I am trying to digitally sign information with a private key. I know how to do this on in a desktop client application with .Net, but am not sure how to do it in ASP.Net. It would be used on an intranet using IE8. If it is done via ASP.Net, I am guessing that the private key is not sent to the server when the user types in their certificate passowrd when going to the site (https, 2-way SSL), but am not sure. If there is no way to access the client private key on the server, then how can I sign something in the browser? Can I use javascript?
Edit: I guess what would be helpful to know first is if this can be done on the server or does it have to be done on the client?
The private key of the client-cert is NOT transmitted to the server.
IF you really want/need to sign something with client-cert THEN you need a client-side component... AFAIK this is not possible with javascript... there are solutions out there using Flash, Silverlight, Java Applets as part of the ASP.NET page for doing what you ask...
Making it possible to do this purely on the server-side is a sure sign for broken security (regarding the client-cert) IMHO.
For Modern browsers not supporting Flash, Silverlight or Java Applets, Browser Extensions may be used to sign from Browser using JavaScript.
Your Question:
Edit: I guess what would be helpful to know first is if this can be done on the server or does it have to be done on the client?
Answer: The full content to be signed viz. PDF, or Data File or XML remains on the server and only hash of the content would be sent to client's browser to be signed using client's Digital Signature and Signed content would be sent back to server.
Please refer to Below SO answers depending on the content you need to sign:
来源:https://stackoverflow.com/questions/9605565/digitally-sign-using-client-certificate-in-asp-net