Hello, I am trying to figure out how to use client certificates to authenticate in IIS under Windows Server 2003.
Specifically, I'm trying to use client certificates to map to Windows user accounts in IIS, but I don't want to require username and password, too. I'm trying to use one-factor authentication mapped to a Windows account with the one factor being the certificate. Upon presentation of the certificate by the client, I want the IIS session to log-in the user to the mapped user account. I only seem to be able to require both a certificate and username/password, not a certificate only. I'm able to require client certificates and present the proper one to the web site. In the "authentication methods" configuration screen, if I deselect "enable anonymous access" and select "integrated Windows authentication," I can log-in by providing both the certificate and the username/password of the mapped account. If I deselect "integrated Windows authentication," I get an HTTP 401.2 error, "You do not have permission to view this directory or page using the credentials that you supplied because your Web browser is sending a WWW-Authenticate header field that the Web server is not configured to accept." Is it possible to log-in a user based only on presentation of the certificate? Any help would be greatly appreciated. Thanks. John Lightfoot --------------------------------------------------------------------------- ---------------------------------------------------------------------------
