kuujinbo/StackOverflow.iTextSharp.MVC.PdfSigner
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Folders and files
| Name | Name | Last commit message | Last commit date | |
|---|---|---|---|---|
Repository files navigation
Web context client-side digital signing.
Implementation specific, and *REQUIRES** the following:
-- Internet Explorer web browser (tested IE >= version 10)
-- CAPICOM is installed on client machines. CAPICOM support was
officially abandoned with the release of Windows 7, but
is still available in many standard corporate desktop builds.
Background reference here:
http://stackoverflow.com/questions/28949243
===========================================================================
To enable client certificates in IIS Express for Visual Studio 2012/2013 open:
%USERPROFILE%\Documents\IISExpress\config\applicationhost.config
Visual Studio 2015 made breaking changes to the project config file, now in the project subdirectory:
./.vs/config/applicationhost.config
Comment-out default settings and make following changes:
1. add binding protocol for site ID:
<binding protocol="https" bindingInformation="*:44301:localhost" />
2. edit iisClientCertificateMappingAuthentication node:
<iisClientCertificateMappingAuthentication enabled="true">
<!--<iisClientCertificateMappingAuthentication enabled="false">-->
3. edit sslFlags node:
<access sslFlags="SslNegotiateCert" />
<!--<access sslFlags="None" />-->
More info:
* http://www.jasonrshaver.com/post/wp7%20client%20certificates%20part%202%20%28client%20certs%20on%20the%20browser%29
* http://www.hanselman.com/blog/WorkingWithSSLAtDevelopmentTimeIsEasierWithIISExpress.aspx
* http://forums.iis.net/t/1210695.aspx?Visual+Studio+2012+Update+4+broke+IIS+Express+ability+to+require+client+certs+for+SSL
===========================================================================
Make a localhost SSL certificate to get rid of 'untrusted site' warning.
Path to 'makecert.exe' may be different on your system.
1. Open command prompt as __administrator__ and run following commands:
a. "C:\Program Files (x86)\Windows Kits\8.1\bin\x64\makecert" -n "CN=localhost" -r -sv localhostCA.pvk localhostCA.cer
b. "C:\Program Files (x86)\Windows Kits\8.1\bin\x64\makecert" -pe -ss My -sr CurrentUser -a sha1 -sky exchange -n CN=localhost -sk SignedByLocalHostCA -ic localhostCA.cer -iv localhostCA.pvk
2. Run command:start LocalhostCA.cer
a. Click 'Install Certificate'
b. Select 'Place all certificates in the following store', then 'Browse…'
c. Select 'Show physical stores' checkbox.
d. Select 'Trusted Root Certification Authorities => 'Local Computer'.
===========================================================================
if applicationhost.config gets hosed, with administrator account:
-- HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL
-- New => DWORD Value
-- Registry key name => 'SendTrustedIssuerList'
-- Value => 0
e.g. side-by-side vs2012/2013 install; uninstalled 2012, which broke
client certificate prompt.About
Web context client-side PDF digital signatures using a CAC
Resources
Stars
Watchers
Forks
Releases
No releases published
Packages 0
No packages published