Fatal编程技术网
  • javascript/
  • Javascript 在服务器端使用CAPICOM

Javascript 在服务器端使用CAPICOM

javascript asp.net vbscript asp-classic

Javascript 在服务器端使用CAPICOM,javascript,asp.net,vbscript,asp-classic,Javascript,Asp.net,Vbscript,Asp Classic,我在.net中有一个用于在客户端登录和在服务器端验证的代码 我必须在asp classic中转换我的代码 在客户端的.net代码中,我使用javascript与capicom进行签名 我的代码: <script type="text/javascript"> // Some needed constants CAPICOM_CURRENT_USER_STORE = 2; CAPICOM_STORE_OPEN_READ_ONLY = 0; CAPICOM_AUTHENTICATED_A

我在.net中有一个用于在客户端登录和在服务器端验证的代码

我必须在asp classic中转换我的代码

在客户端的.net代码中,我使用javascript与capicom进行签名

我的代码:

<script type="text/javascript">
// Some needed constants
CAPICOM_CURRENT_USER_STORE = 2;
CAPICOM_STORE_OPEN_READ_ONLY = 0;
CAPICOM_AUTHENTICATED_ATTRIBUTE_SIGNING_TIME = 0;
CAPICOM_ENCODE_BASE64 = 0;
function Authenticate() {
try {
var challenge = document.getElementById("<%=hid_Challenge.ClientID %>");
var response = document.getElementById("<%=hid_Response.ClientID %>");

// Open windows certificate store
var store = new ActiveXObject("CAPICOM.Store");
store.Open(CAPICOM_CURRENT_USER_STORE, "My", CAPICOM_STORE_OPEN_READ_ONLY);

// Show personal certificates which are installed for this user
var certificates = store.Certificates.Select("KeyA3 Sample PKI Authentication", "Please select a certificate to authenticate.");

// Proceed if any certificate is selected
if (certificates.Count > 0) {
var signer = new ActiveXObject("CAPICOM.Signer");
signer.Certificate = certificates.Item(1);

var timeAttrib = new ActiveXObject("CAPICOM.Attribute");
timeAttrib.Name = CAPICOM_AUTHENTICATED_ATTRIBUTE_SIGNING_TIME;
var date = new Date('<%=DateTime.Now.ToString("F", new System.Globalization.CultureInfo("en-US")) %>');
timeAttrib.Value = date.getVarDate();
signer.AuthenticatedAttributes.Add(timeAttrib);

var signedData = new ActiveXObject("CAPICOM.SignedData");
signedData.Content = challenge.value;
response.value = signedData.Sign(signer, true, CAPICOM_ENCODE_BASE64);

return true;
}
return false;
}
catch (e) {
alert(e.description);
return false;
}
}
</script>


//一些必要的常数
CAPICOM\u当前用户\u商店=2;
CAPICOM\u STORE\u OPEN\u READ\u ONLY=0;
CAPICOM\u认证\u属性\u签名\u时间=0;
CAPICOM_ENCODE_BASE64=0;
函数身份验证(){
试一试{
var challenge=document.getElementById(“”);
var response=document.getElementById(“”);
//打开windows证书存储
var store=新的ActiveXObject(“CAPICOM.store”);
打开(CAPICOM\u当前用户\u存储,“我的”,CAPICOM\u存储\u打开\u只读);
//显示为此用户安装的个人证书
var certificates=store.certificates.Select(“KeyA3示例PKI身份验证”,“请选择要进行身份验证的证书”);
//如果选择了任何证书,则继续
如果(certificates.Count>0){
var signer=新的ActiveXObject(“CAPICOM.signer”);
签名者。证书=证书。第(1)项;
var timeAttrib=新的ActiveXObject(“CAPICOM.Attribute”);
timeAttrib.Name=CAPICOM\u AUTHENTICATED\u ATTRIBUTE\u SIGNING\u TIME;
var日期=新日期(“”);
timeAttrib.Value=date.getVarDate();
signer.AuthenticatedAttributes.Add(timeAttrib);
var signedData=新的ActiveXObject(“CAPICOM.signedData”);
signedData.Content=challenge.value;
response.value=signedData.Sign(signer,true,CAPICOM\u ENCODE\u BASE64);
返回true;
}
返回false;
}
捕获(e){
警报(如描述);
返回false;
}
}

