资源简介
包括capicom的cab包,dll库和在各种环境下的调用demo。
代码片段和文件信息
//*****************************************************************************
//
// THIS CODE AND INFORMATION IS PROVIDED “AS IS“ WITHOUT WARRANTY OF ANY KIND
// EITHER EXPRESSED OR IMPLIED INCLUDING BUT NOT LIMITED TO THE IMPLIED
// WARRANTIES OF MERCHANTABILITY AND/OR FITNESS FOR A PARTICULAR PURPOSE.
//
// isapiCertPolicy by Jim Harkins
//
// This sample code demonstrates how the Capicom Certificate and Chain objects
// can be used to implement a simple ISAPI filter to enforce additional
// restrictions on Client Certificates used for an SSL session.
//
// When using SSL and Client Certificates IIS supports Certificate Trust
// Lists to limit the Root Certificates used to authenticate Client
// Certificates. In some applications it‘s desirable to have finer grained
// control over which Client Certificates are accepted.
//
// This ISAPI filter uses capicom to simplify the implementation of the
// following additional Client Certificate checks:
//
// A set of required Extended Key Usage OIDs are matched in the
// Client Certificate. In this example we check for “Smart Card
// Logon“ but the same technique can be used to require any
// EKU. Following accepted practice for X.509 certs if no EKUs
// are present the certificate is assumed good for all purposes
// and this check is passed.
//
// Issuing Certificate‘s Thumbprint matches an entry in a short list
// of accepted Thumbprints. This is an effective and recommended
// way to limit accepted Client Certificates to a specific set of
// Intermediate issuing authorities.
//
// If no Client Certificate is available this filter allows the connection.
// A certificate should be available when IIS is configured to Require Client
// Certificates. But even secure sites can allow some public content for
// example a start page containing information and instructions. In this case
// there may be no requirement for Client Certificates or even SLL and it‘s
// appropriate to bypass the additional checks this filter implements.
//
// This structure and capicom make it easy to implement additional checks.
//
// Copyright (C) 2002. Microsoft Corporation. All rights reserved.
//
//*****************************************************************************
// ISAPICERTPOLICY.CPP - Implementation file for your Internet Server
// isapiCertPolicy Filter
#include “stdafx.h“
#include “isapiCertPolicy.h“
#include “ErrorTxt.h“
#define ARRAY_SIZE(a) (sizeof(a)/sizeof(*(a)))
const LPWSTR CAPICOM_SMART_CARD_LOGON_OID_W = L“1.3.6.1.4.1.311.20.2.2“;
const LPWSTR CORP_HIGH_ASSUR_OID_W = L“1.3.6.1.4.1.311.42.2.1“;
const LPWSTR MS_INTRA_L2_USER_1_THUMBPRINT =
L“15B1691A542A99D7BC3724ABA68FBA7C01B2DEE1“;
const LPWSTR MS_INTRA_L2_USER_2_THUMBPRINT =
L“FA744DC332740D6BD34A708453B79026BBD92DC4“;
const LPWSTR MS_INTRA_L2_USER_3_THUMBPRINT =
L“528567A45B2D - 上一篇:植被光学遥感模型与植被结构参数化
- 下一篇:DevExpress16.3全套图标
川公网安备 51152502000135号
评论
共有 条评论