Following up my own message here. I can't find a way using ASP.NET
and IIS to prevent IE from caching a client certificate in SSL State
cache for the lifetime of the browser session. There are two options
it seems:
1. Get a user to restart IE (tough to depend on)
2. The IE SSL State cache can be cleared with JavaScript:
<script type="text/javascript">
document.execCommand("ClearAuthenticationCache");
</script>
This works on IE 6 and is IE only I believe.
Cheers,
Simon
On Jan 14, 6:05 pm, Simon Allen <[email protected]> wrote:
> Hi,
>
> I'm having trouble getting an ASP.Net page to reauthorize or re-
> validate a client certificate using IE 6. The client certificate used
> is cached it seems in the SSL state cache on the client user's PC.
>
> Does anyone know of a way to enforce a re-validation from the server
> side? Are there any HTTP headers that I can set to prevent a client
> certificate from being cached or to force IE to abort it's current
> cached SSL state and reauthorize? Are there other techniques to
> reauthorize a user afresh?
>
> I'm enforcing SSL and the use of client certificates in IIS on a
> specific ASPX page.
>
> Thanks for any assistance.
>
> Simon
