Net iD Service

parse.aspx

Page updated: 2022-03-31


Download parse.aspx

The result of the code below can be seen live here: Try!


<%@ Page Language="C#" ContentType="text/html" ResponseEncoding="utf-8" %>
<%@ Import Namespace="System.Security.Cryptography.X509Certificates" %>
<%@ Import Namespace="System.Security.Cryptography" %>
<%@ Import Namespace="System" %>
 
<!DOCTYPE HTML>
 
<script runat="server">
    //protected void Page_Load(object sender, EventArgs e)
    //{ }
 
    void LoadCertInfo()
    {
        string para = "<div style='margin: 10px 0 0 0; font-weight: bold'>{0}</div>";
        string subpara = "<div style='margin-left: 15px; font-size: 90%'>{0}</div>";
 
        if (Page.Request.ClientCertificate.IsPresent)
        {
            Response.Write("<br /><div style='width: 600px; margin: 20px auto'>");
            Response.Write("<h3 style='width: 500px; margin: 20px auto'>Parsing of the certificate used for login with mutual TLS</h3>");
            //Response.Write("<div style='text-align: center;'>");
            Response.Write("<hr />");
            try
            {
                X509Certificate2 x509Cert2 = new X509Certificate2(Page.Request.ClientCertificate.Certificate);
 
                // -----------------------------------------------------------------------------------------------------
 
                Response.Write(string.Format(para, "Issued By:"));
                Response.Write(string.Format(subpara, x509Cert2.Issuer));
 
                // -----------------------------------------------------------------------------------------------------
 
                Response.Write(string.Format(para, "Issued To:"));
                Response.Write(string.Format(subpara, x509Cert2.Subject));
 
                // -----------------------------------------------------------------------------------------------------
 
                #region Subject Alternative Name Section
                X509Extension sanExtension = (X509Extension)x509Cert2.Extensions["Subject Alternative Name"];
                if (sanExtension != null)
                {
                    Response.Write(string.Format(para, "Subject Alternative Name:"));
                    Response.Write(string.Format(subpara, sanExtension.Format(true)));
                }
                else
                {
                    Response.Write(string.Format(para, "No Subject Alternative Name Data"));
                }
                #endregion // Subject Alternative Name Section
 
                // -----------------------------------------------------------------------------------------------------
 
                Response.Write(string.Format(para, "Validity:"));
                Response.Write(string.Format(subpara, "From: " + x509Cert2.GetEffectiveDateString()));
                Response.Write(string.Format(subpara, "To: " + x509Cert2.GetExpirationDateString()));
 
                // -----------------------------------------------------------------------------------------------------
 
                Response.Write(string.Format(para, "SerialNumber:"));
                Response.Write(string.Format(subpara, x509Cert2.SerialNumber));
 
                // -----------------------------------------------------------------------------------------------------
 
                Response.Write(string.Format(para, "Thumbprint:"));
                Response.Write(string.Format(subpara, x509Cert2.Thumbprint));
 
                // -----------------------------------------------------------------------------------------------------
 
                Response.Write(string.Format(para, "Certificate hash algoritm:"));
                Response.Write(string.Format(subpara, x509Cert2.SignatureAlgorithm.Value));
 
                // -----------------------------------------------------------------------------------------------------
 
                #region SKI Section
                X509Extension X509SubjectKeyIdentifierExtension = (X509Extension)x509Cert2.Extensions["Subject Key Identifier"];
                if (X509SubjectKeyIdentifierExtension != null)
                {
                    Response.Write(string.Format(para, "Subject Key Identifier:"));
                    Response.Write(string.Format(subpara, X509SubjectKeyIdentifierExtension.Format(true)));
                }
                else
                {
                    Response.Write(string.Format(para, "No Subject Key Identifier found"));
                }
                #endregion // SKI Section
 
                // -----------------------------------------------------------------------------------------------------
 
                #region Key Usage Section
                X509Extension keyUsageExtension = (X509Extension)x509Cert2.Extensions["Key Usage"];
                if (keyUsageExtension != null)
                {
                    Response.Write(string.Format(para, "Key Usage:"));
                    Response.Write(string.Format(subpara, keyUsageExtension.Format(true)));
                }
                else
                {
                    Response.Write(string.Format(para, "No Key Usage found"));
                }
                #endregion // Key Usage Section
 
