Smart Card Authentication with ASP.NET

Question

What are the steps required to get smart-cards authentication working in ASP.net?

• Smart-card reader is installed and works properly on the client's machine
• user navigates to Login.aspx page and is prompted to swipe his access card
• how do i authenticate the user

thanks.

Answer 1

The only way that I know to access a hardware device on a client machine through ASP.Net is by writing an ActiveX control. Doing this will render the site useless to anyone not running Internet Explorer. Based on my experience, you can say that IE is your standard, but there will be people attempting to use other browsers. And that's fine as long as you have the support of your App Admin team to say, "Sorry, use IE or don't use it at all".

Answer 2

Assuming you already know how to access the Smart Card reader's API, and you can successfully read and decode that data, your next step is Authenticating that data.

Again, you haven't given me any information here, so I'll assume that you have a database, against which you will need to validate the data you got from the smart card.

If the above returns true then it's simply a case of calling FormsAuthentication.RedirectFromLoginPage, or if you want a more granular control of the Authentication Cookie, then you can create your own FormsAuthenticationTicket