I am trying to setup IIS Client Certificate Mapping Authentication and so far I have been unsuccessful.
- I have a valid client authentication certificate
- I disabled all authentication methods in the Authentication feature of IIS for the target website
- Using the configuration editor I setup iisClientCertificateMappingAuthentication as documented in various sources. In this series of screen we map a domain account to a certificate. This is done by exporting the certificate to a text file, removing the first and last line and making sure all is in one line.
The problem is as follows:
When I try browsing to a test page, browser correctly prompts for selection of a certificate. I select the correct certificate. I then get presented with
HTTP Error 401.2 - Unauthorized You are not authorized to view this page due to invalid authentication headers.
If I enable Anonymous Authentication then it works, but the user is not the one in the mapping it is the user running the browser. I know this because the test page contains the following:
response.write (request.servervariables("LOGON_USER")) response.write (request.servervariables("AUTH_USER"))
So the questions are:
- For IIS Client Certificate Mapping Authentication, is this the only authentication feature that needs to be enabled?
- Do we need to use the Authorisation feature to limit the users to the one provided in the mapping?
What I am trying to achieve is that only clients that have the certificate will be able to access the service.
What am I missing?
Cheers
Jose