{"id":693,"date":"2006-10-28T16:31:00","date_gmt":"2006-10-29T01:31:00","guid":{"rendered":"http:\/\/www.cloudidentity.com\/blog\/2006\/10\/28\/generating-a-managed-card-backed-by-a-smartcard\/"},"modified":"2006-10-28T16:31:00","modified_gmt":"2006-10-29T01:31:00","slug":"generating-a-managed-card-backed-by-a-smartcard","status":"publish","type":"post","link":"https:\/\/www.cloudidentity.com\/blog\/2006\/10\/28\/generating-a-managed-card-backed-by-a-smartcard\/","title":{"rendered":"Generating a managed card backed by a smartcard"},"content":{"rendered":"<p><P>I&#8217;ve recently been asked for a CardSpace example which demonstrates the use of a smartcard.<\/P><br \/>\n<P>Well, our usual <A href=\"http:\/\/blogs.msdn.com\/garretts\/\">Garrett<\/A> already made it! His <A href=\"http:\/\/cardspace.netfx3.com\/files\/folders\/samples_rc_1\/entry6082.aspx\">STS sample<\/A> can happily show off smartcard usage, you have just to produce the right kind of managed card.<\/P><br \/>\n<P>As I described <A href=\"http:\/\/blogs.msdn.com\/vbertocci\/archive\/2006\/08\/02\/686790.aspx\">here<\/A>, a managed card associated with a smartcard will contain a reference to the certificate associated with the private key contained in the smartcard itself. How do you put together such a managed card? That&#8217;s very easy: using any of the examples we made available (The <A href=\"http:\/\/blogs.msdn.com\/vbertocci\/archive\/2006\/09\/22\/766889.aspx\">WPF Managed Card Writer Toy<\/A>, the <A href=\"http:\/\/blogs.msdn.com\/vbertocci\/archive\/2006\/08\/22\/713239.aspx\">custom WF activity<\/A>, the <A href=\"http:\/\/cardspace.netfx3.com\/files\/folders\/samples_rc_1\/entry5996.aspx\">command line writer<\/A>&#8230;) you insert in the [Credentials] section, key &#8220;value&#8221; the thumbprint of the certificate (without spaces). <\/P><br \/>\n<P>Basically you open the certificates MMC, you locate the certificate (typically under local user\/my, if you already sued that smartcard on that computer) and you double click on it: on the Details tab scroll down to the Thumbprint property. It will be of the form &#8220;ab 00 0f &#8230;&#8221;, select it and copy its content in the card editor of choice; get rid of all the inner spaces (&#8220;ab000f&#8230;&#8221;) and paste it in the [Credentials] section, key &#8220;value&#8221; as mentioned above.&nbsp;You may want to add in the &#8220;Hint&#8221; key of the [Credentials] something appropriate, like &#8220;Please&nbsp;insert your smartcard&#8221;.&nbsp;You&#8217;ll have to do something on the STS side for accepting x509 tokens: it&#8217;s all in the sample, you may simply have to put the right URI in the card generator before issuing the card.&nbsp;Once you generated the card, install it in the card store.&nbsp; Fire the sample, and choose the newly created card: when you send it or preview it you&#8217;ll be&nbsp;prompted to insert your smartcard with the language you&#8217;ve entered in the Hint key. Insert the smartcard: you&#8217;ll see that whatever UI is intailed by the corresponding CSP, typically a dialog for collecting the pin, will appear. Do whatever your CSP asks you to do,&nbsp;then CardSpace will show you a progress dialog at the message is secured with the private key in your smartcard and the STS is contacted (note: the&nbsp;cryptographic material&nbsp;DOES NOT travel: <A class=\"\" title=\"WS-Trust\" href=\"http:\/\/channel9.msdn.com\/ShowPost.aspx?PostID=241455\">refer to this for a detailed explanation<\/A>). If the STS is happy with&nbsp;your certificate, you&#8217;re all set: you&#8217;ll get back&nbsp;the token&nbsp;associated to the managed card,&nbsp;and you&#8217;ll be happily able to spend it with the RP who requested it. Handy, isn&#8217;t it \ud83d\ude42&nbsp;<\/P><\/p>\n","protected":false},"excerpt":{"rendered":"<p>I&#8217;ve recently been asked for a CardSpace example which demonstrates the use of a smartcard. Well, our usual Garrett already made it! His STS sample can happily show off smartcard usage, you have just to produce the right kind of managed card. As I described here, a managed card associated with a smartcard&#8230;<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_kad_post_transparent":"","_kad_post_title":"","_kad_post_layout":"","_kad_post_sidebar_id":"","_kad_post_content_style":"","_kad_post_vertical_padding":"","_kad_post_feature":"","_kad_post_feature_position":"","_kad_post_header":false,"_kad_post_footer":false,"footnotes":""},"categories":[61,39,9,86,30,55],"tags":[],"class_list":["post-693","post","type-post","status-publish","format-standard","hentry","category-architecture-ws","category-cardspace","category-identity","category-infocard","category-wcs","category-windows-cardspace"],"_links":{"self":[{"href":"https:\/\/www.cloudidentity.com\/blog\/wp-json\/wp\/v2\/posts\/693","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.cloudidentity.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.cloudidentity.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.cloudidentity.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.cloudidentity.com\/blog\/wp-json\/wp\/v2\/comments?post=693"}],"version-history":[{"count":0,"href":"https:\/\/www.cloudidentity.com\/blog\/wp-json\/wp\/v2\/posts\/693\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.cloudidentity.com\/blog\/wp-json\/wp\/v2\/media?parent=693"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.cloudidentity.com\/blog\/wp-json\/wp\/v2\/categories?post=693"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.cloudidentity.com\/blog\/wp-json\/wp\/v2\/tags?post=693"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}