O'Reilly logo

Professional Microsoft IIS 8 by Benjamin Perkins, Dennis Glendenning, Scott Forsyth, Jeff Cochran, Kenneth Schaefer

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Configuring Client Certificate Authentication

Client Certificate authentication works by having a client present a user authentication certificate issued by a trusted root Certificate Authority, which is then mapped to a Windows security principal (user account).

Note
The Client Certificate is presented by the client to the server as part of an SSL or TLS handshake. As such, use of Client Certificates for authentication requires enabling SSL/TLS on a website. For more information on SSL/TLS, see Chapter 15.

IIS 8.0 supports three Client Certificate authentication mechanisms:

  • One-to-One Client Mapping—When this is enabled, each individual trusted user certificate is mapped, one by one, to a Windows user account. Some certificates may be mapped to a shared user account, or each certificate may be mapped to an individual user account. When the certificate is presented to IIS 8.0, it logs on the corresponding user.
  • Many-to-One Client Mapping—When this is enabled, multiple trusted user certificates are mapped to a single Windows user account. This is similar to the One-to-One mapping but doesn't provide the fine-grained options of restricting certain users to certain parts of the website. Instead, all certificates that are trusted will be permitted the same access. This option provides less flexibility but reduces administration.
  • Active Directory Mapping—When enabled, certificates are passed to Active Directory. If the certificate has been explicitly assigned by a domain Administrator ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required