Client Certificates
You can also use client certificates to authenticate users. A client certificate is a digital ID that is passed from the client machine to the server. This ID is “signed” with a digital signature that is verified by a third-party certification authority. This third party is someone you trust to check out users prior to issuing a client certificate.
A digital signature is basically a hash of a message (in this case, the certificate) that is encrypted with the sender's private key. IIS can be configured to ignore, accept, or require client certificates. It's important to understand how each setting changes how IIS responds to client certificates:
Ignore certificates. IIS doesn't care if a user sends his certificate with a request; ...
Get ASP.NET Developer's JumpStart now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
