View Complete Thread
  • Re: How to get SChannel (SSPI) context from ISAPI Filter or ISAPI Extension?

    May 30, 2019 12:48 PM|irium|LINK

    Hi Able,

    We need to get "tls-unique" (https://tools.ietf.org/html/rfc5929) value from SSL connection. It's really accessible via QueryContextAttributes SSPI function: 

    https://docs.microsoft.com/en-us/windows/desktop/api/sspi/nf-sspi-querycontextattributesw

    with SECPKG_ATTR_UNIQUE_BINDINGS attribute defined in "sspi.h". We proved it by creating standalone SSL server app.

    The problem is getting PCtxtHandle (SChannel security context handle) from ISAPI Filter of Extension. It WAS supported, but at some time IIS stopped to provide access to it.

    I don't expect any security concerns, because we at the server side - server endpoint of SSL connection and it should have access to all needed info. As it is now for certificates, cipher used etc.

    Best regards,

    Roman