Home page logo

basics logo Security Basics mailing list archives

User/certificate mapping under IIS
From: "John Lightfoot" <jlightfoot () gmail com>
Date: Sun, 5 Mar 2006 12:51:14 -0600


I am trying to figure out how to map client certificates in IIS under
Windows Server 2003.

Specifically, I'm trying to use client certificates to map to Windows user
accounts in IIS, but I don't want to require username and password, too.
I'm trying to use one-factor authentication mapped to a Windows account with
the one factor being the certificate.  Upon presentation of the certificate
by the client, I want the IIS session to log-in the user to the mapped user
account.  I only seem to be able to require both a certificate and
username/password, not a certificate only.

I'm able to require client certificates and present the proper one to the
web site.  In the "authentication methods" configuration screen, if I
deselect "enable anonymous access" and select "integrated Windows
authentication," I can log-in by providing both the certificate and the
username/password of the mapped account.  If I deselect "integrated Windows
authentication," I get an HTTP 401.2 error, "You do not have permission to
view this directory or page using the credentials that you supplied because
your Web browser is sending a WWW-Authenticate header field that the Web
server is not configured to accept."  Is it possible to log-in a user based
only on presentation of the certificate?

Any help would be greatly appreciated.  Thanks.

John Lightfoot

The Norwich University program offers unparalleled Infosec management 
education and the case study affords you unmatched consulting experience. 
Tailor your education to your own professional goals with degree 
customizations including Emergency Management, Business Continuity Planning, 
Computer Emergency Response Teams, and Digital Investigations. 


  By Date           By Thread  

Current thread:
  • User/certificate mapping under IIS John Lightfoot (Mar 07)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]