185
at be.fedict.eid.applet.Controller.run:222
at be.fedict.eid.applet.Applet$AppletThread$1.run:483
at java.security.AccessController.doPrivileged:-2
at be.fedict.eid.applet.Applet$AppletThread.run:478
at java.lang.Thread.run:-1
Algemene fout.
Could you correct me please?
(I have tried to include my test app in a zip, but is refused)
Kind Regards,
Tylka
PS: the provided demo on the download section, it works fine on my local
machine.
Frank Cornelis
Your first Java EE web application? Good luck! :)
"HTTP status code: 405"
This means that the eID Applet Service is not available. Make sure that the eID Applet Service servlet is properly configured in your web.xml web deployment descriptor. Also make sure that the required JARs are available under the WEB-INF/lib directory.
You can always browse to the eID Applet Service yourself using your web browser for testing its availability. For example, in your case visiting
https://localhost/applet-service
should give you the following page:
eID Applet Service
The eID Applet Service should not be accessed directly.
Kind Regards,
Frank.
Tanguy Ingels
Hi Frank (Again),
I hope I’m not bothering you too much J... But I’m trying to figuring out where I have to place which files.
So to be clear, the configurations I have done in my ASP.NET application:
· Created a “WEB-INF\Lib” directory, with all the jar files found in the sdk
· Created a “web.xml” with following content:
<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns="http://java.sun.com/xml/ns/j2ee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd"
version="2.4">
<servlet>
<servlet-name>AppletServiceServlet</servlet-name>
<servlet-class>be.fedict.eid.applet.service.AppletServiceServlet</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>AppletServiceServlet</servlet-name>
<url-pattern>/applet-service</url-pattern>
</servlet-mapping>
· </web-app>
· In my web.config added following in the httphandlers
o <add path="/applet-service" verb="*" type="Be.FedICT.EID.Applet.Service.AppletService, AppletService" validate="true" />
· I created also a “applet-service” directory, where I have placed an aspx page, with the script as I mentioned before. Then I get this message:
load: class be.fedict.eid.applet.Applet.class not found.
java.lang.ClassNotFoundException: be.fedict.eid.applet.Applet.class
at sun.plugin2.applet.Applet2ClassLoader.findClass(Unknown Source)
at java.lang.ClassLoader.loadClass(Unknown Source)
at java.lang.ClassLoader.loadClass(Unknown Source)
at sun.plugin2.applet.Plugin2ClassLoader.loadCode(Unknown Source)
at sun.plugin2.applet.Plugin2Manager.createApplet(Unknown Source)
at sun.plugin2.applet.Plugin2Manager$AppletExecutionRunnable.run(Unknown Source)
at java.lang.Thread.run(Unknown Source)
Exception: java.lang.ClassNotFoundException: be.fedict.eid.applet.Applet.class
When I place the jar files in the root directory of the web application, and call the script as mentioned before I get the “Http status code 405”
I’m a mixing up, different things?
Do I have to create also a “WEB-INF\Classes” directory? (which structure, files?)
If you have a test application in ASP.NET, I would be very interested J.
Kind Regards,
Tylka
PS: Thank you for your time!!!
Frank Cornelis
You're indeed mixing up things. First of all the eID Applet JAR (eid-applet-package-xyz.jar) should be available to your web application like any other resource (image, video, ...). So if your eID Applet web page contains something like:
<script src="https://www.java.com/js/deployJava.js"></script> <script> var attributes = { code :'be.fedict.eid.applet.Applet.class', archive :'eid-applet.jar', width :600, height :300 }; var parameters = { TargetPage :'your-result-page.jsp/aspx/php', AppletService :'applet-service', BackgroundColor :'#ffffff', Language : 'en' }; var version = '1.6'; deployJava.runApplet(attributes, parameters, version); </script>
then you should have the eID Applet JAR renamed to eid-applet.jar and have it in the same directory as the web page so that the web browser can load the eID Applet (just like it would load an image, video that your refer to from your web pages).
Second you need to configure the eID Applet Service (this is a server-side component) so that it's available (for the above example) from "https://.../applet-service" as the eID Applet requires the eID Applet Service to communicate the identity data from the web browser back to the web application running at your server.
The exact eID Applet Service configuration depends on the web framework (Java EE, ASP.NET, PHP, Ruby on Rails, ...) that you're using. And here you're mixing up Java EE web application configuration with ASP.NET web application configuration. The WEB-INF\lib and web.xml stuff is Java EE. The web.config and bin\ with the compiled DLL stuff is ASP.NET. Pick one only please. :)
Kind Regards,
Frank.
Tanguy Ingels
Hi Frank,
It WORKS!!! (what did you expected J)
ð The thing is that when you use IIS7, you must also add an handler to <system.webhandler> in the web.config.
So, like said in your manual, very easy integration!!! You have my complements, and keep up the good work!!!
Still, I have one question
· In both cases (identification, authentication), I get the question “Identification required. Please select certificate to be used for authentication”. (Empty window, no certificates to select)
o Is this maybe I’m testing on my local machine? (=> no client and server certificate)
Kind Regards,
Tylka
From:
Frank Cornelis [mailto:in...@frankcornelis.be]
Sent: zondag 15 november 2009 7:09
To: eid-a...@googlegroups.com
Subject: Re: [eid-applet] Question asp.net integration
Hi Tylka,
<add path="/applet-service" verb="*" type="Be.FedICT.EID.Applet.Service.AppletService, AppletService" validate="true" />
Frank Cornelis
You probably need to reconfigure the IIS SSL settings. This can be done via the IIS Manager, then click Sites, Default Web Site, IIS Settings, and make sure that no client certificate is required.
Also don't forget the HttpOnly work-around.
Kind Regards,
Frank.
