Checking if an ASP.NET application is protected with a client certificate

  • Article

Recently I had to write a peice of ASP.NET code that would check if the current IIS application is protected by a client certificate. The reason for this check is to do some conditional logic in the application that would bypass certain custom authentication checks if the applicaiton was protected. I had a hard time finding existing code samples on how to do this in C# so I did some research and came up with this simple method. I've posted it here should someone else find some use for it. The key is the way the AccessSSLFlags property is coded with a series of logical bits:

using System.DirectoryServices;

public static class VirtualDirectory

{

    const int AccessSSLMapCert = 128;

    const string AccessSSLFlags = "AccessSSLFlags";

    const string IISPath = "IIS://LOCALHOST/W3SVC/1/ROOT";

    static public bool RequiresSSLClientCert(string AppName)

    {

        DirectoryEntry vdir = new DirectoryEntry(IISPath + "/" + AppName);

        System.DirectoryServices.PropertyCollection Properties = vdir.Properties;

        int sslflags = 0;

        if (Properties[AccessSSLFlags].Value != null)

        {

            sslflags = (int)Properties[AccessSSLFlags].Value;

            if ((sslflags & AccessSSLMapCert) != 0) return true;

        }

        return false;

    }

}