Security Basics mailing list archives
User/certificate mapping under IIS
From: "John Lightfoot" <jlightfoot () gmail com>
Date: Sun, 5 Mar 2006 12:51:14 -0600
Hello, I am trying to figure out how to map client certificates in IIS under Windows Server 2003. Specifically, I'm trying to use client certificates to map to Windows user accounts in IIS, but I don't want to require username and password, too. I'm trying to use one-factor authentication mapped to a Windows account with the one factor being the certificate. Upon presentation of the certificate by the client, I want the IIS session to log-in the user to the mapped user account. I only seem to be able to require both a certificate and username/password, not a certificate only. I'm able to require client certificates and present the proper one to the web site. In the "authentication methods" configuration screen, if I deselect "enable anonymous access" and select "integrated Windows authentication," I can log-in by providing both the certificate and the username/password of the mapped account. If I deselect "integrated Windows authentication," I get an HTTP 401.2 error, "You do not have permission to view this directory or page using the credentials that you supplied because your Web browser is sending a WWW-Authenticate header field that the Web server is not configured to accept." Is it possible to log-in a user based only on presentation of the certificate? Any help would be greatly appreciated. Thanks. John Lightfoot --------------------------------------------------------------------------- EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE The Norwich University program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. Tailor your education to your own professional goals with degree customizations including Emergency Management, Business Continuity Planning, Computer Emergency Response Teams, and Digital Investigations. http://www.msia.norwich.edu/secfocus ---------------------------------------------------------------------------
Current thread:
- User/certificate mapping under IIS John Lightfoot (Mar 06)