Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

HTTPS and ActiveX

7 views
Skip to first unread message

sven

unread,
Sep 12, 2009, 1:03:31 PM9/12/09
to
Hello!

I have a little puzzle with HTTPS and ActiveX. Is there a way to find
out from the ActiveX which certificate was used for authentication?

I have an application that can be used in two set-ups. First set-up is
an .exe version where I let client to pick a certificate and use
InternetSetOption to set INTERNET_OPTION_CLIENT_CERT_CONTEXT before
making connection to web-server. I also save the certificate for
further reference 'cause it's needed for more than just HTTPS
authentication.

Second setup is the same application in ActiveX form. The problem is
that web-server strongly requires authentication (this cannot be
changed) and certificate is selected and client authenticated _before_
my component is executed in the browser's context. Now I really need
to know which of possibly many client certificates from personal store
was used to authenticate this concrete session. InternetGetOption does
not work for INTERNET_OPTION_CLIENT_CERT_CONTEXT.

I might modify server to send the certificate back to ActiveX, but I'm
not satisfied with this solution. Does anyone have a better idea? Am I
missing something of importance here?

0 new messages