I'm developing a new website (ASP.Net, VB codebehind pages, .Net 3.5) to replace a "Classic ASP" site.
Some of the pages are 'public' and the rest require authentication – in this case it's done by reading DoD-issued CAC cards through the keyboard.
Now, for 'production', they configure IIS so that it does the authentication challenge (reading the card and requesting a PIN) when it hits a certain directory (/secure in this case) so that all pages in that tree are secured.
I'm coming ot the point where I need to see some of the information fomr the card – but when I "F5" the website I'm developing, all the Request.Clientcertificate stuff is empty – there's no 'challenge' happening with the Cassini ASP.Net development server.
I see references to "configure IIS to put SSL on the target directory" – but I'm not running IIS on this development PC (nor is the other developer who's going to run into this shortly). The network support people will be doing this when the site is eventually copied into production but I need to test certain security features now.
How can I configure the server that came with VS2008 to read the CAC card and 'load up' the server/session variables that I need to query? Alternatively, is there anything I can put into the .aspx or .aspx.vb pages themselves that can simulate or trigger the security challenge?
Thanks in advance.
Best Answer
Short answer. Cassini doesn't support that kind of security.