Certificate authentication with PKI

View inUWPWPFWinUIView on GitHub

Access secured portals using a certificate.

Image of certificate authentication with PKI

Use case

PKI (Public Key Infrastructure) is a certificate authentication method to secure resources without requiring users to remember passwords. Government agencies commonly issue smart cards using PKI to access computer systems.

How to use the sample

NOTE: You must provide your own ArcGIS Portal with PKI authentication configured.

Provide a URL to a PKI-enabled server, then use the certificate selection UI to select an appropriate certificate for that server.

How it works - Windows WPF

  1. Create the X.509 certificate store, referring to the user's certificates.
  2. Open the certificate store in read-only mode.
  3. Find all certificates that are currently valid.
  4. Display the Windows certificate selection UI to choose from the returned certificates.
  5. Create the ArcGIS Runtime credential with the chosen certificate.
  6. Create the Portal, explicitly passing in the credential that was created.

Relevant API

  • CertificateCredential

Additional information

ArcGIS Enterprise requires special configuration to enable support for PKI. See Using Windows Active Directory and PKI to secure access to your portal and Use LDAP and PKI to secure access to your portal in Portal for ArcGIS.

Tags

authentication, certificate, login, passwordless, PKI, smartcard, store, X509

Sample Code

CertificateAuthenticationWithPKI.xamlCertificateAuthenticationWithPKI.xamlCertificateAuthenticationWithPKI.xaml.cs
Use dark colors for code blocksCopy
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
<UserControl
    x:Class="ArcGIS.UWP.Samples.CertificateAuthenticationWithPKI.CertificateAuthenticationWithPKI"
    xmlns="http://schemas.microsoft.com/winfx/2006/xaml/presentation"
    xmlns:x="http://schemas.microsoft.com/winfx/2006/xaml"
    xmlns:x509certificates="using:System.Security.Cryptography.X509Certificates">
    <UserControl.Resources>
        <DataTemplate x:DataType="x509certificates:X509Certificate2" x:Key="CertificateTemplate">
            <Grid>
                <Grid.ColumnDefinitions>
                    <ColumnDefinition Width="Auto" />
                    <ColumnDefinition Width="*" />
                </Grid.ColumnDefinitions>
                <Grid.RowDefinitions>
                    <RowDefinition Height="Auto" />
                    <RowDefinition Height="Auto" />
                    <RowDefinition Height="Auto" />
                </Grid.RowDefinitions>
                <TextBlock Text="User:"
                           Grid.Row="0" Grid.Column="0"/>
                <TextBlock Text="Issuer:"
                           Grid.Row="1" Grid.Column="0"/>
                <TextBlock Text="Valid until:"
                           Grid.Row="2" Grid.Column="0"/>
                <TextBlock Text="{Binding Subject}"
                           Grid.Row="0" Grid.Column="1"/>
                <TextBlock Text="{Binding Issuer}"
                           Grid.Row="1" Grid.Column="1"/>
                <TextBlock Text="{Binding NotAfter}"
                           Grid.Row="2" Grid.Column="1"/>
            </Grid>
        </DataTemplate>
    </UserControl.Resources>
    <Grid>
        <Grid HorizontalAlignment="Center" VerticalAlignment="Center">
            <Grid.RowDefinitions>
                <RowDefinition Height="Auto" />
                <RowDefinition Height="Auto" />
                <RowDefinition Height="Auto" />
                <RowDefinition Height="Auto" />
            </Grid.RowDefinitions>
            <Grid.ColumnDefinitions>
                <ColumnDefinition Width="Auto" />
                <ColumnDefinition Width="150" />
            </Grid.ColumnDefinitions>
            <TextBlock Text="Enter the URL to a portal that you have a certificate for:"
                       Grid.Row="0" Grid.Column="0" Grid.ColumnSpan="2"/>
            <TextBox x:Name="PortalUrlTextbox"
                     PlaceholderText="https://portal.yourcompany.com/gis/"
                     Grid.Row="1" Grid.Column="0" Grid.ColumnSpan="2" Margin="0,10" MinWidth="300" />
            <Button Content="Choose a certificate"
                    HorizontalAlignment="Stretch"
                    Grid.Row="2" Grid.Column="0" Grid.ColumnSpan="2"
                    Click="Button_Click" />
            <TextBlock Text="User: "
                       Margin="5"
                       Grid.Row="3" Grid.Column="0"/>
            <TextBlock x:Name="LoggedInUsername"
                       Margin="5"
                       Grid.Row="3" Grid.Column="1"
                       Text="Not logged in" />
        </Grid>
    </Grid>
</UserControl>

Your browser is no longer supported. Please upgrade your browser for the best experience. See our browser deprecation post for more details.