Iis 10 is not allowing user interface (requesting certificate)

Question

1.00/5 (1 vote)

See more:

Using visual studio 2022 and IIS Express to write and modify a lot of code that requests a user to select a certificate. Using IIS Express works perfectly but when I run the site from within IIS manager the website does not prompt for the certificate. I currently have forms and Anonymous authentication enabled. I can turn on "Require SSL" in the SSL settings but this has nothing to do with my code and will not populate the box on the web form that will hold the selected certificate.

Any ideas on getting this to work with the Local IIS?

code that prompts for the certificate:

C#

public static X509Certificate2 GetClientCertificate()
        {
            IntPtr ptr = IntPtr.Zero;
            X509Certificate2 certificate = null;

            var store = new X509Store(StoreName.My, StoreLocation.CurrentUser);
            try
            {
                store.Open(OpenFlags.ReadOnly | OpenFlags.OpenExistingOnly);

                if (store.Certificates != null && store.Certificates.Count > 0)
                {
                    if (store.Certificates.Count == 1)
                    {

                        certificate = store.Certificates[0];

                    }
                    else
                    {

                        var certificates = X509Certificate2UI.SelectFromCollection(store.Certificates, "Digital Certificates", "Select a certificate from the following list:", X509SelectionFlag.SingleSelection, ptr);

                        

                        if (certificates != null && certificates.Count > 0)
                            certificate = certificates[0];


                    }
                }
            }
            finally
            {
                store.Close();
            }

            return certificate;

        }
    }
}

the results of this certificate selection is hashed and stored in a dropdownlistbox until it is stored in a sql database.

What I have tried:

I have made various setting changes within the IIS manager but it does not produce the desired result. not sure if there is something I should change within the IIS Manager "Session State" (mode settings or cookie settings) or some other settings. I have looked in the IIS Logs and see aspxautodetectcookiesupport lines but I dont see any "crumbs" that would point to any specific thing I can test.

Of course if I could capture the certificate request that IIS makes when enabling the "require SSL" setting in IIS then I could use that instead of the code above, but not sure how to capture that certificate request.

Posted 16-Feb-22 8:34am

Michaelred54

Updated 17-Feb-22 5:36am

Dave Kreskowiak

v6

Add a Solution

1 solution

Add a Solution

Add your solution here

Treat my content as plain text, not as HTML

Preview 0

…

Existing Members

Sign in to your account

...or Join us

Download, Vote, Comment, Publish.

Your Email
Password
Forgot your password?

Your Email
This email is in use. Do you need your password?
Optional Password

I have read and agree to the Terms of Service and Privacy Policy
Please subscribe me to the CodeProject newsletters

When answering a question please:

Read the question carefully.
Understand that English isn't everyone's first language so be lenient of bad spelling and grammar.
If a question is poorly phrased then either ask for clarification, ignore it, or edit the question and fix the problem. Insults are not welcome.
Don't tell someone to read the manual. Chances are they have and don't get it. Provide an answer or move on to the next question.

Let's work to help developers, not make them feel stupid.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

Richard Deeming · Answer 1 · 2022-02-17T05:35:00

Your code is running on the server. You are displaying a prompt on the server, where nobody will ever see it, to select a certificate from the server's local certificate store.

It might appear to work when you debug it in IIS Express. But that's only because, in that specific case, the server and client are the same machine.

When you deploy to IIS, in the best case scenario your code will fail with an exception telling you that you cannot display UI from a non-interactive session. In the worst case, the UI will pop up on the server, and your code will hang waiting for an administrator to log in to your server and acknowledge the hundreds of "select a cert" requests you've flooded the system with.

You can configure your site to use client certificate authentication[^]. But you cannot run C# code on the client, and you cannot access the user's certificate store from Javascript.