How to implement smart card authentication with a .NET Fat client?
Posted
by
John Nevermore
on Programmers
See other posts from Programmers
or by John Nevermore
Published on 2012-02-19T19:03:10Z
Indexed on
2012/03/21
23:39 UTC
Read the original article
Hit count: 274
I know very little about smart card authentication in general so please point out or correct me if anything below doesn't make sense.
Lets say i have:
- A Certificate Authority "X"-s smart card (non-exportable private key)
- Drivers for that smart card written in C
- A smart card reader
- CA-s authentication OCSP web service
- A requirement to implement user authentication in a .NET fat client application via a smart card, that was given out by the CA "X".
I tried searching info on the web but no prevail. What would the steps be ? My first thought was:
Set up a web service, that would allow saving of (for example) scores of a ping pong game for each user. Each time someone tries to submit a score via the client application, he can only do so by inserting the smart card into the reader.
Then the public key is read from the smart card by native c calls through .NET and sent to my custom web service, which in return uses the CA-s authentication OCSP web service to prove the validity of the public key/public certificate (?). If the public key is okay and valid, encrypt a random sequence of bytes with the public key and send it to the client application. If the client application sends back the correctly decrypted random sequence of bytes along with the score of the ping pong game, then the score is saved in the database for the given user.
My question is, is this the correct way to do it ? What else should i know about smart card authentication ?
© Programmers or respective owner