我检查此代码中的签名数据:

Byte[] signedData;
ContentInfo content;
SignedCms signed;

if (hid_Response.Value == null)
throw new ArgumentNullException("Response");

signedData = Encoding.Unicode.GetBytes(Session["Challenge"].ToString());
content = new ContentInfo(signedData);

signed = new SignedCms(content, true);
signed.Decode(Convert.FromBase64String(hid_Response.Value));

// Set the parameter to 'true' if you want the certificate not be checked. 
signed.CheckSignature(true);

// Do further authentication and user mapping here.
// For example you could check some certificate parameters against your database.
// Here we only show the certificate information. Nothing checked here.
lbl_Message1.Text = "Authenticated successfully.";
lbl_Message1.Visible = true;

Dictionary<String, String> certProps = new Dictionary<String, String>();
certProps.Add("Subject", signed.Certificates[0].Subject);
certProps.Add("Issuer", signed.Certificates[0].Issuer);
certProps.Add("Valid From", signed.Certificates[0].NotBefore.ToString());
certProps.Add("Valid To", signed.Certificates[0].NotAfter.ToString());
certProps.Add("Friendly Name", signed.Certificates[0].FriendlyName);
certProps.Add("Version", signed.Certificates[0].Version.ToString());
certProps.Add("Serial Number", signed.Certificates[0].SerialNumber);
certProps.Add("Thumbprint", signed.Certificates[0].Thumbprint);
gvCertificate.DataSource = certProps;
gvCertificate.DataBind();
gvCertificate.Visible = true;

Byte[]签名数据;
内容信息内容;
签名CMS已签名;
if(hid_Response.Value==null)
抛出新的异常(“响应”);
signedData=Encoding.Unicode.GetBytes(会话[“Challenge”].ToString());
内容=新的内容信息(signedData);
signed=新SignedCms(内容,true);
signed.Decode(Convert.FromBase64String(hid_Response.Value));
//如果不希望检查证书,请将参数设置为“true”。
签名。核对签名(正确);
//在此处执行进一步的身份验证和用户映射。
//例如,您可以根据数据库检查一些证书参数。
//这里我们只显示证书信息。这里没有检查。
lbl_Message1.Text=“已成功验证。”;
lbl_Message1.Visible=true;
Dictionary certProps=新字典();
certProps.Add(“主题”,已签名。证书[0]。主题);
certProps.Add(“颁发者”,已签名。证书[0]。颁发者);
certProps.Add(“生效日期”,已签名的.Certificates[0].NotBefore.ToString());
添加(“有效到”,已签名的.Certificates[0].NotAfter.ToString());
certProps.Add(“友好名称”,已签名。证书[0]。FriendlyName);
certProps.Add(“Version”,已签名的.Certificates[0].Version.ToString());
certProps.Add(“序列号”,已签名。证书[0]。序列号);
certProps.Add(“指纹”,已签名。证书[0]。指纹);
gvCertificate.DataSource=certProps;
gvCertificate.DataBind();
gvCertificate.Visible=true;
但我必须在asp classic中运行此代码

我成功地用javascript在客户端对数据进行了签名

我想用VBSCRIPT或JAVASCRIPT验证服务器端的数据

有办法吗

谢谢,我找到了答案

这会有帮助的

Dim verification
Set verification = Server.CreateObject("CAPICOM.SignedData")
verification.Verify signed_Data, false, 0
For Each Certificate In verification.Certificates
    subject = Certificate.SubjectName
Next
If Err.Number <> 0 Then
    result =  Err.Description &  Hex(Err.Number)
Else
    result = "Signature is OK"
End If

Dim验证
设置验证=Server.CreateObject(“CAPICOM.SignedData”)
验证。验证签名的\u数据,false,0
用于验证中的每个证书。证书
subject=Certificate.SubjectName
下一个
如果错误号为0,则
结果=错误描述和十六进制(错误编号)
其他的
结果=“签名正常”
如果结束
这使您的上一个问题更有意义,我不确定dictionary对象的数据来自何处。新ActiveXObject()的服务器端等价物是server.CreateObject()。这适用于vbs和服务器端js。我以前从未使用过CAPICOM,看起来它可能不会安装在IIS的较新版本上,但我建议您使用google“Server.CreateObject”(“CAPICOM.Store”)”。