Overview
Features
Download
Documentation
Community
Add-Ons & Services

Authorization based on client's certificate

Please post support and help requests here.

Authorization based on client's certificate

Postby ddomingos » 11 Jun 2013, 16:24

Is there a way in POCO, to restrict the access based on which CA signed the client's certificate? In other words, I only want to grant access to those users that have certificates signed by the same CA I specified in the server SSL setup. I appreciate any help. Thanks.
ddomingos
 
Posts: 3
Joined: 11 Jun 2013, 16:16

Re: Authorization based on client's certificate

Postby guenter » 12 Jun 2013, 07:43

You can obtain the client's certificate and then use the Poco::Crypto::X509Certificate::issuedBy() method to validate the certificate.
To obtain the certificate in a HTTPRequestHandler:

Code: Select all
SecureStreamSocket socket = static_cast<HTTPServerRequestImpl&>(request).socket();
if (socket.havePeerCertificate())
{
   X509Certificate cert = socket.peerCertificate();
   app.logger().information("Client certificate: " + cert.subjectName());
}
else
{
   app.logger().information("No client certificate available.");
}
guenter
 
Posts: 1107
Joined: 11 Jul 2006, 16:27
Location: Austria

Re: Authorization based on client's certificate

Postby ddomingos » 01 Jul 2013, 19:18

It worked. Thanks a lot!
ddomingos
 
Posts: 3
Joined: 11 Jun 2013, 16:16


Return to Support

Who is online

Users browsing this forum: No registered users and 2 guests

cron