Hi there
I have the following request. I have an internet-facing SharePoint web application. Next to the username/password combination, I want the user as well to authenticate with a client certificate. So, I followed this article here in detail: http://www.iis.net/learn/manage/configuring-security/configuring-one-to-one-client-certificate-mappings
No matter what certificate is installed on my local PC, I get anytime access to the website in question. Did anyone have more success? I expect that only in case the user entered the right password olus has the one and only valid certificate installed, he gets access. Currently I can use any certificate.. <:-|
In addition, I need to understand the following: in the parameters for a new entry in the collection editor, I need to enter a user's password?! What is this? Why would I want to enter this? In any enterprise environment, I should not be in possession of any passwords other than mine. What happens if the user changes his password in the AD account? Will the password then changed as well? What is the concept behind?
I have tried as well the configure the clientcertificatemapping using the AD - as well this didn't work out. Has anyone out there a clue or helping hand?
Thank you in advance.
Btw: I am using Windows Server 2012 R2 (IIS 8.5)