Returns information about the certificate used by the client computer during a Web connection with authentication by certificate.
// Checks whether the certificate is found and valid
IF MustBeAuthenticated = True THEN
IF CertificateClientInfo(certificateClientPresent) = False ...
OR CertificateClientInfo(certificateClientValid) = False THEN
// Error
...
RETURN
END
// Check the rights of the user
...
END
// Displays in an edit control
// the serial number of the client certificate used
EDT_SerialNum = CertificateClientInfo(certificateClientSerialNumber)
// Retrieves the country of the client certificate used
EDT_CertificateClientCountry_Subject = CertificateClientInfo(certificateClientSubject, ...
certificateClientCountry)
Syntax
<Result> = CertificateClientInfo(<Information> [, <Sub-information>])
<Result>: Variant
Requested information.
<Information>: Integer constant
Requested informatioin about the client certificate: | |
certificateClientIssuer | Identification of certificate issuer. You have the ability to extract part of the information by using the <Sub-information> parameter. Example of returned string: CERT_ISSUER=C=FR,S=NA,L=MONTPELLIER, O=PCSOFTQUAL,CN=caqual,E=qual@pcsoft1.fr |
certificateClientSerialNumber | Serial number of certificate (hexadecimal string). Example: "00E48E2E3503C8317A" |
certificateClientSubject | Identification of certificate. You have the ability to extract part of the information by using the <Sub-information> parameter. Example of returned string: CERT_SUBJECT=C=FR,S=NA,L=MONTPELLIER, O=PCSOFTQUAL,CN=twr4m.pcsoft.com,E=qual@pcsoft1.fr |
certificateClientPresent | Indicates whether a certificate was transmitted by the client computer (True) or not (False). |
certificateClientValid | Indicates whether a client certificate is validated by the server (True) or not (False). |
<Sub-information>: Optional Integer constant
Allows you to extract a specific information (used with the certificateClientIssuer and certificateClientSubject constants only). The full information is not always available.
The following constants are accepted: | |
certificateClientDistinguishedName (Default value) | Entire list of certificate characteristics. The returned value is a string whose components are separated by a comma. For example SSL_CLIENT_I_DN=,C=FR,ST=NA,L=MONTPELLIER, O=PCSOFTQUAL,CN=caqual,emailAddress=qual@pcsoft1.fr The following constants are used to retrieve a single information. |
certificateClientEmail | Email address. |
certificateClientState | State where the certificate was created. |
certificateClientUserID | User identifier. |
certificateClientLocality | Locality associated with the certificate. |
certificateClientCommonName | Usual name |
certificateClientOrganizationalUnit | Service name |
certificateClientOrganization | Company. |
Remarks
Authentication mode
Two modes are available to authenticate the clients toward the Web server:
- authentication by the Web server. In most cases, this type of authentication is based on the authentication as domain user or server user.
- authentication by certificate. In this case, the following checks are performed:
- Checking the presence of a certificate.
- Checking the validity of the certificate.
- Checking the authorizations of the user.
Versions 20 and laterPre-launched sessions
If your project uses pre-launched sessions, this function must not be used in the "Initializing" event of the project. This function must be used in the event "Initializing the project after connection to the site".
New in version 20Pre-launched sessions
If your project uses pre-launched sessions, this function must not be used in the "Initializing" event of the project. This function must be used in the event "Initializing the project after connection to the site".
Pre-launched sessions
If your project uses pre-launched sessions, this function must not be used in the "Initializing" event of the project. This function must be used in the event "Initializing the project after connection to the site".
Component : wd260page.dll