>From where were the client certificates obtained? (Internal CA, Verisign, etc.?)
Laura > -----Original Message----- > From: John Lightfoot [mailto:[EMAIL PROTECTED] > Sent: Monday, March 06, 2006 4:16 PM > To: [email protected] > Subject: Re: Certificate authentication under IIS > > Hello, > > I am trying to figure out how to use client certificates to > authenticate in IIS under Windows Server 2003. > > Specifically, I'm trying to use client certificates to map to > Windows user accounts in IIS, but I don't want to require > username and password, too. > I'm trying to use one-factor authentication mapped to a > Windows account with the one factor being the certificate. > Upon presentation of the certificate by the client, I want > the IIS session to log-in the user to the mapped user > account. I only seem to be able to require both a > certificate and username/password, not a certificate only. > > I'm able to require client certificates and present the > proper one to the web site. In the "authentication methods" > configuration screen, if I deselect "enable anonymous access" > and select "integrated Windows authentication," I can log-in > by providing both the certificate and the username/password > of the mapped account. If I deselect "integrated Windows > authentication," I get an HTTP 401.2 error, "You do not have > permission to view this directory or page using the > credentials that you supplied because your Web browser is > sending a WWW-Authenticate header field that the Web server > is not configured to accept." Is it possible to log-in a > user based only on presentation of the certificate? > > Any help would be greatly appreciated. Thanks. > > > > John Lightfoot > > -------------------------------------------------------------- > ------------- > -------------------------------------------------------------- > ------------- > --------------------------------------------------------------------------- ---------------------------------------------------------------------------