Tanguy Ingels
Indeed. When I put it to “Ignore” the message disappear. (Accept or required, pop ups the window)
Thx, again for the quick en good support!
From: Frank
Cornelis [mailto:in...@frankcornelis.be]
Sent: zondag 15 november 2009 17:48
To: eid-a...@googlegroups.com
Subject: Re: [eid-applet] Question asp.net integration
Hi Tylka,
You probably need to reconfigure the IIS SSL settings. This can be done via the
IIS Manager, then click Sites, Default Web Site, IIS Settings, and make sure
that no client certificate is required.
Also don't forget the HttpOnly work-around.
Kind Regards,
Frank.
On 11/15/2009 02:23 PM, Tanguy Ingels wrote:
Hi Frank,
It WORKS!!! (what did you expected J)
The thing is that when you use IIS7, you must also add an handler to <system.webhandler> in the web.config.
So, like said in your manual, very easy integration!!! You have my complements, and keep up the good work!!!
Still, I have one question
In both cases (identification, authentication), I get the question “Identification required. Please select certificate to be used for authentication”. (Empty window, no certificates to select)
Is this maybe I’m testing on my local machine? (=> no client and server certificate)
Kevin Devos
I'm trying to integrate the eID applet in a ASP.NET with C# website as
well. I've read through this topic and noticed people referencing to a
readme/manual. I've downloaded all possible files and I can't seem to
find any info on .NET.
Am I overlooking something here or is the manual somewhere available
online ?
I would like to use the applet so people can identify themselves +
have forms on my webpage automatically filled in with the info from
the card (name, address, ...).
Thanks in advance !
Regards,
Kevin
Frank Cornelis
The ASP.NET eID Applet Service component is not (yet) part of the eID
Applet SDK as we favor more secure web frameworks like the ones provided
by the Java EE application stack.
The ASP.NET eID Applet Service component can be found in the subversion
source code repository at:
http://code.google.com/p/eid-applet/source/browse/#svn/trunk/eid-applet-aspx
There you'll also find a README.txt describing the required
configuration to integrate the eID Applet in your ASP.NET web application.
Kind Regards,
Frank.
Tanguy Ingels
The manual I used, is the eid-applet-dev-guide.pdf and the readme.txt saved
at the "eid-applet-aspx" directory when you download the source from svn.
Kind Regards,
Tylka
johanw
I set up an asp environment with an identify.aspx page and identity-
result.aspx page as in the .jsp example
the applet works fine,
the httpHandlers are doing their thing,
the Applet-Service is working and the
Identity-result.aspx is called
but
apparently the SessionId is different in the Applet-Service as in the
identify.aspx page and the identity-result page (last two have the
same SessionId) so there are no variables available in the Session of
the identity-result page....
how to solve?
thanks in advance,
Johan Willems
fcorneli
The IIS web server sets the HttpOnly flag on the session cookie.
Because of this, the Java browser plugin cannot get access to the
session cookie. This makes the eID Applet to start talking to the eID
Applet Service using a new web server session. For a work-around,
check out: http://groups.google.com/group/eid-applet/browse_thread/thread/fa558a5ce1831a2b
Kind Regards,
Frank.
johanw
Thanks for your quick reply.
For security reasons this would be possible only for intranet
applications but not for internet applications.
On the contrary unfortunately it doesn't work when for example cookies
are disabled on the client browser and even worse it doesn't work with
the default settings of IE8... so looking for another solution which
is more independant of the browser settings.
kind regards,
Johan.
Tijl
Maybe you could save the identification info you get from the
httpHandler and store it in an application variable, together with
some info from the client request (IP-address, time of request, ...).
When you get a request from that same IP-address on the result page
then you can remove the identification data from the application
variable and save it to the session.
Kind regards,
Tijl
Frank Cornelis
Such a solution would be like an open invitation for session hijacking.
What you need is a secure channel binding like offered by the
authentication functionality of the eID Applet.
Kind Regards,
Frank.
>
> You received this message because you are subscribed to the Google Groups "eID Applet" group.
> To post to this group, send email to eid-a...@googlegroups.com.
> For more options, visit this group at http://groups.google.com/group/eid-applet?hl=en.
>
>
>
>
Frank Cornelis
Disabling the HttpOnly feature on the session cookie does not
necessarily imply that your web application becomes insecure. The usage
of a mature web framework that inherently protects against XSS attacks
will provide you with a higher level of protection than the HttpOnly
flag of the session cookie can ever offer. Hence the reason why I prefer
Java EE web frameworks like JSF/JBoss Seam. Almost no Java EE web
application has the HttpOnly flag enabled on their session cookies, and
this while it is well known that Java EE web applications are far more
secure than ASP or PHP based web applications.
If cookies are disabled these days, almost every web application will
refuse to work properly as (session) cookies are used to keep track of
the state of the user within the web application session.
I've tested the eID Applet Beta Site under Windows Vista SP2 and IE8, no
problem found.
Kind Regards,
Frank.
>
> You received this message because you are subscribed to the Google Groups "eID Applet" group.
> To post to this group, send email to eid-a...@googlegroups.com.
> For more options, visit this group at http://groups.google.com/group/eid-applet?hl=en.
>
>
>
>
johanw
Another question concerning the eid applet service: this is working
fine except that I don't seem to find the Country field for the
address or is the address always located in Belgium?
thanks in advance,
Johan
Cornelis Frank
This is simply because the eID card has no Country field at all. There is only the nationality as part of the identity file.
Kind Regards,
Frank.
________________________________________
Van: eid-a...@googlegroups.com [eid-a...@googlegroups.com] namens johanw [will...@gmail.com]
Verzonden: vrijdag 11 december 2009 16:43
Aan: eID Applet
Onderwerp: [eid-applet] Re: Question asp.net integration