Finding Data in Client Certificates

Can I pass additional user data, such as identity information, in a message secured with a client certificate?

This question looks like an earlier one about Windows credentials but has some subtle differences that make it come out with a different answer. The two key differences are:

We're talking about securing messages rather than transport connections. Message security headers provide a means of tunneling additional information about the caller.

We're talking about passing identity information together with a certificate rather than with Windows credentials. Independent of the particular security protocol, the certificate infrastructure is a way to sign and encrypt data streams so that additional client information can be safely included.

With either approach, client information can be included as supporting tokens on the message (typically as either incoming supporting tokens with the message or with the transport token). The supporting tokens sample gives a rundown of supporting tokens for message security.

Next time: Differences in Guid Serialization

Comments

• Anonymous
  January 29, 2008
  I have a system that sometimes uses a fast local object and sometimes needs to communicate over a network.