IIS 7 and Above
How to get SChannel (SSPI) context from ISAPI Filter or ISAPI Extensi...
Re: How to get SChannel (SSPI) context from ISAPI Filter or ISAPI Ext...
May 30, 2019 12:48 PM|irium|LINK
We need to get "tls-unique" (https://tools.ietf.org/html/rfc5929) value from SSL connection. It's really accessible via QueryContextAttributes SSPI function:
with SECPKG_ATTR_UNIQUE_BINDINGS attribute defined in "sspi.h". We proved it by creating standalone SSL server app.
The problem is getting PCtxtHandle (SChannel security context handle) from ISAPI Filter of Extension. It WAS supported, but at some time IIS stopped to provide access to it.
I don't expect any security concerns, because we at the server side - server endpoint of SSL connection and it should have access to all needed info. As it is now for certificates, cipher used etc.