                // -----------------------------------------------------------------------------------------------------
 
                #region EKU Section - Retrieve EKU info and write out each OID
                X509EnhancedKeyUsageExtension ekuExtension = (X509EnhancedKeyUsageExtension)x509Cert2.Extensions["Enhanced Key Usage"];
                if (ekuExtension != null)
                {
                    Response.Write(string.Format(para, "Enhanced Key Usage (" + ekuExtension.EnhancedKeyUsages.Count.ToString() + " found)"));
 
                    OidCollection ekuOids = ekuExtension.EnhancedKeyUsages;
                    foreach (Oid ekuOid in ekuOids)
                        Response.Write(string.Format(subpara, ekuOid.FriendlyName + " (OID: " + ekuOid.Value + ")"));
                }
                else
                {
                    Response.Write(string.Format(para, "No EKU Section Data"));
                }
                #endregion // EKU Section
 
                // -----------------------------------------------------------------------------------------------------
 
                #region Certificate Policies Section
                X509Extension policyExtension = (X509Extension)x509Cert2.Extensions["Certificate Policies"];
                if (policyExtension != null)
                {
                    Response.Write(string.Format(para, "Certificate Policies:"));
                    Response.Write(string.Format(subpara, policyExtension.Format(true)));
                }
                else
                {
                    Response.Write(string.Format(para, "No Certificate Policies Data"));
                }
                #endregion //Certificate Policies Section
 
                // -----------------------------------------------------------------------------------------------------
 
                #region AKI Section
                X509Extension X509AuthorityKeyIdentifierExtension = (X509Extension)x509Cert2.Extensions["Authority Key Identifier"];
                if (X509AuthorityKeyIdentifierExtension != null)
                {
                    Response.Write(string.Format(para, "Authority Key Identifier:"));
                    Response.Write(string.Format(subpara, X509AuthorityKeyIdentifierExtension.Format(true)));
                }
                else
                {
                    Response.Write(string.Format(para, "No Authority Key Identifier found"));
                }
                #endregion // AKI Section
 
                // -----------------------------------------------------------------------------------------------------
 
                #region CDP Section
                X509Extension X509CRLDistributionPointsExtension = (X509Extension)x509Cert2.Extensions["CRL Distribution Points"];
                if (X509CRLDistributionPointsExtension != null)
                {
                    Response.Write(string.Format(para, "CRL Distribution Points:"));
                    Response.Write(string.Format(subpara, X509CRLDistributionPointsExtension.Format(true)));
                }
                else
                {
                    Response.Write(string.Format(para, "No CRL Distribution Points found"));
                }
                #endregion // CDP Section
 
                // -----------------------------------------------------------------------------------------------------
 
                #region CDP Section
                X509Extension X509AuthorityInformationAccessExtension = (X509Extension)x509Cert2.Extensions["Authority Information Access"];
                if (X509AuthorityInformationAccessExtension != null)
                {
                    Response.Write(string.Format(para, "Authority Information Access:"));
                    Response.Write(string.Format(subpara, X509AuthorityInformationAccessExtension.Format(true)));
                }
                else
                {
                    Response.Write(string.Format(para, "No Authority Information Access extension found"));
                }
                #endregion // CDP Section
 
                // -----------------------------------------------------------------------------------------------------
 
            }
            catch (Exception ex)
            {
                Response.Write(string.Format(para, "An error occured:"));
                Response.Write(string.Format(subpara, ex.Message));
                Response.Write(string.Format(subpara, ex.StackTrace));
            }
            finally
            {
                Response.Write("</div>");
            }
        }
    }
 
    protected void Page_Load(object sender, EventArgs e)
    {
 
    }
</script>
 
 
<html>
	<head>
		<title>Port 8080</title>
		<meta charset="utf-8" />
		<meta name="viewport" content="width=device-width, initial-scale=1, user-scalable=no" />
	    <style type="text/css">
            .auto-style1 {
                text-aligncenter;
            }
            </style>
	</head>
	<body>
        <% LoadCertInfo(); %>
 	</body>
</html>