Compared with basic authentication (Basic), domain server's digest authentication, integrated Windows authentication or customized Form authentication, client digital certificates are slightly more complex in terms of deployment and management, but they are also more secure. Some are also more flexible in application.
It is very easy to process and identify client digital certificates in ASP and ASP.NET. The code is as follows:
ASP (VBScript) syntax:
Dim subject
subject=Request.ServerVariables("CERT_SUBJECT")
or
subject=Request.ClientCertifate("Subject") '--Applicable to Subject without Chinese certificate
ASP.NET (C#) Syntax:
string subject;
HttpClientCertificate hcc = Request.ClientCertificate;
if(hcc.IsValid) = hcc.Subject;
The obtained subject string is a comma-separated list of subfields. For example, C=CN,O=BOC,CN=moslem, then separate the strings and take the last CN value (may be more than one CN). This value is the user's Common Name, which is the "regular name", usually the user name or ID.
After getting the CN in the digital certificate, you can perform further processing, such as authorizing the user. I think a more effective approach is to enable digital certificates and Form authentication at the same time on the client. Multi-factor authentication can be achieved by comparing the values of the user name entered in the CN and Form to see if they match.
Relatively speaking, ASP.NET provides a dedicated HttpClientCertificate class for handling client digital certificates, so it is more convenient to handle it in the program.